Latest in Gear

Image credit: Getty Images

Russian hackers steal $10 million from ATMs through bank networks

The intruders have exploited transfer systems for 18 months.
630 Shares
Share
Tweet
Share
Save
Getty Images

The recent rash of bank system hacks goes deeper than you might have thought -- it also includes stealing cash directly from ATMs. Researchers at Group-iB have published details of MoneyTaker, a group of Russian hackers that has stolen close to $10 million from American and Russian ATMs over the past 18 months. The attacks, which targeted 18 banks (15 of which were American), compromised interbank transfer systems to hijack payment orders -- "money mules" would then withdraw the funds at machines.

The first known attack was in the spring of 2016, when MoneyTaker hit First Data's STAR network (the largest transfer messaging system for ATMs in the US). They also compromised Russia's AW CRB network, and swiped documents for OceanSystems' Fed Link system used by roughly 200 banks across the Americas. And in some cases, the group stuck around after the initial heist -- at least one US bank's documents were stolen twice, while the perpetrators kept spying on Russian bank networks.

While it's not clear who's behind MoneyTaker, you're only hearing about them now because they're particularly clever. They've repeatedly switched their tools and methods to bypass software, and have taken care to erase their tracks. For instance, they've 'borrowed' security certificates from the US federal government, Bank of America, Microsoft and Yahoo. One Russian bank did manage to spot an attack and return some of the ill-gotten gains.

This particular hack didn't directly affect users, since it was more about intercepting bank-to-bank transfers than emptying personal accounts. However, it illustrates both the sophistication of modern bank hacks and the vulnerability of the banks themselves. While it would be difficult to completely prevent hacks, it's clear that attackers are having a relatively easy time making off with funds and sensitive data.

From around the web

ear iconeye icontext filevr