How hackers pulled off a billion-dollar international bank robbery

Businesses in 30 countries targeted in “very slick” heist

We all know cyber-security is a big risk to businesses today, yet many of us still don’t understand exactly where the vulnerabilities in our business systems lie, nor how to fully protect against them.

Which is little surprise, since hacking groups are often ahead of authorities in the techniques they use and the tricks they pull.

All the same, it’s pretty staggering to learn that one hacking group is believed to have stolen up to $1bn from banks and other financial services organisations since 2013.

The info comes from Russian tech security firm Kaspersky, which worked with Interpol and Europol to investigate the criminal group.

The hackers stole up to $10m at a time from each company as they targeted businesses in 30 countries.

How the heist happened

The group infected computer systems with Carbanak malware.

This allowed them to see what employees were doing on their screens and therefore mimic employees’ activity to make transfers in ways that looked normal.

The hackers could also get ATMs to dispense cash at specific times of day, with people on the ground then picking it up.

Kaspersky said in its report that the manner of the thefts was relatively new, as money was stolen “directly from banks and avoid targeting end users”.

Also, it seemed that the software being used by financial services companies made no difference to the criminals’ ability to break into the system.

“These bank heists were surprising because it made no difference to the criminals what software the banks were using,” said Sergey Golovanov, principal security researcher at Kaspersky Lab’s global research and analysis team.

“It was a very slick and professional cyber-robbery.”