Monday, 4 May 2015

Cybergang that was behind the $15 million bank robbery has been arrested by the Romanian authorities

The Romanian Directorate for Investigating Organized Crime and Terrorism (DIICOT) has shed light on a new cyber heist by raiding 42 locations in six countries on Sunday. They have detained 25 people whom they suspect to be part of a 52 member international cyber gang which could include the individuals not only from Romania but also from various other parts of the globe.
The Romanian authorities suspect that these hackers could have hacked the banks to clone the payment cards which were then used in various ATMs across the world to steal more than $15 million.
As per DIICOT, the required data to clone the cards was obtained by hacking the computer systems  from banks in the US (Puerto Rico) and in Muscat, the capital city of Oman. Further it seems the criminals targeted the accounts which belonged to large corporations and successfully extracted the payment card data of these accounts which they then used to create fraudulent cards. These cloned fraud copies of cards were later distributed to the members of the cyber gang. The members in turn used the cloned cards to withdraw money from ATMs across different International countries.
As per the Romanian authorities, it seems the cyber gang were well coordinated and they properly chalked out the withdrawals in batches over a shorter intervals and also it was planned out on ‘non business’ days of the financial institutions (banks).
For example: On February 20th 2013, $9 million/ €8.3 million was withdrawn from the ATMs across Japan by these criminals. Similarly, on December 2nd 2013, the gang hit almost 4,200 transactions that totaled to $ 5 million / €4.6 million in cash from ATMs across 15 Romanian cities. This clearly indicates that within a year the gang made almost 34,000 ATM transactions in 24 countries.
The DIICOT further added that the gang also were able to carry out their fraudulent withdrawals in US, UK, Germany, Italy, Spain, Netherlands, Canada, Colombia, Dominican Republic, Mexico, Indonesia, Egypt, Malaysia, Russia, Sri Lanka, Thailand, Ukraine, the United Arab Emirates, Pakistan, and Latvia.
On Sunday, the Romanian authorities carried out the execution in six cities that included 42 house searches. Police have seized 16 laptops, smartphones which were used for the heinous activity by the gang members. Further, the authorities also seized 2 kg / 4.4 lbs of gold bars, €150,000 / $163,000 in cash and paintings. It seems the money acquired from the heist was also invested into real estate and other valuable goods by the group leaders, for now these all have been placed under restrictions till further investigations, as told by DIICOT.
Also this is not a first cyber heist, a similar scenario was seen when a gang known as Carbanak was successful in stealing $ 1 billion from various banks and other financial institutions across 25 countries. The researchers at Kaspersky Lab, in February, reported the actual technique that was used by the criminals. As per the report, the criminals used spear phishing method wherein they targeted the victim’s network by sending emails with malicious attachments. With this malware the criminals infected the computers systems of the bank and financial institutions and carefully learnt the internal procedures with which they were able to jump the network until they reached their point of interest which is to extract the money using the infected entity. Since every bank would follow different methods, the infected computer were used to record videos and these shots were sent to the servers of the attackers to learn the commands that is used for withdrawal of money, thus the criminals were successful in their heists.    
One more recent incident is the case of Ryanair, which is still under investigation stages wherein $ 5 millions was stolen from the bank accounts that was used for fuelling the aircrafts.
As per the report from security researchers the general trend seen among organized cybercrooks is to target the banks and large financial institutions instead of the customers to hit bigger heists.

Fulton school district recovers from hacking

 FULTON - The Fulton School District is still recovering from a denial of service hack carried out by one of their students.
The Fulton Police Department announced Friday they arrested Austin Taylor Singleton, 17, who used a thumbdrive with malware to shut the system down.
Fulton Police received a call from Fulton High School advising someone hacked the district's computer network.
Through an investigation, the district's IT department traced the hacking back to a computer in one of the classrooms, where a student was confirmed being logged in on that computer at the time.
Fulton Superintendent Jacque Cowherd said they will prosecute Singleton in order to deter further attempts.
Singleton was arrested and charged with tampering with computer equipment, a class A misdemeanor.
Police said there was no release of any confidential information as a result of the hack.

Ryanair hack sees €4.6m stolen and sent to Chinese bank account

Ryanair has been the victim of cyber theft
European airline Ryanair has admitted falling victim to a hacking attack that saw €4.6m of the company's money transferred to a bank account in China.
Law enforcement agencies and financial organisations have already been alerted to the incident, according to reports, and Ryanair is confident that it will get the money back.
"Ryanair confirms that it has investigated a fraudulent electronic transfer via a Chinese bank last week. The airline has been working with its banks and the relevant authorities and understands that the funds, less than $5m, have now been frozen," the company said.
"The airline expects these funds to be repaid shortly, and has taken steps to ensure that this type of transfer cannot recur. As this matter is subject to legal proceedings, no further comment will be made."
The relevant authority in Ryanair's home country of Ireland is the Criminal Assets Bureau, an independent body with powers similar to the local police.
Like the UK Assets Recovery Agency, the Criminal Assets Bureau focuses on serious crimes and the ability to pursue assets from criminals and compensate victims.
The airline industry benefits and suffers from its use of technology. American Airlines was forced to ground flights this week because of a software problem. British Airways fell victim to an apparent hack in March that affected its most frequent fliers.
The company cleared out some of its user accounts and changed log-ins, but it was revealed that the hack was more of a probe on its systems enabled by a leak from another provider.
"This appears to have been the result of a third party using information obtained elsewhere on the internet, via an automated process, to try to gain access to some accounts,” BA said in a statement at the time.
The incidents underline the perils technology can pose to businesses and the importance of having adequete plans in place should things go wrong.

Hard Rock Casino Credit Card Breach Undetected for 7 Months

Hard Rock Casino Credit Card Breach Undetected for 7 Months
The Hard Rock Casino in Las Vegas has been hit with malware leading to the compromise of credit card data, names and addresses at restaurant, bar and retail locations. The compromise did not affect the hotel or casino transactions. No details regarding the specific malware or other specifics regarding the compromise were provided. The glaring point of this particular breach was that it went undetected for 7 months.
The fact that the compromise was not detected by the hotel itself is not surprising as many retailers have not been able to detect the presence of point-of-sale malware, or exfiltration of card data. Most of the time the retailers discover the breach when the Secret Service or fraud analysts at banks notify them that they have detected credit card fraud patterns, or stolen cards in underground markets that puts their point-of-sale systems as the origin of the breach.
In their statement the Hard Rock Casino did not state how they detected the breach, so it is not clear if they were notified by an agency or bank, or if they identified it on their own.