A new report, released by internet #Security
firm Kaspersky Lab,
says that hackers have stolen around $1 billion in what is possibly the largest bank heist to ever take place
. The report, which was released on Sunday, says it has discovered how hackers installed software on bank computers, learned to mimic bank employee workflows and eventually used the information to transfer money into bank accounts they had set up for the theft.
The hackers hit over 100 banks over a few months, stealing anywhere between $2.5 million and $10 million from each financial institution. The security agency estimated that "total financial losses could be as a high as $1 billion, making this by far the most successful criminal cyber campaign we have ever seen." The report did not go on to name the institutions, but it did state that they were situated in 25 different countries, including the United States.
The hackers were Russian, Ukrainian, Chinese and European, but authorities have not been able to pinpoint them. They are believed to have installed a malware called "Carbanak" on that enabled them to track and monitor the actions of bank employees for anywhere between two and four months, until they figured out how to transfer money into their accounts without being detected.
Once they understood how systems worked, the hackers would change account balances and transfer excess funds to their accounts mimicking techniques they had learned from bank staff themselves. Henchmen were deployed outside ATMs across the world, who would go and collect cash after hackers manipulated them to dispense cash directly from the bank's reserves..
Kaspersky Lab warned that the "attacks remain active" and provided a number of suggestions to banks to help them reduce the vulnerability of their computers and systems. The New York Times, which broke this story, said that a cyber security group "disseminated intelligence on this attack to the members." Law enforcement agencies are also believed to have briefed the banks on the hackings.