Cybercrime ring steals $ 1 b from banks

Monday, 16 February 2015 00:00 - - {{hitsCtrl.values.hits}}

A multinational gang of cyber criminals has stolen as much as $ 1 billion from as many as 100 financial institutions around the world in about two years, Russian computer security company Kaspersky Lab said on Saturday. The company said it was working with Interpol, Europol and authorities from different countries to try to uncover more details on what is being called an unprecedented robbery. The gang, which Kaspersky dubbed Carbanak, takes the unusual approach of stealing directly from banks, rather than posing as customers to withdraw money from companies’ or individuals’ accounts. It said the gang included cyber criminals from Europe, including Russia and Ukraine, as well as China. Carbanak used carefully crafted emails to trick pre-selected employees into opening malicious software files, a common technique known as spear phishing. They were then able to get into the internal network and track down administrators’ computers for video surveillance. In this way, Kaspersky said, the criminals learned how the bank clerks worked and could mimic their activity when transferring the money. In some cases, Carbanak inflated account balances before pocketing the extra funds through a fraudulent transaction. Because the legitimate funds were still there, the account holder would not suspect a problem. Kaspersky said Carbanak also remotely seized control of ATMs and ordered them to dispense cash at a predetermined time, when a gang member would be waiting to collect the money. “These attacks again underline the fact that criminals will exploit any vulnerability in any system,” Sanjay Virmani, director of Interpol Digital Crime Centre, said in a statement prepared by Kaspersky. “It also highlights the fact that no sector can consider itself immune to attack and must constantly address their security procedures.” – Reuters

Obama urges execs to cooperate more against cyberattacks

U.S. President Barack Obama waves upon his arrival in San Francisco –REUTERS Reuters: President Barack Obama asked US executives on Friday for closer cooperation in defending against hackers after high-profile attacks on companies like Sony that exposed weaknesses in America’s cyber defences. Speaking at Stanford University, Obama told Silicon Valley and financial services CEOs that they needed to share more information more quickly both with each other and with his administration. “Government cannot do this alone. But the fact is that the private sector can’t do it alone either because it’s government that often has the latest information on new threats,” he told a gathering of CEOs. Obama has moved cybersecurity toward the top of his 2015 agenda after the recent breaches but senior figures from the tech world who are at odds with the administration over government surveillance stayed away from his speech. The Sony attack was particularly worrying for US officials, who blamed North Korea for stealing data, debilitating computers and pressuring the studio to halt the release of “The Interview,” a satirical film about leader Kim Jong-un. “There’s only one way to defend America from these cyber threats and that is through government and industry working together, sharing appropriate information as true partners,” Obama said. He met privately with a small group of business leaders in Silicon Valley to try to mend fences with tech companies still smarting over damage to their businesses when government surveillance practices were exposed by former National Security Agency contractor Edward Snowden. Upset about the lack of reforms to surveillance programs, the CEOs of Google Inc, Facebook Inc and Yahoo Inc stayed away from Friday’s conference. Apple Inc Chief Executive Tim Cook gave an address and CEOs from PayPal, Intel Corporation, Visa and other financial services companies attended. Cook warned about unspecified threats to privacy. “We still live in a world where not all people are treated equally. Too many people are not free to practice their religion, or speak their mind, or love who they choose,” Cook said. “If those of us in positions of responsibility fail to do everything in our power to protect the right to privacy, we risk far more than money ... we risk our way of life.” American Express Co CEO Kenneth Chenault said there was ample room for improving cooperation against hacking. Though the card issuer scans constantly for threats, Chenault said only 5% of the cases the company finds are already the subject of warnings from other members in the financial sector’s well-regarded Information Sharing and Analysis Center. Only 1% of the threats has already been flagged by the federal government. “Information-sharing may be the single highest-impact, lowest-cost and fastest way to implement capabilities we have in hand as a nation to accelerate our overall defence,” Chenault said. The White House wants businesses to exchange more information about any attacks as rapidly as possible. While at Stanford, Obama signed an executive order aimed making that happen by promoting hubs where companies can share information with each other and with the Department of Homeland Security. If emails hit employees at one company with a link to a website loaded with code that can give hackers access to the network, that company should feel free to warn its competitors without worrying about antitrust or privacy rules, the White House argues. The administration would like to automate the process as much as possible, so that machines would be informed what malicious websites or email addresses to block within minutes. “The information we want to be moving is the information on things that actually indicate malicious activity. And so that’s malware indicators, that’s indicators of compromise, that’s bad IP addresses,” Michael Daniel, the White House’s cybersecurity coordinator, told reporters. Obama’s executive order is one step in a long effort to make companies as well as privacy and consumer advocates more comfortable with proposed legislation that would offer firms protection from being sued for handing over customer information to the government. Some executives said cybersecurity issues were leading to greater fragmentation of global business, and that the private sector could not overcome that without more serious discussion between governments. “There’s a protectionism developing,” said Bank of America CEO Brian Moynihan. “You’ve got to store the data here, you’ve got to use these providers.”