
© Raphael Satter/Associated Press โThe goal was to mimic their activities,โ said Sergey Golovanov of Kaspersky, about how the thieves targeted bank employees.
In late 2013, an A.T.M. in Kiev started dispensing cash at seemingly random times of day. No one had put in a card or touched a button. Cameras showed that the piles of money had been swept up by customers who appeared lucky to be there at the right moment.
But when a Russian cybersecurity firm, Kaspersky Lab, was called to Ukraine to investigate, it discovered that the errant machine was the least of the bank's problems.
The bank's internal computers, used by employees who process daily transfers and conduct bookkeeping, had been penetrated by malware that allowed cybercriminals to record their every move. The malicious software lurked for months, sending back video feeds and images that told a
criminal group โ including Russians, Chinese and Europeans โ how the bank conducted its daily routines, according to the investigators.
Then the group impersonated bank officers, not only turning on various cash machines, but also transferring millions of dollars from banks in Russia, Japan, Switzerland, the United States and the Netherlands into dummy accounts set up in other countries.
In a report to be published on Monday, and provided in advance to The New York Times, Kaspersky Lab says that the
scope of this attack on more than 100 banks and other financial institutions in 30 nations could make it one of the largest bank thefts ever โ and one conducted without the usual signs of robbery.
The Moscow-based firm says that because of nondisclosure agreements with the banks that were hit, it cannot name them. Officials at the White House and the F.B.I. have been briefed on the findings, but say that it will take time to confirm them and assess the losses.
Kaspersky Lab says it has seen evidence of
$300 million in theft through clients, and believes the total could be triple that. But that projection is impossible to verify because the thefts were limited to $10 million a transaction, though some banks were hit several times. In many cases the hauls were more modest, presumably to avoid setting off alarms.
The majority of the targets were in Russia, but many were in Japan, the United States and Europe.
Comment: Although the report by Kaspersky Lab relates to 'cyber criminals', it may be a timely reminder as to the extremely sophisticated, global and covert nature of cyber attacks generally.
The rhetoric on
cyber attacks has been
steadily increasing, with even larger
cyber security exercises being held and recent warnings of
'catastrophic' cyberattacks at Davos recently.
Could a cyber false-flag attack be imminent? Could such an attack be used as a pretext for war?
As well as "extremist groups such as Islamic State" already being linked to "modern cyber terrorism"; recently Admiral Mike Rogers, the director of the U.S. National Security Agency
warned:
China and "probably one or two" other countries have the ability to invade and possibly shut down computer systems of U.S. power utilities, aviation networks and financial companies
Comment: 'Colonel Cassad', a highly reliable source on the military situation in Novorossiya, says that there has been a significant reduction in military action along most of the front. So the ceasefire orders are being largely followed. There were a number of firefights involving small-arms over the night, and artillery fire around Debaltsevo (which Kiev continues to deny is encircled). Overall, though, the truce appears to be holding.