If McAfee Security is right, there could be as many as thirty U.S. banks that are being targeted for what it’s calling “massive cyber attacks”. The information released by RSA, a security win of EMC Corp, outlines efforts to steal millions of dollars from consumers’ bank accounts. The report was completed in October and also lists several other financial entities, including eBay and PayPal, as well as credit card accounts linked to those bank accounts.
Project Blitzkrieg is especially troublesome for a few reasons, partly because it’s already had a series of test runs conducted by the thieves and partly because unlike other recent denial of service attacks, these hackers are out for the loot.
Those close to the investigation say this new report shocked those in both the security and financial sectors because the criminals had managed to develop this incredibly sophisticated Trojan without alerting any of the traditional triggers and worse, this Trojan will be able to quickly penetrate bank accounts from the nation’s biggest banks, including Wells Fargo, CitiBank and many others, while quickly draining the accounts.
The crime ring plans to launch its attack in full force in the spring of 2013, and it’s not entirely clear where the criminals are at this point since the leak caused the entire group to “go dark”. This extensive effort also includes a recruiting campaign. Promises to share percentages of the stolen money, the group is inviting other hackers to join while providing their hacking expertise and conduct handwork too. It’s believed there is a Russian connection and the infamous “cyber mafia leader” NSD is also said to be a part of the effort. Those recruited are being asked to infect American computers with a particular malware designed to clone the computers it penetrates. The user names and passwords would be the first collected followed by mass transfers of monies.
While many efforts to detect this kind of activity includes recognition software designed to let the banks and companies know when accounts are being accessed from foreign ISPs, the hackers were able to bypass those security measures and thereby bypassing the security questions.
To handle the limitations banks place on accounts, such as how much money can be withdrawn in a twenty four hour period, hundreds of criminals are now a part of the effort with the common goal of making those small withdrawals that won’t trigger any kind of alarms. Millions can be transferred in a surprisingly short amount of time.
The good news is now that the efforts have been uncovered, the project is less likely to move forward. It should be noted, though, many hackers will release their own upcoming hacks to provide a sense of security as they turn their attention to those aspects not being monitored as a result of the information leak. An independent security researcher, Brian Krebs, linked the report to NSD in recent days and it was at that time the project “went dark”.
Krebs said NSD has simply vanished and says he can’t find him anywhere. He also said,
Either bringing this to light scuttled any plans to go forward, or it’s still moving ahead cautiously under a much more protective cover.
Regardless, the discovery of this effort makes it easier for banks to prepare for the potential hacks. Law enforcement is now involved and that too can serve as a deterrent for the group.
In either case, knowing what they’re up against could be a blessing for banks. McAfee said it is coordinating with law enforcement officials and working with several banks to prepare them for the potential attacks.
Banks receive cyber threats on a daily basis; in fact, Bill Wansley, who is the Senior Vice President at Booz Allen Hamilton, a company that specializes in this type of security, says the entire financial sector gets hit thousands of times on a daily basis. Most recently, Cyber Fighters of Izz ad-Din al-Qassam, the group responsible for the largest denial of service attack ever recorded, announced it would begin another round of attacks this week. And it’s been true to its word. On Tuesday, the group hit Bank of America, with more promised throughout the week.
The group has been posting its warnings on its preferred message of communication – an online message board. It also gave brief interviews to several media outlets and said at the core of the issue is a video that went up earlier this year that was anti-Muslim. It insists the attacks will stop when the video is brought down from YouTube. That has not happened, despite the film’s creator being in jail on other charges. There are no plans to bring the video down.
The banks and other financial companies have opted not to comment at this time on this latest threat. If security analysts can override the potential problems before the group attacks, it may be able to prevent efforts if they do come to fruition this spring. The question is why did the group warn of its plans? That has some analysts worried.