Laconics Round Table

Laconics Round Table
 
HomeFAQSearchMemberlistUsergroupsRegisterLog in

Share | 
 

 Sophisticated Stuxnet-like Code used in $1B Bank Heist (jews aren't barking)

View previous topic View next topic Go down 
AuthorMessage
wag
Cervelle de Veau
avatar

Posts : 8452
Join date : 2012-12-04

PostSubject: Sophisticated Stuxnet-like Code used in $1B Bank Heist (jews aren't barking)   Mon Feb 16, 2015 1:26 pm

Bank Hackers Steal Millions via Malware
By DAVID E. SANGER and NICOLE PERLROTHFEB. 14, 2015
Photo


“The goal was to mimic their activities,” said Sergey Golovanov of Kaspersky, about how the thieves targeted bank employees.  Credit Raphael Satter/Associated Press  

Continue reading the main story Share This Page

  • Email
  • Save

PALO ALTO, Calif. — In late 2013, an A.T.M. in Kiev started dispensing cash at seemingly random times of day. No one had put in a card or touched a button. Cameras showed that the piles of money had been swept up by customers who appeared lucky to be there at the right moment.

But when a Russian cybersecurity firm, Kaspersky Lab, was called to Ukraine to investigate, it discovered that the errant machine was the least of the bank’s problems.

The bank’s internal computers, used by employees who process daily transfers and conduct bookkeeping, had been penetrated by malware that allowed cybercriminals to record their every move. The malicious software lurked for months, sending back video feeds and images that told a criminal group — including Russians, Chinese and Europeans — how the bank conducted its daily routines, according to the investigators.

Then the group impersonated bank officers, not only turning on various cash machines, but also transferring millions of dollars from banks in Russia, Japan, Switzerland, the United States and the Netherlands into dummy accounts set up in other countries.
Continue reading the main story

How Hackers Infiltrated Banks


Since late 2013, an unknown group of hackers has reportedly stolen $300 million ­— possibly as much as triple that amount — from banks across the world, with the majority of the victims in Russia. The attacks continue, all using roughly the same modus operandi:



Hackers send email containing a malware program called Carbanak to hundreds of bank employees, hoping to infect a bank’s administrative computer.
HACKER
ADMIN PC
Programs installed by the malware record keystrokes and take screen shots of the bank’s computers, so that hackers can learn bank procedures. They also enable hackers to control the banks’ computers remotely.
ADMIN PC
HACKER
By mimicking the bank procedures they have learned, hackers direct the banks’ computers to steal money in a variety of ways:
Transferring money into hackers’ fraudulent
bank accounts

Using e-payment systems to send money to
fraudulent accounts overseas

Directing A.T.M.s to dispense money at set
times and locations


Source: Kaspersky Lab

In a report to be published on Monday, and provided in advance to The New York Times, Kaspersky Lab says that the scope of this attack on more than 100 banks and other financial institutions in 30 nations could make it one of the largest bank thefts ever — and one conducted without the usual signs of robbery.

The Moscow-based firm says that because of nondisclosure agreements with the banks that were hit, it cannot name them. Officials at the White House and the F.B.I. have been briefed on the findings, but say that it will take time to confirm them and assess the losses.

Kaspersky Lab says it has seen evidence of $300 million in theft through clients, and believes the total could be triple that. But that projection is impossible to verify because the thefts were limited to $10 million a transaction, though some banks were hit several times. In many cases the hauls were more modest, presumably to avoid setting off alarms.

The majority of the targets were in Russia, but many were in Japan, the United States and Europe.

No bank has come forward acknowledging the theft, a common problem that President Obama alluded to on Friday when he attended the first White House summit meeting on cybersecurity and consumer protection at Stanford University. He urged passage of a law that would require public disclosure of any breach that compromised personal or financial information.

But the industry consortium that alerts banks to malicious activity, the Financial Services Information Sharing and Analysis Center, said in a statement that “our members are aware of this activity. We have disseminated intelligence on this attack to the members,” and that “some briefings were also provided by law enforcement entities.”

The American Bankers Association declined to comment, and an executive there, Douglas Johnson, said the group would let the financial services center’s statement serve as the only comment. Investigators at Interpol said their digital crimes specialists in Singapore were coordinating an investigation with law enforcement in affected countries. In the Netherlands, the Dutch High Tech Crime Unit, a division of the Dutch National Police that investigates some of the world’s most advanced financial cybercrime, has also been briefed.

The silence around the investigation appears motivated in part by the reluctance of banks to concede that their systems were so easily penetrated, and in part by the fact that the attacks appear to be continuing.

The managing director of the Kaspersky North America office in Boston, Chris Doggett, argued that the “Carbanak cybergang,” named for the malware it deployed, represents an increase in the sophistication of cyberattacks on financial firms.

“This is likely the most sophisticated attack the world has seen to date in terms of the tactics and methods that cybercriminals have used to remain covert,” Mr. Doggett said.

As in the recent attack on Sony Pictures, which Mr. Obama said again on Friday had been conducted by North Korea, the intruders in the bank thefts were enormously patient, placing surveillance software in the computers of system administrators and watching their moves for months. The evidence suggests this was not a nation state, but a specialized group of cybercriminals.

But the question remains how a fraud of this scale could have proceeded for nearly two years without banks, regulators or law enforcement catching on. Investigators say the answers may lie in the hackers’ technique.

In many ways, this hack began like any other. The cybercriminals sent their victims infected emails — a news clip or message that appeared to come from a colleague — as bait. When the bank employees clicked on the email, they inadvertently downloaded malicious code. That allowed the hackers to crawl across a bank’s network until they found employees who administered the cash transfer systems or remotely connected A.T.M.s.

Then, Kaspersky’s investigators said, the thieves installed a “RAT”— remote access tool — that could capture video and screenshots of the employees’ computers.

“The goal was to mimic their activities,” said Sergey Golovanov, who conducted the inquiry for Kaspersky Lab. “That way, everything would look like a normal, everyday transaction,” he said in a telephone interview from Russia.

The attackers took great pains to learn each bank’s particular system, while they set up fake accounts at banks in the United States and China that could serve as the destination for transfers. Two people briefed on the investigation said that the accounts were set up at J.P. Morgan Chase and the Agricultural Bank of China. Neither bank returned requests for comment.

Kaspersky Lab was founded in 1997 and has become one of Russia’s most recognized high-tech exports, but its market share in the United States has been hampered by its origins. Its founder, Eugene Kaspersky, studied cryptography at a high school that was co-sponsored by the K.G.B. and Russia’s Defense Ministry, and he worked for the Russian military before starting his firm.

When the time came to cash in on their activities — a period investigators say ranged from two to four months — the criminals pursued multiple routes. In some cases, they used online banking systems to transfer money to their accounts. In other cases, they ordered the banks’ A.T.M.s to dispense cash to terminals where one of their associates would be waiting.


But the largest sums were stolen by hacking into a bank’s accounting systems and briefly manipulating account balances. Using the access gained by impersonating the banking officers, the criminals first would inflate a balance — for example, an account with $1,000 would be altered to show $10,000. Then $9,000 would be transferred outside the bank. The actual account holder would not suspect a problem, and it would take the bank some time to figure out what had happened. 

“We found that many banks only check the accounts every 10 hours or so,” Mr. Golovanov of Kaspersky Lab said. “So in the interim, you could change the numbers and transfer the money.”

The hackers’ success rate was impressive. One Kaspersky client lost $7.3 million through A.T.M. withdrawals alone, the firm says in its report. Another lost $10 million from the exploitation of its accounting system. In some cases, transfers were run through the system operated by the Society for Worldwide Interbank Financial Telecommunication, or Swift, which banks use to transfer funds across borders. It has long been a target for hackers — and long been monitored by intelligence agencies.

Mr. Doggett likened most cyberthefts to “Bonnie and Clyde” operations, in which attackers break in, take whatever they can grab, and run. In this case, Mr. Doggett said, the heist was “much more ‘Ocean’s Eleven.’ ”

_________________
Nobody gets paid to tell the truth.
Back to top Go down
View user profile
amalgamy
Porkchop


Posts : 298
Join date : 2014-04-16

PostSubject: Re: Sophisticated Stuxnet-like Code used in $1B Bank Heist (jews aren't barking)   Mon Feb 16, 2015 5:21 pm

Time to double check the Swiss accounts. Jews covering tax liens.
Back to top Go down
View user profile
wag
Cervelle de Veau
avatar

Posts : 8452
Join date : 2012-12-04

PostSubject: Re: Sophisticated Stuxnet-like Code used in $1B Bank Heist (jews aren't barking)   Mon Feb 16, 2015 6:59 pm

Beyond Stuxnet and Flame: Equation 'most advanced' cybercriminal gang recorded
Summary:Security experts say The Equation Group surpasses every other threat actor known in complexity and sophistication.

