Okay, so this is a crazy thing that is developing in the world of cyber-terrorism with a lot of technical aspects so I’m just going to summarize. There is a “Criminal Startup” based in Russia, that’s offering hackers from around the globe, a share in the revenue gained by participating in a mass trojan attack on US Banks. Something pretty common w/ US Banks is that they only reguire a single factor confirmation to transfer funds from their accounts, as opposed to European Banks that usually do a double confirmation. These hackers have a proprietary trojan tool that they’ve already used to siphon about $5 million dollars in trial runs in the past.
Here’s the crazy part of their plan, while you are having your bank accounts siphoned, the banks won’t be able to contact you because the hackers are using a bot to Skype your lines and jamming up the works. Once the dust settles, theoretically, billions of dollars will be drained from US Citizens. Some of the banks in direct danger (according to several sources) are: TD Ameritrade, Bank of America, Capital One, Chase, PNC Bank, and Wells Fargo. There are a few stories online talking about this attack, which is also unique in that this hacker group is soliciting hackers via online advertisements and even YouTube videos.
If you’d like to see the face of the guy that cooked up this whole scheme, here you go…
American banks will reportedly face a massive cyberattack in coming weeks. A Russian-speaking hacker is organizing a massive trojan attack based around fraudulent wire transfers–and American banks appear to be at the center of the raid. Mor Ahuvia of security firm RSA reports that botmasters are now being recruited for the complicated attack, which functions almost like a criminal startup. Prior versions of the trojan to be used in the planned heist has already been used to siphon more than $5 million from U.S. bank accounts since 2008.
The cybercriminal at the center of the project, “vorVzakone,” (or Thief-in-Law in Russian), is recruiting participants through Underweb forums. Botmasters who agree to participate in the project will receive a share of profits in exchange for participation. U.S. banks were allegedly chosen (as Ahuvia puts it) for “anti-American motives,” but domestic banks also have a gaping security hole. The vorVzakone team is planning to flood American banks with fraudulent wire transfers. While banks in Europe require two-factor authentication for wire transfers, American banks do only in rare circumstances.
Security researcher Brian Krebs reports that the cyberattack will allegedly ingeniously distract American victims. Account holders’ phone lines will be flooded, preventing them from receiving confirmation calls or text messages from their banks while their accounts are siphoned. According to a screenshot acquired by Krebs, account holders at major American financial institutions such as TD Ameritrade, Bank of America, Capital One, Chase, PNC Bank, and Wells Fargo are at risk.