Hacking a bank: ‘Low risks, high returns’
Banks use information systems to keep record of all the transactions that happen. This system is created by humans. Does this mean it is possible to hack it? And I am not talking about the ‘simple’ hacking. Like phishing, where the perpetrator sends out legitimate-looking email in an attempt to gather personal and financial information from recipients. I am talking about the real deal: getting into the system of a bank.
This year, hackers stole 650 million pounds of 100 financial institutions. The hackers infected the internal systems of several banks with malware, which enabled the hackers to see video feeds from supposed secure offices. After they discovered the banks cash handling routines, they transferred millions of pounds into dummy accounts, which were created by electronically pretending to be a bank employee (Telegraph, 2015). This hack is known as the biggest bank raid in history.
A few years earlier, in 2013, hackers broke into the system of two banks and increased the credit card limits of customer. They made copies of the physical credit cards, which they used to get money out of ATMs. In a few hours 45.000 withdrawals from ATMs were made by accomplices. The total estimated damage is 34,3 million euro. Some of the accomplices were caught, but the hackers are still as free as a bird (NU.nl, 2013).
I bet there are hackers active right now in internal systems of the banks. These hackers are not found yet, or will never be found. The hackers who stole 650 million pounds made the mistake to let a cash machine spit out money at random times. If this mistake was not made, the chance that they were discovered would be very small. After the cash machines spitted out money, the bank informed Kaspersky Lab, a Russian cybersecurity firm. They found out about the hack and made the following statement: ‘The plot marks the beginning of a new stage in the evolution of cybercriminal activity, where malicious users steal money directly from banks, and avoid targeting end users’ (Telegraph, 2015).
Being a cybercriminal is a very lucrative business. The chance of being caught is low and the returns are high. None of the hackers got caught, only some of the helpers. So is it possible to hack a bank? Yes, and as long as they do not detect you, it never happened.
Telegraph (2015) ‘Hackers steal 650 million in worlds biggest bank raid’ http://www.telegraph.co.uk/news/uknews/crime/11414191/Hackers-steal-650-million-in-worlds-biggest-bank-raid.html, 9 October 2015
NU.nl (2013) ‘Hackers stelen in uren 34,3 miljoen euro bij banken’ http://www.nu.nl/internet/3418844/hackers-stelen-in-uren-343-miljoen-euro-bij-banken.html, 9 October 2015