By Charlie Osborne for Zero Day | February 16, 2015 -- 20:16 GMT (12:16 PST)


CANCUN, MEXICO: Kaspersky Labs has discovered the "ancestor" of Stuxnet and Flame, a threat actor which surpasses everything else in complexity and technique sophistication.

On Monday at the Kaspersky Labs Security Analyst Summit, the firm unveiled research concerning the existence of a cyberattack team dubbed The Equation Group. The group, which Kaspersky Lab Global Research and Analysis Team (GReAT) members dub the "ancestor" of Stuxnet and Flame operators, has been in operation dating back to 2001 and possibly as early as 1996.

The Equation Group uses multiple malware platforms, some of which go far beyond threats such as Regin in complexity and sophistication.

"The Equation group is probably one of the most sophisticated cyber attack groups in the world; and they are the most advanced threat actor we have seen," the company says.

After tracking over 60 threat actors responsible for cyberattacks across the globe, GReAT says that The Equation Group, active over two decades, goes beyond anything else the security team has tracked and witnessed.
According to Kaspersky Lab researchers, the group is unique in a number of ways: they use tools which are extremely complicated and expensive to develop; are very professional in the ways they infect victims, steal data and hide their activities, and they also use "classic" spying techniques to deliver malicious payloads to victims.
In order to infect victims, the group uses a variety of trojans and tools. Within The Equation Group's toolkit, you will also find at least two Stuxnet variants, Zero days and exploits which strike both Windows and Mac machines and browsers.

Kaspersky detected seven exploits in total used by The Equation group in their malware, and at least four were Zero days. In addition, there are a number of unknown exploits which are used in a chain to ensure success in infecting a machine.

Speaking at the conference, Costin Raiu, Director of the Global Research and Analysis Team at Kaspersky Lab said he assumes the group also has iPhone exploits, "but we have no confirmation so far."
The company have named specialist tools used by the group EquationLaser, EquationDrug, DoubleFantasy, TripleFantasy, Fanny and GrayFish, but the list is far from complete. However, each tool is sophisticated and professionally used.

"These guys don't make mistakes. If they do, they do very, very rarely." Raiu said.
Two particular tools stand out from the crowd. Fanny -- named due to fanny.bmp file found on compromised systems -- is a computer worm created in 2008 which targets victims in the Middle East and Asia.
The worm, which infects USB hard drives, has been found "on thousands of USBs, and are still there," according to Raiu. The purpose of Fanny appears to be the mapping of air-gapped networks. In order to do so, the malware uses a "unique" USB-based command and control mechanism -- carving out a hidden storage space on the USB to store stolen data and carry out commands.

If Fanny infects a computer which is not connected to the Web, it will collect system information and save it in the hidden area. When the computer eventually connects to the Internet, the malware leaps into action and sends this data to a command and control (C&C) center.

If the cyberattacker wants to run commands on the air-gapped networks, these commands can be saved in the secret storage space and execute them.

The second prominent tool used by The Equation Group is a plugin, nls_933w.dll, which Kaspersky Lab security expert Vitaly Kamluk described as the "ultimate cyberattack tool, unique and super advanced." This plugin has the power to interact with a hard drive -- both traditional and SSD -- on a lower level.

Not only interact with -- but rewrite.

The infection, which Kamluk described as a "great headache even to detect," is able to reprogram a hard drive's firmware. By performing a rewrite, the group not only achieves an extreme level of persistence and the ability to survive disk reformatting, but the malware can also create a hidden storage area which is nigh-on impossible to detect.

Read this


Bluster, bravado and breaches: Today's 'terrorist' players in cybersecurity

  • Read More


The team has spotted 12 vendors so far which are vulnerable, including Seagate, Western Digital and Samsung.
Sadly, if you suspect you are infected, the team suggests you should "destroy the hard drive," according to Kamluk. Why? Not only can the malware survive a full operating system reinstall, but your stolen data -- potentially hidden within a secret storage space -- will always be at risk and may end up being sent to the group's C&C center.

