Russian mafia gangs are trying to grabup to £48 million from the bank accounts of wealthy businesses and consumers with a sophisticated online scam.
Internet security firm McAffee and Guardian Analytics revealed crooks behind Operation High Roller are siphoning millions from high net worth bank accounts – and have snatched dozens of hauls worth up to £83,000 a time.
Around 16 separate online gangs have tried to hack security at more than 60 financial institutions worldwide from a network of servers working through a computer system in California which is accessed remotely from Moscow.
The security firm says money is switched from a bank account to another phoney account or on to a prepaid debit card.
Worringly, say the investigators, the fraud is the first known case of criminals successfully bypassing a two-tier log-on system that involves a password and code generated from a smartcard reader.
Hacking attacks by the gangs have been reported in Italy, Germany, Holland and Colombia.
In most cases, the fraudsters have actively planted malware like Zeus or SpyEye in attacked computers.
These programs log keyboard strokes and victims are unaware that they are under attack. The thefts are mostly automated and require no intervention from one of the gang.
McAffee is urging banks to check security software is properly installed and active to avoid the hackers breaking in to their network.
Once inside the system, the crooks can roam between accounts and steal multiple amounts set as a percentage of the cash balance.
“The advanced methods discovered in Operation High Roller show fraudsters moving toward cloud-based servers with multi-faceted automation in a global fraud campaign,” said David Marcus, director of security research for McAfee Labs.
“Criminals have moved from multi-purpose botnet servers to using servers purpose-built and dedicated to processing fraudulent transactions that lets them move faster, avoid detection more easily and stay online for longer.”
