A Massive Cyberattack Could Soon Be Aimed At Your Online Bank Account

Banks around the world are getting ready to face a massive cyber assault. But now that it’s been discovered, it might not happen as expected.

Don Reisingerarchive page

December 18, 2012

Cyber security is something that many consumers view more as a theoretical concept than an issue worth worrying about. After all, the majority of consumers have never been hacked or watched their bank accounts siphoned of cash. For many folks, security issues are read about, never experienced.

But that might soon change. A so-called “cyber gang” of Botmasters was discovered in October to be working on a scheme that would allow them to target customer accounts at 30 banks, including Chase, Citibank, and even PayPal, and steal money from unsuspecting victims.

According to security researchers, the scheme involves cloning compromised computers to make a bank’s login system believe that the person signing on to the online banking is doing so from their home computer. The technique allows the hackers to subvert security questions that are designed to stop theft, and allow them only to focus on obtaining passwords.

Once logged into the victim’s account, the hackers would transfer small amounts of cash to their own accounts. The idea is to attack thousands of accounts, but only withdraw a little amount to reduce chances of being caught.

To make matters worse, security researchers at McAfee reported (PDF) last week that they now believe the hackers have successfully attempted their technique on at least 300 to 500 bank accounts. They plan to launch “Project Blitzkrieg” against the banks and thousands of accounts in the Spring.

That is, unless something has changed.

Soon after RSA announced its findings, security writer Brian Krebs posted to his blog that a Russian hacker who goes by the nickname “vorVzakone” is behind the attack. That hacker wrote in September on a forum posting that the initial goal of Project Blitzkrieg was to “process large amount of the given material before anti-fraud measures are increased” at U.S.-based banks.

The RSA’s findings and subsequent research performed by security experts pushed the hacker further underground, calling into question whether the attack will happen at all.

“I can’t find him anywhere,” Krebs said of “vorVzakone” in an interview with CNNMoney published last week. “Either bringing this to light scuttled any plans to go forward, or it’s still moving ahead cautiously under a much more protective cover.”

McAfee researchers also can’t determine whether the attack will happen. However, the researchers are saying for now that they believe that it will “be moving forward as planned.”

Although the scale of Project Blitzkrieg is unprecedented, attacks on banks that lead to millions in cash stolen is by no means unique. In fact, a Trojan known as “Gozi Prinimalka” – a variant of which could be used in Project Blitzkrieg – has been used by a so-called “crime gang” steal at least $5 million in funds from bank accounts, Krebs says.

It’s believed that the hackers will only target U.S. banks. According to Krebs, that’s because European banks require two-factor authentication when verifying a bank transfer. The majority of U.S. banks allow transfers with a single-factor authentication.