The security team believes The Equation group is the "ancestor" of other threat actors such as Stuxnet and Flame, as the group has access to Zero days before they were used by Stuxnet and Flame. At some point, The Equation group shared these exploits with others. For example, in 2008 Fanny used two Zero days which were introduced into Stuxnet in June 2009 and March 2010.

Raiu said:
Quote :
"It's important to point out that these two exploits were used in Fanny before they were integrated into Stuxnet, indicating the Equation group had access to these zero-days before the Stuxnet group. Actually, the similar type of usage of both exploits together in different computer worms, at around the same time, indicates that the Equation group and the Stuxnet developers are either the same or working closely together."
Using a C&C center, The Equation group comprises of over 300 domains and more than 100 servers hosted in countries including the US, UK, Panama and Colombia.

Since 2001, the Equation group has infected thousands -- or perhaps tens of thousands -- with their arsenal of bootkits and malware, according to Kaspersky. No-one is safe either: the team say that targets from a vast range of sectors including government, military, telecommunications, energy, nanotechnology and media have become victims.

Raiu estimates that up to 2,000 victims a month are being targeted. While this number in itself does not seem like a big deal, when you consider who is being targeted and the variety of tools at their disposal, the security expert says "it's getting pretty scary."

Disclaimer: Kaspersky Labs sponsored the trip to the Security Analyst Summit 2015.

_________________
Nobody gets paid to tell the truth.
Back to top Go down
View user profile
EyeBelieve
Cervelle de Veau
avatar

Posts : 6721
Join date : 2013-02-20

PostSubject: Re: Sophisticated Stuxnet-like Code used in $1B Bank Heist (jews aren't barking)   Wed Feb 18, 2015 2:47 am

#1 vulnerability is local humans not miracle hack programs.
Back to top Go down
View user profile
OldTimes
Sirloin
avatar

Posts : 584
Join date : 2013-04-07

PostSubject: Re: Sophisticated Stuxnet-like Code used in $1B Bank Heist (jews aren't barking)   Wed Feb 18, 2015 3:03 am

If these guys were serious about security they wouldn't be using Microsoft/Windows.

How anyone can take an OS seriously where you have to accept legalese fineprint to download the frequent security updates is beyond me. And then they run their business on it.

Back to top Go down
View user profile
Jacob Gold
Cervelle de Veau
avatar

Posts : 5043
Join date : 2012-12-04

PostSubject: Re: Sophisticated Stuxnet-like Code used in $1B Bank Heist (jews aren't barking)   Wed Feb 18, 2015 3:43 am

Malware - more nonsense. You got to be nuts letting jews control your financial systems
Back to top Go down
View user profile
wag
Cervelle de Veau
avatar

Posts : 8452
Join date : 2012-12-04

PostSubject: Re: Sophisticated Stuxnet-like Code used in $1B Bank Heist (jews aren't barking)   Wed Feb 18, 2015 11:53 am

Jacob Gold wrote:
Malware - more nonsense. You got to be nuts letting jews control your financial systems

Money is just money, but with Stuxnet, jews could wipe out populations.

_________________
Nobody gets paid to tell the truth.
Back to top Go down
View user profile
EyeBelieve
Cervelle de Veau
avatar

Posts : 6721
Join date : 2013-02-20

PostSubject: Re: Sophisticated Stuxnet-like Code used in $1B Bank Heist (jews aren't barking)   Thu Feb 19, 2015 2:09 am

My guess is that 99% of computer security problems could easily be fixed if PTB would allow it.

Linux never seems to catch on big in the US at least. Lamers are into tablets & smartphones--so much variety of OS's/devices that there are fewer desktop/laptop users with time/motivation to keep up with security.

Tried Linux on a laptop recently: Asshole Adobe ended support for Linux Flash which fawks up 50% of websites. Linux has problems with slow WiFi on many laptops despite them being big-name models. & installing Linux wrecked the hidden Windows 8 recovery partition.

