News: The Hack of the Century!

Although this century is still young, with little fanfare we may have just witnessed the "Hack of the Century." AV software developer Kaspersky of Russia recently announced that they found that some hackers have stolen over $1 billion from banks around the world!

Advanced Persistent Threat (APT)

Advanced persistent threat, or APT, is a term that has come into wide use in recent years among the information security community. It was coined to cover the type of threats that come from highly sophisticated hackers, usually state-sponsored, that are advanced in their techniques and persistent in their approach.

APT has most often been associated with China's state-sponsored hacking from the West's perspective. The rest of the world might regard NSA's hacking and spying as APT. In any case, it has generally been limited to state security issues, cyber warfare, and cyber espionage. In the present case, it has morphed into cyber theft according to Kaspersky.

Nothing Like It in History

This group of hackers have accomplished what bank thieves have been trying to do for hundreds of years. With little fanfare and no guns or other weapons, this group of hackers has committed the heist of the century!

What Happened?

Apparently, the cyber thieves in this case sent spear phishing emails to numerous banks around the world. Spear phishing is differentiated from phishing in that spear fishing has a very sharp point. These are emails that are specifically crafted to entice one chosen person to click on a link. When this person clicks on the link, their computer is compromised and then the attacker can begin to attack other systems within the network.

Who said social engineering doesn't work any more?

Carberp Exploit

When the initial victims clicked on the link sent to them (only one person of thousands within an organization has to click), the carberp malicious code is installed on their machine. These links or files were CPL (control panel) and Microsoft Word documents. The attackers then infected other systems on the network and used screenshots, videos, and keyloggers to study the internal workings of the financial institution.

Usually, they studied for months before they had enough information to begin to wire money out of the banks. In some cases, they even created phony bank accounts and then withdrew the money from ATMs.

The Losses

The attackers were careful not to focus the attack on a a single financial institution. At each bank, they withdrew $2.5 to $10 million, but they did this to hundreds of institutions. No depositor funds were lost as these funds came from the institutions reserves, rather than individual deposit accounts.

Affected Institutions

Initially, the banks affected were primarily within Russia, the U.S., Germany, China, and the Ukraine. The fact that both the Ukraine and Russia were among the initial targets would lead one to believe that the attack source is within either of those two countries, but not necessarily. These attacks are continuing and new targets are being found every day with Malaysian, African, and Middle Eastern banks the new targets. By the time these guys are done, their take may be in the billions!

I think that this hack re-emphasizes what I have been saying here at Null Byte for awhile. That is, hacking is the MOST important skill of the 21st century, for good or ill. Hacking is being used in cyber espionage, cyber warfare, industrial espionage, and cyber crime, to name but a few activities.

Hacking and hackers will change the world!