There are a number of unsolved cases in the area of digital crime. I have looked at one of the most notorious ones to determine what happened and where it went wrong. And try to reflect on what could have been done to either prevent or solve it.

The case I wanted to reflect on were the largest bank-raid of all times, where hackers were able to steal approx. £650 million from banks around the world (Evans, 2015). The attack included installing malware on various bank system networks, so that it could operate undetected in the background and gather information. Once they wanted to deploy the attack, they had gathered enough information so that they could impersonate bank employees and transfer money into dummy accounts. They were also able to make ATMs dispense money at random times during the day. Straight out of a typical fictional hacker movie then.

Now, the technical details of the attack are not known to the public. Probably because they don’t want anyone knowing the formula so that it can be repeated. At least not until they have created countermeasures. But, what is known is that they have used spear phishing to get their malware inside, and from there only using the network and looking at employee routines to carry out the attack.

From what has been speculated by the Kaspersky Lab, the group that performed the attack where Russian, Ukranian, Chinese and Eastern-European (Wallace, 2015). But there has been speculated that this was such a sophisticated attack that there most likely is a government behind this attack. Not only because of the resources needed, but also due to the fact that £650 million must be “laundered” in some way. A criminal network might be able to do this, but the money trails were suspected to lead to Asian banks connected to North Korea (as an example).

So how could this have been avoided? Well. The most basic thing is the human error. In this example the bank employees have clicked on attachments in emails that contained the malware. So the first step would be to make employees not click on emails. I have not found any details about how the malware worked, but seeing there must be some kind of program that were installed – there should have not been a possibility to do that on the users machines. Also, in the report from CNN, it is mentioned that some of the banks are using older Windows versions with known security exploits. But it must have been a very good malware to avoid any detection by the IDS or similar while operating.

 

References:

Evans, M. (2015) Hackers steal £650 million in world’s biggest bank raid
Available at: http://www.telegraph.co.uk/news/uknews/crime/11414191/Hackers-steal-650-million-in-worlds-biggest-bank-raid.html
Accessed: 29 March 2017

Wallace, G. (2015) Hackers stole from 100 banks and rigges ATMs to spew cash
Available at: http://money.cnn.com/2015/02/15/technology/security/kaspersky-bank-hacking
Accessed: 29 March 2017