Skip to Content

A Massive Cyberattack Could Soon Be Aimed At Your Online Bank Account

Banks around the world are getting ready to face a massive cyber assault. But now that it’s been discovered, it might not happen as expected.
December 18, 2012

Cyber security is something that many consumers view more as a theoretical concept than an issue worth worrying about. After all, the majority of consumers have never been hacked or watched their bank accounts siphoned of cash. For many folks, security issues are read about, never experienced.

But that might soon change. A so-called “cyber gang” of Botmasters was discovered in October to be working on a scheme that would allow them to target customer accounts at 30 banks, including Chase, Citibank, and even PayPal, and steal money from unsuspecting victims.

According to security researchers, the scheme involves cloning compromised computers to make a bank’s login system believe that the person signing on to the online banking is doing so from their home computer. The technique allows the hackers to subvert security questions that are designed to stop theft, and allow them only to focus on obtaining passwords.

Once logged into the victim’s account, the hackers would transfer small amounts of cash to their own accounts. The idea is to attack thousands of accounts, but only withdraw a little amount to reduce chances of being caught.

To make matters worse, security researchers at McAfee reported (PDF) last week that they now believe the hackers have successfully attempted their technique on at least 300 to 500 bank accounts. They plan to launch “Project Blitzkrieg” against the banks and thousands of accounts in the Spring.

That is, unless something has changed.

Soon after RSA announced its findings, security writer Brian Krebs posted to his blog that a Russian hacker who goes by the nickname “vorVzakone” is behind the attack. That hacker wrote in September on a forum posting that the initial goal of Project Blitzkrieg was to “process large amount of the given material before anti-fraud measures are increased” at U.S.-based banks.

The RSA’s findings and subsequent research performed by security experts pushed the hacker further underground, calling into question whether the attack will happen at all.

“I can’t find him anywhere,” Krebs said of “vorVzakone” in an interview with CNNMoney published last week. “Either bringing this to light scuttled any plans to go forward, or it’s still moving ahead cautiously under a much more protective cover.”

McAfee researchers also can’t determine whether the attack will happen. However, the researchers are saying for now that they believe that it will “be moving forward as planned.”

Although the scale of Project Blitzkrieg is unprecedented, attacks on banks that lead to millions in cash stolen is by no means unique. In fact, a Trojan known as “Gozi Prinimalka” – a variant of which could be used in Project Blitzkrieg –  has been used by a so-called “crime gang” steal at least $5 million in funds from bank accounts, Krebs says.

It’s believed that the hackers will only target U.S. banks. According to Krebs, that’s because European banks require two-factor authentication when verifying a bank transfer. The majority of U.S. banks allow transfers with a single-factor authentication.

Keep Reading

Most Popular

Workers disinfect the street outside Shijiazhuang Railway Station
Workers disinfect the street outside Shijiazhuang Railway Station

Why China is still obsessed with disinfecting everything

Most public health bodies dealing with covid have long since moved on from the idea of surface transmission. China’s didn’t—and that helps it control the narrative about the disease’s origins and danger.

individual aging affects covid outcomes concept
individual aging affects covid outcomes concept

Anti-aging drugs are being tested as a way to treat covid

Drugs that rejuvenate our immune systems and make us biologically younger could help protect us from the disease’s worst effects.

Europe's AI Act concept
Europe's AI Act concept

A quick guide to the most important AI law you’ve never heard of

The European Union is planning new legislation aimed at curbing the worst harms associated with artificial intelligence.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.