Hello,

We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

Don Reisinger

A View from Don Reisinger

A Massive Cyberattack Could Soon Be Aimed At Your Online Bank Account

Banks around the world are getting ready to face a massive cyber assault. But now that it’s been discovered, it might not happen as expected.

  • December 18, 2012

Cyber security is something that many consumers view more as a theoretical concept than an issue worth worrying about. After all, the majority of consumers have never been hacked or watched their bank accounts siphoned of cash. For many folks, security issues are read about, never experienced.

But that might soon change. A so-called “cyber gang” of Botmasters was discovered in October to be working on a scheme that would allow them to target customer accounts at 30 banks, including Chase, Citibank, and even PayPal, and steal money from unsuspecting victims.

According to security researchers, the scheme involves cloning compromised computers to make a bank’s login system believe that the person signing on to the online banking is doing so from their home computer. The technique allows the hackers to subvert security questions that are designed to stop theft, and allow them only to focus on obtaining passwords.

Once logged into the victim’s account, the hackers would transfer small amounts of cash to their own accounts. The idea is to attack thousands of accounts, but only withdraw a little amount to reduce chances of being caught.

To make matters worse, security researchers at McAfee reported (PDF) last week that they now believe the hackers have successfully attempted their technique on at least 300 to 500 bank accounts. They plan to launch “Project Blitzkrieg” against the banks and thousands of accounts in the Spring.

That is, unless something has changed.

Soon after RSA announced its findings, security writer Brian Krebs posted to his blog that a Russian hacker who goes by the nickname “vorVzakone” is behind the attack. That hacker wrote in September on a forum posting that the initial goal of Project Blitzkrieg was to “process large amount of the given material before anti-fraud measures are increased” at U.S.-based banks.

The RSA’s findings and subsequent research performed by security experts pushed the hacker further underground, calling into question whether the attack will happen at all.

“I can’t find him anywhere,” Krebs said of “vorVzakone” in an interview with CNNMoney published last week. “Either bringing this to light scuttled any plans to go forward, or it’s still moving ahead cautiously under a much more protective cover.”

McAfee researchers also can’t determine whether the attack will happen. However, the researchers are saying for now that they believe that it will “be moving forward as planned.”

Although the scale of Project Blitzkrieg is unprecedented, attacks on banks that lead to millions in cash stolen is by no means unique. In fact, a Trojan known as “Gozi Prinimalka” – a variant of which could be used in Project Blitzkrieg –  has been used by a so-called “crime gang” steal at least $5 million in funds from bank accounts, Krebs says.

It’s believed that the hackers will only target U.S. banks. According to Krebs, that’s because European banks require two-factor authentication when verifying a bank transfer. The majority of U.S. banks allow transfers with a single-factor authentication.

Meet the Experts in AI, Robotics and the Economy at EmTech Next.

Learn more and register
More from Intelligent Machines

Artificial intelligence and robots are transforming how we work and live.

Want more award-winning journalism? Subscribe to Insider Online Only.
  • Insider Online Only {! insider.prices.online !}*

    {! insider.display.menuOptionsLabel !}

    Unlimited online access including articles and video, plus The Download with the top tech stories delivered daily to your inbox.

    See details+

    Unlimited online access including all articles, multimedia, and more

    The Download newsletter with top tech stories delivered daily to your inbox

/3
You've read of three free articles this month. for unlimited online access. You've read of three free articles this month. for unlimited online access. This is your last free article this month. for unlimited online access. You've read all your free articles this month. for unlimited online access. You've read of three free articles this month. for more, or for unlimited online access. for two more free articles, or for unlimited online access.