Dave Marcus of McAfee, and Ryan Sherstobitoff of Guardian Analytics, recently authored a comprehensive report on the ongoing bank-hacking attacks.
The white paper, released on June 26th, details the automated attacks on high-balance bank accounts that continue through the use of sophisticated malware.
Is your bank account in danger from the Operation High Roller masterminds?
What is Malware?
Malware is a shorthand term for malicious software – computer programs that can wreak havoc on databases, personal computers, laptops, and any other computing system. Some programmers create destructive malware, such as viruses and Trojan Horses, simply to cause problems with other computers, while others use their code to sneak into databases and collect information, or, in the case of Operation High Roller, cash.
What is Operation High Roller?
Security analysts named the ongoing bank hacking scheme Operation High Roller, since it exclusively targets bank accounts with extremely large balances. The group behind the hacks has stolen vast sums of cash around the world since the programs started running in early 2011 – what could their motivation be? According to Ryan Sherstobitoff, co-author of this illuminating white paper, it’s all about the money. He tells Decoded Science that, “Money has always been the motivation, and with high rollers, they can take larger sums of money without being noticed.”
Using Computers To Steal
When a live person attempts to tamper with a banking transaction, the process is limited by a number of human factors, such as the hacker’s skill and speed, and the potential for operator error. A computer program, however, is able to accomplish complex functions swiftly. Once a high-balance account has been chosen, the owner of the account is sent a phishing email containing a link. If the user follows the link, the malicious code gains access to the user’s computer, and waits for the user to log in to the banking site. The High Roller program then executes when the user logs in and provides the necessary authentication information. In essence, the malware injects itself into the transaction, moving or removing funds while the user waits, thinking that the login process is completing.
Ryan explains further, that “the theft occurs while the user is waiting to login to online banking. The malware simulates the process of capturing 2-factor authentication in the context of login as opposed to the context of validating a transaction. So the victim thinks the bank updated their security and now is asking for it at login as opposed to at the transaction stage.”
Not only can the program steal your money right from under your nose, the code actually makes the theft disappear on that particular computer. In other words, if your computer is infected, the code will hide all traces of the fraudulent transactions, including notification emails and accurate transaction data. You’ll only see the transaction or diminished account balance if you log in via a different computer or mobile device, or if you call your bank to check your balance.
Decoding Science. One article at a time.