Hacking a bank: ‘Low risks, high returns’

Banks use information systems to keep record of all the transactions that happen. This system is created by humans. Does this mean it is possible to hack it? And I am not talking about the ‘simple’ hacking. Like phishing, where the perpetrator sends out legitimate-looking email in an attempt to gather personal and financial information from recipients. I am talking about the real deal: getting into the system of a bank.

This year, hackers stole 650 million pounds of 100 financial institutions. The hackers infected the internal systems of several banks with malware, which enabled the hackers to see video feeds from supposed secure offices. After they discovered the banks cash handling routines, they transferred millions of pounds into dummy accounts, which were created by electronically pretending to be a bank employee (Telegraph, 2015). This hack is known as the biggest bank raid in history.

A few years earlier, in 2013, hackers broke into the system of two banks and increased the credit card limits of customer. They made copies of the physical credit cards, which they used to get money out of ATMs. In a few hours 45.000 withdrawals from ATMs were made by accomplices. The total estimated damage is 34,3 million euro. Some of the accomplices were caught, but the hackers are still as free as a bird (NU.nl, 2013).

I bet there are hackers active right now in internal systems of the banks. These hackers are not found yet, or will never be found. The hackers who stole 650 million pounds made the mistake to let a cash machine spit out money at random times. If this mistake was not made, the chance that they were discovered would be very small. After the cash machines spitted out money, the bank informed Kaspersky Lab, a Russian cybersecurity firm. They found out about the hack and made the following statement: ‘The plot marks the beginning of a new stage in the evolution of cybercriminal activity, where malicious users steal money directly from banks, and avoid targeting end users’ (Telegraph, 2015).

Being a cybercriminal is a very lucrative business. The chance of being caught is low and the returns are high. None of the hackers got caught, only some of the helpers. So is it possible to hack a bank? Yes, and as long as they do not detect you, it never happened.


Telegraph (2015) ‘Hackers steal 650 million in worlds biggest bank raid’ http://www.telegraph.co.uk/news/uknews/crime/11414191/Hackers-steal-650-million-in-worlds-biggest-bank-raid.html, 9 October 2015

NU.nl (2013) ‘Hackers stelen in uren 34,3 miljoen euro bij banken’ http://www.nu.nl/internet/3418844/hackers-stelen-in-uren-343-miljoen-euro-bij-banken.html, 9 October 2015


2 responses to “Hacking a bank: ‘Low risks, high returns’”

  1. 439290dlrotterdam says :

    Its disturbing to think that so much of our savings and investments are at risk to cyber criminality. I wonder how financial institutions can protect themselves and how governments can help protect these assets. I think there is a vast underinvestment of banks to invest in cyber security when they cant detect when they are getting hacked, and even in some cases are failing to identify the right hackers leading to false positives. It seems to be viewed as a technological issues rather than a serious risk posed to banks.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: