Hacker group has stolen ‘unprecedented’ $1bn

Computer security firm Kaspersky Lab says gang has targeted banks and e-payment systems in 30 countries stealing $10m in each raid

A hacker group has stolen as much as $1 billion from banks and other financial companies worldwide since 2013 in an "unprecedented cyber-robbery," according to computer security firm Kaspersky Lab.

The gang targeted as many as 100 banks, e-payment systems and other financial institutions in 30 countries including the US, China and European nations, stealing as much as $10 million in each raid, Kaspersky Lab, Russia’s largest maker of antivirus software, said in a report.

The Carbanak gang members came from Russia, China, Ukraine and other parts of Europe, and they are still active, it said. “These bank heists were surprising because it made no difference to the criminals what software the banks were using,” said Sergey Golovanov, principal security researcher at Kaspersky Lab’s global research and analysis team. “It was a very slick and professional cyber-robbery.”

The details of the hacking follows news of other attacks on high-profile companies in recent months, including JPMorgan Chase and Co., the biggest U.S. bank; Anthem, the second- biggest U.S. health insurer by market value, and Home Depot, the largest home-improvement chain. In those cases, data rather than money was stolen. The criminals detected by Kaspersky infected bank employees' computers with Carbanak malware, which then spread to internal networks and enabled video surveillance of staff.


That let fraudsters mimic employee activity to transfer and steal money, according to Kaspersky, which said it has been working with Interpol, Europol and other authorities to uncover the plot.

Paul Bresson, a spokesman for the U.S. Federal Bureau of Investigation in Washington, declined to comment on the report. Cash Dispensers The Carbanak gang also used access to banks' networks to seize control of ATMs and order them to dispense cash at certain times to henchmen, Kaspersky said.

In some cases the gang inflated the balance of certain accounts and pocketed the extra funds without arousing immediate suspicion, according to the report. Kaspersky was alerted to the hacking of cash dispensers when the security service of an Eastern European bank showed a video of its ATM dispensing cash to a thief “who wasn’t pushing any button and didn’t even have a banking card,” said Sergey Lozhkin, a senior security researcher at the company, said by phone from Cancun, Mexico.