A group of about 20 Russian hackers has fleeced over $1 billion from global bank accounts in the past three years, according to a new report. The international software security group Kaspersky Lab believes of that figure, $706 million has been stolen from individuals and businesses from the US and across Europe since 2012.
$300 million has also been stolen from Russian bank accounts.
“There’s so much sophistication now, they are so organized,” Mike Sentonas from Intel Security told news.com.au. “It’s a business, it’s not just a few people, it’s a process.”
“We’ve been tracking a lot of these groups for years now and they have such strong architecture it’s hard to shut it down.”
Russia has emerged as a global epicentre for criminal hackers. Nearby countries such as Ukraine and some of the Baltic States also house hacking organisations that are increasingly run like corporate enterprises. “It’s all linked to where traditional crime has taken place with groups in Eastern Ukraine and Bulgaria,” Professor Mathew Warren from Deakin University told news.com.au. “But their activities are taking place all over the world.” Mr Sentonas agrees that the movement of organized crime into the cyber realm has contributed to the shift towards a more sophisticated model, but he also views it as the natural evolution of a criminal industry the authorities are struggling to combat.
WATER COOLERS AND CUBICLES
The Russian group of 20 hackers believed to be responsible for the systematic bleeding of global bank accounts is the latest to be identified by authorities and is simply one in a growing number of cyber crime syndicates emanating from that part of the world.
For young Russian speaking men, it’s a rapidly growing industry. According to the head of Kaspersky Lab’s investigative unit, Ruslan Stoyanov, the Russian underground has recruited more than a thousand members since 2012. And they’re all going into cyber crime.
“These are incredibly well educated people,” often facing unemployment in their home country, said Mr Sentonas. “For them it’s a way to make a bit of extra money.”
The “industry” has not only seen an explosion in numbers, but also in its level of organisation. Much of the public imagination that exists around hackers is of rogue, faceless individuals sitting alone in a basement. But most modern operations are more likely to resemble a bureaucratic business with a very structured workplace.
“It’s like a call centre type of atmosphere,” said Joseph Menn. Speaking to RadioLab, the American cyber security journalist painted a picture of water coolers and cubicles for many Russian cyber crime organizations.
“By in large, they do not live a lavish lifestyle,” he said of the young workers who typically carry out the heavy workload of the attacks. As with any corporate structure, it’s the CEO that reaps the benefits. “There are guys at the top of these criminal organizations who are very flashy,” he said. “They’re like pop icons, some of them, in the same way that rap star are in the US.”
As a report by Kaspersky put it; “to a certain extent, the structure reflects that of an ordinary, average-sized company engaged in software development.”
Russian hacking groups have gone mainstream.
A GAME OF CAT AND MOUSE
Authorities are facing an uphill battle in their attempts to track and prosecute organisation involved in this kind of activity. “The chances of getting caught are so small,” Professor Warren told news.com.au. “And it’s very hard to extradite people for cyber crime.”
“And even if you do, the penalties are weak,” Mr Sentonas said. The group of 20 hackers are thought to have targeted the internal computing systems of the world’s banks. A similar strategy was used by a group of Russian hackers known as Carbanak who were “unmasked” by Kaspersky Lab earlier in the year.
The group would first infect a computer at a bank with malware that gave the hackers remote access to the computer. They would then watch and record everything as the employees go about their daily job. Once they learned how the bank’s computing system worked, they knew how to mimic the staff in order to transfer the money out.
For instance, in some cases the hackers would take control of an individual’s bank account that contained $2,000 and then change it so it had $20,000 in the account. Then they would transfer $18,000 to their own accounts and the customer would not notice anything missing.
In other cases, money was simply stolen and transferred into bank accounts in China.
The Carbanak group also seized control of the ATMs and programmed them to dispense money at a particular time while a member of the organisation waited on standby.
As a rule, such crimes are preceded by many months of preparation.
The difficulty in policing and thwarting such operations is massive. “We’ve been tracking some of the groups for years,” said Mr Sentonas. Often the sophistication of their architecture is at such a level that it allows them to disperse their activity across global networks and continue to operate when certain servers get shut down.
“It’s a cat-and-mouse game,” he said. And one where police and security companies are often forced to play catch up. “There’s a lot of conversations now saying it’s a huge problem, but I think it has been so for a while,” Mr Sentonas said.
However he is optimistic about the state of the cyber security industry and said an increased focus on collaboration in recent times has yielded positive results.
“We’re learning how to work together.”
By its very nature, the extent of the threat and the scale of activity conducted by these cyber crime companies remains unknown. Some individuals who are victims of malware and ransomware attacks don’t go to the police, some companies don’t want to divulge the fact they’ve been hacked, and some cases simply go undetected for a long time.
“In my opinion it is well underestimated,” Mr Sentonas. “It’s not like they’re not reporting their earnings.
Find the Original Article By Nick Whigham Here