Business
Experts split over $1 bn cyber bank robbery report
London, Feb 16
Security experts were split
over the severity of the alleged "unprecedented cyber robbery" and the
amount of cash stolen, following a Russian computer security firm's
report that hackers have stolen $1 billion from nearly 100 banks since
2013, a media report said Monday.
Russian computer security firm
Kaspersky Lab estimated that $1 billion has been stolen in the attacks,
which it says started in 2013 and are still active, according to a BBC
report.
It added that the criminals manipulated cash machines to dispense stolen money.
The
majority of banks that allegedly fell victim to the scheme are based in
Russia, Kaspersky said, adding that a handful of others are spread
across China, Ukraine, and Uzbekistan, and other countries.
The firm also revealed that it had worked with Interpol and Europol on the investigation.
Kaspersky's revelations build on a report released by another cyber-security company, Fox-IT, last year.
Commenting
on the Kaspersky release, Fox-IT said that since it had published its
findings in December, "the group has decreased their activities and
might now have even stopped entirely".
Some security experts have also called into question the $1 bn figure.
"A
lot of the money will be got back," said Steven Murdoch, from
University College London's Information Security Research Group, adding
that while there were undoubtedly "large numbers" involved, the amount
had been overestimated.
But he added that the report's findings should be "useful for banks".
Cyber-security
expert Prof Alan Woodward, of Surrey University, said that "nobody
knows the real figure" but it was evident that the attackers had "a lot
of patience and a lot of planning".
He said that the companies affected would now be working to "close the stable door, and then work out how many horses bolted".
"These
attacks again underline the fact that criminals will exploit any
vulnerability in any system," Sanjay Virmani, director of Interpol's
digital crime centre, said.
Kaspersky said the gang's methods
marked a new stage in cyber robbery where "malicious users steal money
directly from banks and avoid targeting end users".
The gang,
which Kaspersky dubbed "Carbanak", used computer viruses to infect
company networks with malware including video surveillance, enabling it
to see and record everything that happened on staff's screens.
In
some cases it was then able to transfer money from the banks' accounts
to their own, or even able to tell cash machines to dispense cash at a
pre-determined time of day.
Kaspersky said on average each bank robbery took place between two and four months, with up to $10 million stolen each time.
"It was a very slick and professional cyber robbery," Kaspersky Lab's principal security researcher, Sergey Golovanov said.
Europol
Director Rob Wainwright said the agency had "issued warnings and
intelligence to national law enforcement authorities and European banks
through the European Banking Federation".
"Reported infections in
the EU are unconfirmed at this stage, although we are continuing to
work actively on the matter," he added.