A study by two online security companies found that sophisticated crime rings are stealing tens of millions of dollars from banks by hacking their computers. The attacks — which once set up, require no human interaction — generally focused on business accounts or high-net worth individuals where money could be "siphoned" off to dummy accounts and then withdrawn before anyone at the bank knows what happened.
The fact that the study comes from two companies who make their living selling security software should always give you some pause, but the report does offer some useful information on the techniques that are currently in vogue with the biggest crime syndicates of the moment. In addition to the usual phishing schemes, where criminals trick customers into turning over control of their accounts or computers, the hackers have also been launching server-based attacks on the banks themselves, exploiting bank computer systems to execute fraudulent transactions and withdraw ten of thousands of dollars from unwatched accounts.
The report says that the highly-organized operation "combines an insider level of understanding of banking transaction systems," suggesting bankers themselves may be teaching the code writers how to execute their schemes in the most efficient and undetectable way possible. The security companies estimate that criminals took at least $78 million over the last year or so, but "If all of the attempted fraud campaigns were as successful as the Netherlands example ... the total attempted fraud could be as high as $2.5 billion."
Anyway you cut it that's a much better success rate than the traditional "stick em up" bank robbery, which another new study says nets an average of just $4,000 per holdup. And nobody shoots bullets or red dye packs at you either. You can download the whole report as a PDF by clicking here.
This article is from the archive of our partner The Wire.