Windows 8 itself surely a plot to wreck computers & demoralize users, even little kids used to tablet-style GUI hate Windows 8.
Back to top Go down
View user profile
wag
Cervelle de Veau
avatar

Posts : 8452
Join date : 2012-12-04

PostSubject: Re: Sophisticated Stuxnet-like Code used in $1B Bank Heist (jews aren't barking)   Thu Feb 19, 2015 1:49 pm

EyeBelieve wrote:
My guess is that 99% of computer security problems could easily be fixed if PTB would allow it.

Linux never seems to catch on big in the US at least.  Lamers are into tablets & smartphones--so much variety of OS's/devices that there are fewer desktop/laptop users  with time/motivation to keep up with security.  

Tried Linux on a laptop recently:  Asshole Adobe ended support for Linux Flash which fawks up 50% of websites.  Linux has problems with slow WiFi on many laptops despite them being big-name models.  & installing Linux wrecked the hidden Windows 8 recovery partition.  

Windows 8 itself surely a plot to wreck computers & demoralize users, even little kids used to tablet-style GUI hate Windows 8.

Try Ubuntu, mate! 

https://ubuntu-mate.org/

_________________
Nobody gets paid to tell the truth.


Last edited by wag on Thu Feb 19, 2015 7:31 pm; edited 1 time in total
Back to top Go down
View user profile
OldTimes
Sirloin
avatar

Posts : 584
Join date : 2013-04-07

PostSubject: Re: Sophisticated Stuxnet-like Code used in $1B Bank Heist (jews aren't barking)   Thu Feb 19, 2015 7:18 pm

EyeBelieve wrote:
My guess is that 99% of computer security problems could easily be fixed if PTB would allow it.

They would have to spend a lot of money.

Quote :
Linux never seems to catch on big in the US at least. Lamers are into tablets & smartphones--so much variety of OS's/devices that there are fewer desktop/laptop users with time/motivation to keep up with security.

Android is linux.
So is MacOSX.

Quote :
Tried Linux on a laptop recently: Asshole Adobe ended support for Linux Flash which fawks up 50% of websites. Linux has problems with slow WiFi on many laptops despite them being big-name models. & installing Linux wrecked the hidden Windows 8 recovery partition.

Common problems for many. Ubuntu might make it easier but with a little knowledge each of those problems can be solved regardless of the distro.

Quote :
Windows 8 itself surely a plot to wreck computers & demoralize users, even little kids used to tablet-style GUI hate Windows 8.

Not to mention acknowledged NSA & Microsoft backdoors in the OS.

Back to top Go down
View user profile
EyeBelieve
Cervelle de Veau
avatar

Posts : 6721
Join date : 2013-02-20

PostSubject: Re: Sophisticated Stuxnet-like Code used in $1B Bank Heist (jews aren't barking)   Fri Feb 20, 2015 12:38 am

Yes, I installed Ubuntu. Prev time I installed Ubuntu it did a nice & very simple dual-boot. This time I should have checked beforehand for tips in re to installing on laptop, didn't know about the hidden partition. Android & MacOSX have advantage of top level developers. Ubuntu & other distros do a pretty good job considering it's mostly volunteer AFAIK.

Flash remains a concern. Did a bit of reading & apparently workarounds are kludgy at best. One can use the outdated Flash version, dunno how big a problem that is viz security & playability.

I'm not sure how much of security problems are due to cost. Computer MSM says OS's, features etc grew so rapidly that it was hard to predict most of the problems. Maybe so--but OTOH seems that security & privacy was never a top goal in designing the whole system.

Folks who wanted max privacy faced with absurd obstacles. PGP programs often fussy & poorly documented. Likewise things like proxies, email & usenet remailers. ISPs should have built in this stuff to start.
Back to top Go down
View user profile
Sponsored content




PostSubject: Re: Sophisticated Stuxnet-like Code used in $1B Bank Heist (jews aren't barking)   

Back to top Go down
 
Sophisticated Stuxnet-like Code used in $1B Bank Heist (jews aren't barking)
View previous topic View next topic Back to top 
Page 1 of 1
 Similar topics
-
» Bank of England warns of problems
» At Last, something being done about excessive Bank Bonuses.
» Senior 63 yr old Bank Executive arrested on suspicion of Tax Fraud
» Bank of Dave in Burnley
» Breaking The Bank ~~Doc~~

Permissions in this forum:You cannot reply to topics in this forum
Laconics Round Table :: Laconics Round Table-
Jump to: