The world of cybercrime is complex and far-reaching, and according to a recent RAND Corporation report, cyber black markets are now more profitable than the illegal drug trade. But the danger posed by cyber criminals and hackers goes beyond economic losses.
As President Obama put it at the White House Summit on Cybersecurity and Consumer Protection, “It’s one of the great paradoxes of our time that the very technologies that empower us to do great good can also be used to undermine us, and inflict great harm.”
Just what concessions citizens are willing to make to preserve their security, financial and otherwise, remains to be seen. But there’s no question that cyber criminals are making a huge and dangerous global impact.
A 2014 report from McAfee and the Center for Strategic and International Studies (CSIS) estimates cybercrime’s cost to the global economy to be more than $400 billion per year. The second largest source of direct loss is financial crime, which the report defines as “the theft of financial assets through cyberintrusions.”
A variety of digitally-driven crimes occur every day, from large-scale fraud on Wall Street to hackers ripping off government organizations, corporations, and credit card holders. Whether the cyber criminal’s goal is to make a statement, disrupt a system, or accomplish some kind of personal gain, these crimes can result in enormous damages.
Here, we’ll look at stories of cyber criminals simply intent on stealing gigantic sums of money.
3. Massive ATM card breach (2012-2013)
The loot: $45 million
In 2013, a global gang of cyber criminals succeeded in stealing $45 billion by hacking into a database of prepaid debit cards and subsequently draining thousands of ATMs. After seven were arrested in the U.S., Brooklyn U.S. Attorney Loretta Lynch likened the crime to a “virtual criminal flash mob.” There were two separate attacks, one in December 2012 that reaped $5 million, and one in February 2013, in which $40 million was stolen in just 10 hours. No individuals or businesses lost money as a result of the cyber heist, and only two banks were targeted: Rakbank in the United Arab Emirates and the Bank of Muscat in Oman.
“Ripping off cash, you don’t get that back,” said Ken Pickering of CORE Security. “There are suitcases full of cash floating around now, and that’s just gone.” According to Pickering, banks lose more than $1 billion a year to ATM fraud.
2. The rise of money mule scams (2009)
The loot: $100 million
The money mules scams out of Eastern Europe in 2009, while not orchestrated by one organized cybercrime mob, exploded into a serious criminal force to be reckoned with. The FBI estimated up to $100 million in theft as a result of the scams. Criminals used Trojans like Zeus and URLZone to steal victims’ online banking credentials and wire money to so-called “mules.” These consumers were tricked into agreeing to work-from-home scams and tasked with withdrawing cash and sending it to scammers via Moneygram.
The targeted malware used in these cyber crimes could even cover the perpetrator’s tracks in some cases, by rewriting the online banking statement. As a result, money mule scammers can be difficult to identify, and total damages difficult to calculate. While the losses date back to 2004, the sharp rise in money mule scams in 2009 is thought to account for the bulk of the stolen $100 million.
1. Worldwide cyber bank heist (2013-2015)
The loot: Up to $1 billion
In February 2015, Russian security company Kaspersky Lab reported that a hacking ring had stolen up to $1 billion from more than 100 banks in 30 countries. The ongoing heist is undoubtedly one of biggest bank breaches in history, and some are calling it the biggest ever. The attackers, who started their crime wave in late 2013, seemingly would limit theft to $10 million per bank to avoid detection. According to initial data, the biggest targets have been Russia, the U.S., Germany, China, and Ukraine, although the attackers may be expanding throughout Asia, the Middle East, Africa, and Europe.
Vicente Diaz of Kaspersky said the crimes are unusual because they target the banks themselves, rather than customers’ account information. In most cases, the perpetrators first grow familiar with a bank’s operations by hacking into the system and studying it. Then, they program ATMs to dispense money at specific times or transfer money into fake accounts.
The location of the criminals is still unclear, but some of their servers are based in China. Kaspersky is continuing to work with law enforcement agencies to investigate the large-scale attack.