Don Reisinger

A View from Don Reisinger

A Massive Cyberattack Could Soon Be Aimed At Your Online Bank Account

Banks around the world are getting ready to face a massive cyber assault. But now that it’s been discovered, it might not happen as expected.

  • December 18, 2012

Cyber security is something that many consumers view more as a theoretical concept than an issue worth worrying about. After all, the majority of consumers have never been hacked or watched their bank accounts siphoned of cash. For many folks, security issues are read about, never experienced.

But that might soon change. A so-called “cyber gang” of Botmasters was discovered in October to be working on a scheme that would allow them to target customer accounts at 30 banks, including Chase, Citibank, and even PayPal, and steal money from unsuspecting victims.

According to security researchers, the scheme involves cloning compromised computers to make a bank’s login system believe that the person signing on to the online banking is doing so from their home computer. The technique allows the hackers to subvert security questions that are designed to stop theft, and allow them only to focus on obtaining passwords.

Once logged into the victim’s account, the hackers would transfer small amounts of cash to their own accounts. The idea is to attack thousands of accounts, but only withdraw a little amount to reduce chances of being caught.

To make matters worse, security researchers at McAfee reported (PDF) last week that they now believe the hackers have successfully attempted their technique on at least 300 to 500 bank accounts. They plan to launch “Project Blitzkrieg” against the banks and thousands of accounts in the Spring.

That is, unless something has changed.

Soon after RSA announced its findings, security writer Brian Krebs posted to his blog that a Russian hacker who goes by the nickname “vorVzakone” is behind the attack. That hacker wrote in September on a forum posting that the initial goal of Project Blitzkrieg was to “process large amount of the given material before anti-fraud measures are increased” at U.S.-based banks.

The RSA’s findings and subsequent research performed by security experts pushed the hacker further underground, calling into question whether the attack will happen at all.

“I can’t find him anywhere,” Krebs said of “vorVzakone” in an interview with CNNMoney published last week. “Either bringing this to light scuttled any plans to go forward, or it’s still moving ahead cautiously under a much more protective cover.”

McAfee researchers also can’t determine whether the attack will happen. However, the researchers are saying for now that they believe that it will “be moving forward as planned.”

Although the scale of Project Blitzkrieg is unprecedented, attacks on banks that lead to millions in cash stolen is by no means unique. In fact, a Trojan known as “Gozi Prinimalka” – a variant of which could be used in Project Blitzkrieg –  has been used by a so-called “crime gang” steal at least $5 million in funds from bank accounts, Krebs says.

It’s believed that the hackers will only target U.S. banks. According to Krebs, that’s because European banks require two-factor authentication when verifying a bank transfer. The majority of U.S. banks allow transfers with a single-factor authentication.

Tech Obsessive?
Become an Insider to get the story behind the story — and before anyone else.

Subscribe today

Uh oh–you've read all of your free articles for this month.

Insider Premium
$179.95/yr US PRICE

More from Intelligent Machines

Artificial intelligence and robots are transforming how we work and live.

Want more award-winning journalism? Subscribe and become an Insider.
  • Insider Premium {! insider.prices.premium !}*

    {! insider.display.menuOptionsLabel !}

    Our award winning magazine, unlimited access to our story archive, special discounts to MIT Technology Review Events, and exclusive content.

    See details+

    What's Included

    Bimonthly home delivery and unlimited 24/7 access to MIT Technology Review’s website.

    The Download. Our daily newsletter of what's important in technology and innovation.

    Access to the Magazine archive. Over 24,000 articles going back to 1899 at your fingertips.

    Special Discounts to select partner offerings

    Discount to MIT Technology Review events

    Ad-free web experience

    First Look. Exclusive early access to stories.

    Insider Conversations. Listen in as our editors talk to innovators from around the world.

  • Insider Plus {! insider.prices.plus !}* Best Value

    {! insider.display.menuOptionsLabel !}

    Everything included in Insider Basic, plus ad-free web experience, select discounts to partner offerings and MIT Technology Review events

    See details+

    What's Included

    Bimonthly home delivery and unlimited 24/7 access to MIT Technology Review’s website.

    The Download. Our daily newsletter of what's important in technology and innovation.

    Access to the Magazine archive. Over 24,000 articles going back to 1899 at your fingertips.

    Special Discounts to select partner offerings

    Discount to MIT Technology Review events

    Ad-free web experience

  • Insider Basic {! insider.prices.basic !}*

    {! insider.display.menuOptionsLabel !}

    Six issues of our award winning magazine and daily delivery of The Download, our newsletter of what’s important in technology and innovation.

    See details+

    What's Included

    Bimonthly home delivery and unlimited 24/7 access to MIT Technology Review’s website.

    The Download. Our daily newsletter of what's important in technology and innovation.

/
You've read all of your free articles this month. This is your last free article this month. You've read of free articles this month. or  for unlimited online access.