According to the BBC, Moscow-based cyber-security firm Kaspersky Labs has uncovered an online criminal gang that uses malware-infected emails to take control of banks’ computer systems and perform what the report calls “unprecedented cyber robbery”.
The group, which Kaspersky is calling “Carbanak”, sneaks keystroke recognition software into bank computers to learn staff procedures over a period of months before taking control and transferring up to US$ 10 million per heist to dummy accounts.
The careful preparation means that they have been able to disguise their robberies as ordinary bank transactions. They have targeted financial institutions in Russia, Japan, the Netherlands, the US and Switzerland, and the attacks are continuing, Kaspersky says.
The group has also instructed ATMs to dispense cash at particular locations and times.
Kaspersky Labs worked with Interpol and Europol on its investigation. It reports that the hacker group consists of members from Russia, Ukraine and China.
The New York Times reported that Chris Doggett, managing director of Kaspersky’s North America office, said the attacks represented an increase in the sophistication of cybercrime targeting financial institutions.
No bank has yet admitted being the victim of such thefts.