$1bn Stolen In World’s Biggest Cyber Heist

Bank finance © Paul Fleet Shutterstock 2012

Up to $1bn stolen from banks and financial institutions worldwide over the past two years

A cyber-crime ring has stolen almost $1bn (£648m) from banks and financial institutions in 30 countries over the past two years, in one of the world’s biggest bank heists to date, according to security firm Kaspersky Lab.

The “unprecedented” thefts were carried out using malware that infected the internal systems of up to 100 organisations, mostly in Russia, but also in countries including the US, Germany, China, the Ukraine and Canada, according to the firm.

cyber crime

A gang with members in Russia, the Ukraine and China used information obtained by the malware to transfer funds to accounts in other countries or to cause cash machines to dispense funds at predetermined times, according to Kaspersky.

The thefts were limited to $10m per incident, but Kaspersky said it has seen evidence of at least $300m in stolen funds caused by the gang, and said the total so far could be up to $1bn.

One bank lost $7.3m through cash machine withdrawals alone, according to the report.

In the report, Kaspersky said the thefts mark a new stage of sophistication in cyber-crime in which “malicious users steal money directly from banks and avoid targeting end users”.

On average, each theft took between two and four months, as the criminals patiently studied the target’s routines, so that the theft would not attract notice, Kaspersky said.


The criminals used booby-trapped emails to infect users’ computers with the Carbanak malware, which allowed them to install software that could send back video and screenshots of a users’ screens.

“These attacks again underline the fact that criminals will exploit any vulnerability in any system,” stated Sanjay Virmani, director of Interpol’s digital crime centre, which worked with Kaspersky on the investigation.

No affected bank has come forward so far to acknowledge a theft, and Kaspersky said its nondisclosure agreements with clients don’t permit it to name the organisations involved.

The Financial Services Information Sharing and Analysis Centre, an industry consortium that alerts banks about criminal activity, said members were briefed about Kaspersky’s report last month.

“We cannot comment on individual actions our members have taken, but on balance we believe our members are taking appropriate actions to prevent and detect these kinds of attacks and minimise any effects on their customers,” the group said in a statement.

Are you a security pro? Try our quiz!