Kapersky Lab released a report on one of the biggest heists ever, in which a diffuse group of hackers called the “Karbanak Gang” managed to steal a billion dollars over two years using a combination of sophisticated hacking of the SWIFT international finance system and exploitation of good old human error. From Kapersky Lab:
Europol and authorities from different countries have combined efforts to uncover the criminal plot behind an unprecedented cyberrobbery. Up to one billion American dollars was stolen in about two years from financial institutions worldwide. The experts report that responsibility for the robbery rests with a multinational gang of cybercriminals from Russia, Ukraine and other parts of Europe, as well as from China. The Carbanak criminal gang responsible for the cyberrobbery used techniques drawn from the arsenal of targeted attacks. The plot marks the beginning of a new stage in the evolution of cybercriminal activity, where malicious users steal money directly from banks, and avoid targeting end users.
So there’s one silver lining: the money didn’t come out of individuals’ accounts. Other than that, there’s nothing to inspire confidence in the institutions that we rely on to protect our money and our most sensitive information. According to Slate, the hackers were able to generate fake bank transactions, get ATMs to spit out money into their waiting hands, and keep it all unnoticed for several years.The least sophisticated part of their scheme is also the most unsettling: they initially got into the banking systems by sending “phishing” emails to the banks’ employees. In other words, they were able to pull this whole thing off because they could rely on one thing we are never going to be able to solve: human laziness and credulity.The banks don’t seem to know how to keep up with either the crude or the sophisticated types of hacking (or the combination thereof) consistently, and over time that threatens to erode people’s trust in the security of banking writ large.Even putting to one side the technological backdoors that government snoops are putting in everyone’s SIM chips and China’s computers, it’s becoming increasingly clear that it is unwise to expect any electronic information to be secure. Our big institutions are probably woefully under-defended (and perhaps always will be) online. This is why you, dear reader, as an internet user and citizen of the modern world, were our biggest loser of 2014.