Hackers Hit 100 Banks in ‘Unprecedented’ $1 Billion Cyber Heist: Kaspersky Lab

Here is an almost unbelievable story about a HUGE bank robbery that took place over a period of several months. If TPTB wanted to give the sheep a reason to ditch the old banking system, this is it. (Take special note of the name, Anunak Hackers Group) -LW


By Mike Lennon on February 15, 2015

A multinational gang of cybercriminals infiltrated more than 100 banks across 30 countries and made off with up to one billion dollars over a period of roughly two years, Kaspersky Lab said on Saturday.

Kaspersky Lab, INTERPOL, Europol and authorities from different countries joined forces to to uncover the plot, which is being called an “unprecedented cyber robbery.”

In a report obtained by SecurityWeek that is scheduled to be released Monday at Kaspersky Lab’s Security Analyst Summit (SAS) in Cancun, Mexico, researchers described a Hollywood style scheme where attackers used an arsenal of attack tools and techniques to siphon massive amounts of money directly from banks rather than targeting end user banking customers. (Update: the report (PDF) has now been released)

Bank Cyber TheftThrough its investigations to date, the security company said it has evidence of roughly $300 million being stolen by the cybercriminals, but believes the total could be upwards of $1 billion.

The criminal gang, dubbed “Carbanak” by the Moscow-based security firm, appears to be a group of cybercriminals from Russia, Ukraine and other parts of Europe and China.

According to Dutch security firm Fox-IT, Carbanak is the same group that was uncovered by Group-IB and Fox-IT in a Dec. 2014 report which referenced the attackers as the “Anunak hackers group”.

Anunak is the name the malware author gave to the main malware used in these attacks, while Carbanak is the name the AV industry gave to the malware, which is a combination of the words “Anunak” and “Carberp”, as the Anunak malware has used code from Carberp, Fox-IT said.

While early versions of Carbanak were based partially on code from Carberp, the latest versions do not appear to use any Carberp source code, according Kaspersky’s report. Source code for the Carberp Trojan was found for sale in the cybercrime underground back in 2013.

The attacks, which are still active according to Kaspersky, focused mainly on banks in Russia, but were also successful against banks in Japan, the Netherlands, Switzerland, United States and other countries.

In most cases, networks were compromised for between two to four months before the attackers made off with stolen funds, the 39-page report said, adding that during that period of time, attackers were able to get access to the right victims and critical systems and learn how to operate their tools and systems to execute the cyber heists.

The security firm estimated that the largest sums were grabbed by hacking into banks and stealing up to ten million dollars in each raid.

According to the report, one victim lost roughly $7.3 million due to ATM fraud, and another lost $10 million as a result of attackers exploiting its online banking platform.

The attackers were very familiar with financial services software and networks, according to Kaspersky researchers, and even programmed the malware to check victim systems for the presence of specialized and specific banking software.

“Only after the presence of banking systems was confirmed, were victims further exploited,” the report said.

So far, attacks against approximately 300 IP addresses around the world have been observed on command and control servers analyzed by Kaspersky Lab.

Map of Carbanak Malware Infections

In some cases involving ATMs, the hackers had direct remote access to the internal ATM networks which they used to remotely withdraw cash. The criminals did not infect the ATMs with malware, but instead used standard utilities to control and test ATM equipment, the report said.

Not surprisingly, in all cases observed by Kaspersky Lab, the attackers used spear phishing attacks to infect systems with the Carbanak malware.

According to the report, the spear phishing emails contained attachments with weaponized Microsoft Word 97 – 2003 (.doc) and Control Panel Applet (.CPL) files. The malicious files exploit Microsoft Office (CVE- 2012-0158 and CVE-2013-3906) and Microsoft Word (CVE- 2014-1761) to execute shellcode, which decrypts and executes the Carbanak backdoor.

After compromising a system, the attackers install additional software such as the Ammyy Remote Administration Tool, or breach SSH servers.

Ammyy was a preferred tool for the attackers abecause it is white listed by many organizations for use by systems administrators.

According to the report, the attackers were able to navigate internal networks and track down administrators’ computers for video surveillance, allowing them to see and record everything that happened on the screens of staff who serviced the cash transfer systems.

“In this way the cyber criminals got to know every last detail of the bank clerks’ work and were able to mimic staff activity in order to transfer money and cash out,” the company said.

Kaspersky researchers said that such video files were found on Command and Control servers. Sensitive bank documents were also found on servers controlling Carbanak, including classified emails, manuals, crypto keys, passwords and more. One file included key verification codes that are used by ATMs to check the integrity of the PIN numbers of its users.

“Once the attackers successfully compromise the victim’s network, the primary internal destinations are money processing services, Automated Teller Machines (ATM) and financial accounts,” the report explained. “In some cases, the attackers used the Society for Worldwide Interbank Financial Telecommunication (SWIFT) network to transfer money to their accounts. In others, Oracle databases were manipulated to open payment or debit card accounts at the same bank or to transfer money between accounts using the online banking system. The ATM network was also used to dispense cash from certain ATMs at certain times where money mules were ready to collect it.”

“These bank heists were surprising because it made no difference to the criminals what software the banks were using. So, even if its software is unique, a bank cannot get complacent. The attackers didn’t even need to hack into the banks’ services: once they got into the network, they learned how to hide their malicious plot behind legitimate actions. It was a very slick and professional cyber-robbery,” said Sergey Golovanov, Principal Security Researcher at Kaspersky Lab’s Global Research and Analysis Team.

While the report goes into much greater detail, Kaspersky summarized how the money was stolen as follows:

  1. When the time came to cash in on their activities, the criminals used online banking or international e-payment systems to transfer money from the banks’ accounts to their own. In the second case the stolen money was deposited with banks in China or the United States. The experts do not rule out the possibility that other banks in other countries were used as receivers.
  2. In other cases cybercriminals penetrated right into the very heart of the accounting systems, inflating account balances before pocketing the extra funds via a fraudulent transaction. For example: if an account has $1,000, the criminals change its value so it has $10,000 and then transfer $9,000 to themselves. The account holder doesn’t suspect a problem because the original $1,000 is still there.
  3. In addition, the cyber thieves seized control of banks’ ATMs and ordered them to dispense cash at a pre-determined time. When the payment was due, one of the gang’s henchmen was waiting beside the machine to collect the ‘voluntary’ payment.

Kaspersky Lab said that based on their analysis, the Carbanak attackers are trying to expand operations to other Baltic and Central Europe countries, the Middle East, Asia and Africa. The company advised financial institutions to have a close look at their networks for the presence of Carbanak immediately.

The report does include an extensive list of Indicators of Compromise and additional details on how to scan and mitigate the attack.

According to the security firm, one of the best methods for detecting Carbanak is to look for “.bin” files in the folder:

..\All users\%AppData%\Mozilla\

Kaspersky also provided a .BAT script for detecting infections in its report.

Carbanak Malware Infects Global Banks

“This is a jarring reminder of how easy it is for even sophisticated enterprises to overlook damaging changes to their cyber infrastructure,” commented Dwayne Melancon, CTO at Tripwire. “Malware leaves a trace when it compromises a system – even custom malware. Unfortunately, most of the times, that mark goes unnoticed because enterprises haven’t established a baseline, or known good state, and aren’t continuously monitoring for changes to that baseline.”

“Not only does this lack of awareness make it easier for criminals to gain a foothold, it makes it difficult, time-consuming, and very expensive to determine which systems can be trusted after-the-fact, and to determine how to remove the contaminated systems from the network,” Melancon added.

Additional details on Carbanak will be disclosed during a presentation by Kaspersky Lab researchers Sergey Golovanov and Sergey Lozhkin, and Peter Zinn, Senior Cybercrime Advisor for the Dutch National High Tech Crime Unit (NHTCU) at the Security Analyst Summit on Monday.

*Updated with reference to Fox-IT report

Source.

The Canadian Banking System Exposed

Bill Abrams tells us that one of the major differences between the US and Canadian banking systems is that the Bank of Canada is accountable to the people, under the Bank of Canada Act, 1934. The COMERS case against the Bank of Canada merely seeks to restore what is already Canadian law. -LW

Great overview of Canadian banking and a clear explanation of how the international private banking cartel hijacked Canada in 1974 by taking control of the issuance of money. This private banking cartel has been robbing Canada blind ever since, and has currently put Canadians into over $600 billion dollars of debt, growing at a rate of $7 million per day ($330,000 an hour).

http://www.debtclock.ca/

The debt is actually the compound interest accumulated by borrowing this printed money from the private central banking cartel. Canada, like any other country, does NOT need private banks to issue it’s nation’s currency … countries can print their own money interest free.

The Case to “Reinstate” the Bank of Canada

D has done a good job of pulling together the details of this HUGE lawsuit against the Bank of Canada. It amazes me that we ever allowed this to happen… Canada was a relatively debt-free nation until we joined the G7 in 1974, and the Bank of Canada was placed under Bilderberg control. Did you know that every Prime Minister since Pierre Elliott Trudeau has been a Bilderberg member?

In some circles, Canada is actually considered to be the 13th district of the US Federal Reserve System. It seems that the Federal Reserve Bank of New York purchased voting interest in the Bank of Canada, back in 1933/34. -LW


This is the background information to the COMER vs Bank of Canada et al  that I discussed on Transpicuous News Midweek report on Wed.  

I will say that from the information given in the videos, I’m not entirely certain I agree with the basis of the law suit-  There are pieces missing in the background, which may derail the final court case.   In my opinion, to come at this suit from this direction, there needs to be brought into the evidence the basic fact of what money is, how it is created, the “strawman” aspect of the value of the people and the “corporatization” of the birth certificates, and most importantly, the inherent fraud of all perceived “Debt”.

…Having said that, In my opinion this is a positive step forward, even if only as a NOTICE to the Government of Canada, England, and the Central Banks of the world, that we are onto their fraud and schemes.   I will continue to follow this story and will update everyone as soon as we have more information. 

d

The Case to “Reinstate” the Bank of Canada

Posted on: February 03, 2015 by M. Oliver Heydorn
Category: Social Credit News

The Case to "Reinstate" the Bank of Canada
There is a very interesting legal case that is playing out in Canada at the moment. William Krehm, Anne Emmett, and Comer (The Committee for Monetary and Economic Reform: http://www.comer.org/) filed a lawsuit on December 12th, 2011, in Federal Court to try to force a restoration of the Bank of Canada to its mandated purposes. In essence, they want the Bank of Canada to provide interest-free loans to the federal, provincial, and municipal governments, as provided for in the Bank of Canada Act. This money would be used to finance public expenditures whenever there is a budgetary deficit. Apparently, the federal government used to borrow interest-free (to at least some extent) from the Bank of Canada up until 1974. At present, governments borrow all of the necessary money (apart from any bonds they may sell to the public) from private banks at the going rate of interest. Canadians are economically burdened with the resultant debt-servicing charges because the Bank of Canada does not make use of its prerogatives in the interests of the Canadian public. The case is being prosecuted by Rocco Galati, who is widely considered to be Canada’s top constitutional lawyer.

The nature of the lawsuit has been explained on www.pressfortruth.ca in the following terms:

“TWO CANADIANS AND A CANADIAN ECONOMIC THINK TANK CONFRONT THE GLOBAL FINANCIAL POWERS IN THE CANADIAN FEDERAL COURT. THE CANADIANS PLEAD FOR DECLARATIONS THAT WOULD RESTORE THE USE OF THE BANK OF CANADA FOR THE BENEFIT OF CANADIANS AND REMOVE IT FROM THE CONTROL OF INTERNATIONAL PRIVATE ENTITIES WHOSE INTERESTS AND DIRECTIVES ARE PLACED ABOVE THE INTEREST OF CANADIANS AND THE PRIMACY OF THE CONSTITUTION OF CANADA

Canadian constitutional lawyer, Rocco Galati, on behalf of Canadians William Krehm, and Ann Emmett, and COMER (Committee for Monetary and Economic Reform) on December 12th, 2011 filed an action in Federal Court, to restore the use of the Bank of Canada to its original purpose, by exercising its public statutory duty and responsibility. That purpose includes making interest free loans to municipal/provincial/federal governments for “human capital” expenditures (education, health, other social services) and /or infrastructure expenditures.The action also constitutionally challenges the government’s fallacious accounting methods in its tabling of the budget by not calculating nor revealing the true and total revenues of the nation before transferring back “tax credits” to corporations and other taxpayers. The Plaintiffs state that since 1974 there has been a gradual but sure slide into the reality that the Bank of Canada and Canada’s monetary and financial policy are dictated by private foreign banks and financial interests contrary to the Bank of Canada Act.

The Plaintiffs state that the Bank of International Settlements (BIS), the Financial Stability Forum (FSF) and the International Monetary Fund (IMF) were all created with the cognizant intent of keeping poorer nations in their place which has now expanded to all nations in that these financial institutions largely succeed in over-riding governments and constitutional orders in countries such as Canada over which they exert financial control.The Plaintiffs state that the meetings of the BIS and Financial Stability Board (FSB) (successor of FSF), their minutes, their discussions and deliberations are secret and not available nor accountable to Parliament, the executive, nor the Canadian public notwithstanding that the Bank of Canada policies directly emanate from these meetings. These organizations are essentially private, foreign entities controlling Canada’s banking system and socio-economic policies.

The Plaintiffs state that the defendants (officials) are unwittingly and /or wittingly, in varying degrees, knowledge and intent engaged in a conspiracy, along with the BIS, FSB, IMF to render impotent the Bank of Canada Act as well as Canadian sovereignty over financial, monetary, and socio-economic policy, and bypass the sovereign rule of Canada through its Parliament by means of banking and financial systems.” http://pressfortruth.ca/top-stories/case-reinstate-bank-canada/

On the 26th of January, 2015, the latest appeal on behalf of the Crown to have the case dismissed was rejected by three judges in Federal Court in Toronto. The Federal government now has 60 days to appeal the decision to the Supreme Court. Cf. http://pressfortruth.ca/top-stories/update-bank-canada-vs-comer/. Interestingly enough, both the case itself and the various developments that have occured are not being covered at all by the mainstream media. While Mr. Galati’s other cases have regularly received wall-to-wall coverage across the country, this particular case, which he believes is probably his most important case to date, has so far been ignored. When questioned about this, Mr. Galati said that he has a firm basis for believing that the Canadian government has requested or ordered that the mainstream media not cover the case (he could not divulge his sources), and that, in his opinion, the government does control the media to a certain extent and on certain limited issues. He also added that he does not believe that we in Canada are living in a democracy. In fact, as far back as 1999, he has been on record as claiming that we have entered a ‘quiet dictatorship.’

As far as its merits are concerned, Mr. Galati said that the case is on solid legal and constitutional grounds and his clients should win. Whether they will win or not is another question. As Mr. Galati has acknowledged: “Not all meritorious cases in our judicial system win”.

Continue Reading HERE:  http://www.socred.org/blogs/view/the-case-to-reinstate-the-bank-of-canada


Additional info from constitutional lawyer Rocco Galati
update COMER VS BOC Jan 2015

Published on 27 Jan 2015

Breaking News, Update on the COMER VS. Bank of Canada law suit,
Jan 26 2015 Today COMER (Committee on Monetary and Economic Reform EST. 1986) and constitutional lawyer Rocco Galati won yet another round of appeals. Galati the most prominent constitutional lawyer in the country says he does not believe Canada is a democracy any longer and that the media is controlled by the government.

Category
News & Politics

Published on Jan 27, 2015
Breaking News, Update on the COMER VS. Bank of Canada law suit,
Jan 26 2015 Today COMER (Committee on Monetary and Economic Reform EST. 1986) and constitutional lawyer Rocco Galati won yet another round of appeals. Galati the most prominent constitutional lawyer in the country says he does not believe Canada is a democracy any longer and that the media is controlled by the government.
Published on Feb 1, 2015

Canadians sued the Bank of Canada and won.

Federal Court of Appeal Decisions

Case name Committee for Monetary and Economic Reform (COMER) v. The Queen
Court (s) Database Federal Court of Appeal Decisions
Date 2015-01-26
Neutral citation 2015 FCA 20
File numbers A-228-14
Date: 20150126

 

Docket: A-228-14
Citation: 2015 FCA 20
CORAM:
RYER J.A.
WEBB J.A.
BOIVIN J.A.
BETWEEN:
COMMITTEE FOR MONETARY AND ECONOMIC REFORM(“COMER”), WILLIAM KREHM, AND ANN EMMETT
Appellants/
Respondents in the Cross-Appeal
and
HER MAJESTY THE QUEEN, THE MINISTER OR FINANCE, THE MINISTER OF NATIONAL REVENUE, THE BANK OF CANADA, THE ATTORNEY GENERAL OF CANADA
Respondents/
Appellants in the Cross-Appeal
Heard at Toronto, Ontario, on Monday, January 26, 2015.
Judgment delivered at Toronto, Ontario, on January 26, 2015.
REASONS FOR JUDGMENT OF THE COURT BY:
RYER J.A.

 

Date: 20150126

 

Docket: A-228-14
Citation: 2015 FCA 20
CORAM:
RYER J.A.
WEBB J.A.
BOIVIN J.A.
BETWEEN:
COMMITTEE FOR MONETARY AND ECONOMIC REFORM(“COMER”), WILLIAM KREHM, AND ANN EMMETT
Appellants/
Respondents in the Cross-Appeal
and
HER MAJESTY THE QUEEN, THE MINISTER OR FINANCE, THE MINISTER OF NATIONAL REVENUE, THE BANK OF CANADA, THE ATTORNEY GENERAL OF CANADA
Respondents/
Appellants in the Cross-Appeal
REASONS FOR JUDGMENT OF THE COURT
(Delivered from the Bench at Toronto, Ontario, on January 26, 2015).

FULL record on Federal Court of Appeals:  http://decisions.fca-caf.gc.ca/fca-caf/decisions/en/item/100762/index.do.
Source.

Transpicuous News Midweek, Feb 4 2015: Crashing Planes, Smoking Documents, Currencies Crashing…. Same ol’ Same ol’

D has a jam-packed rundown of what’s been going on in the global reset that seems to now be in full-force (good and bad). I tried to make the links a little more readable. -LW


As I mentioned on Sunday nights TN Report, if you want to play, if you want to show “them” that you “noticed” and that you want them to take “notice” of you “noticing”…… Send your local, municipal, state/provincial, federal government one of these articles below- they are all about Croatia Writing off the debts of 66,000 of their poorest citizens.

Croatia writes off debts

Source.

Canadian media ordered by Government of Canada not to report on the Federal Court ruling against private central bank

Thanks for this block-buster find, D! -LW


http://decisions.fct-cf.gc.ca/fc-cf/decisions/en/item/72554/index.do

http://www.liveleak.com/view?i=98b_1422999032

The Bank of Canada used to be a government lending institution, creating near interest free loans that built much of Canada’s infrastructure during the 50’s and 60’s. In 1974 at the Bank of International Settlements in Basel Switzerland, Trudeau Sr. was convinced by fellow Bilderberg attendees to dismantle this crucial function of the Bank of Canada, and since then we’ve lost sovereign control of our monetary policies and money supply and government debt at all levels has risen dramatically. This court case challenges the disuse of the Bank of Canada to create money for the public good.
The Federal Court of Canada has ruled against private central banking. Meanwhile, the Harper Govrenment™ has ordered a media black out on this court case. Lets help spread the word!

Full Story and Videos.

No more bailouts: BoE chief says banks won’t be save by taxpayers

Bank of England Governor and chairman of the Financial Stability Board Mark Carney<br />(Reuters / Arnd Wiegmann)

Bank of England Governor and chairman of the Financial Stability Board Mark Carney (Reuters / Arnd Wiegmann)

The new global rules will force creditors to bear banks’ losses, ensuring that taxpayers’ money should never be used again to bail out banks.New rules are being proposed that will force creditors, not taxpayers, to carry the losses of banks deemed “too big to fail.” The plans come after Western taxpayers were asked to pay trillions of dollars to bail out banks in the 2008 financial crisis.

The proposal was unveiled by Mark Carney, chairman of the Switzerland-based Financial Stability Board (FSB) and governor of the Bank of England.

The new rules would require big banks to hold much more money against losses, which Carney called a “watershed” moment, adding that the bailout by the taxpayers in 2008 and 2009 was “totally unfair.”

“Once implemented, these agreements will play important roles in enabling globally systemic banks to be resolved [wound down] without recourse to public subsidy and without disruption to the wider financial system,” he said in a statement.

 Estimated size of implicit subsidy (Bank of England)

Estimated size of implicit subsidy (Bank of England)

Under the new system, bank shareholders and lenders to banks such as bondholders would be the first in line to take the brunt of any future losses, if banks cannot pay creditors out of their own resources. Banks may also be expected to scrap dividends and rein in bonuses.

The new rules are a long way off being implemented, however. They will need to go through consultation and most new rules will only take effect by 2019. They would also require big global banks to hold a minimum amount of cash to make sure they don’t have to run to the government for emergency help.

From January 2019, big global banks like HSBC and Goldman Sachs would have to have an equity buffer of at least 16-20 percent of their risk-weighted assets.

The new buffer, known as total loss absorbing capacity or TLAC, must be at least twice the leverage ratio of a bank.

This is a separate measure of capital to total assets. Some of the buffer must also be held at major overseas subsidiaries to allay fears from regulators outside the country a bank is based in.

AFP Photo / Carl Court

AFP Photo / Carl Court

G20 leaders are expected to back the proposal later this week and it will be under public consultation until February 2 next year. Regulators have already ear marked thirty banks which they say are “systematically important” globally.

Anthony Browne, of the British Bankers’ Association, welcomed the proposals.

“The banking industry strongly supports this work, which is a really important step in ending ‘too big to fail’ and ensuring that never again will taxpayers have to step in to bail out banks,” he said, as quoted by the UK media.

However, David Ereira, a partner at the law firm Linklaters, told Reuters’ that the new rules would not put a stop to large global banksdeemed “too big to fail”getting into difficulty and that a number of politically problematic details still had to be hammered out.

It was revealed in 2011 by the Guardian that since 2007 the UK government had spent £1.162 trillion at various points on bailing out the banks.

One of the banks bailed out by the taxpayer was RBS, which despite also being hit by a number of other scandals, rewarded its top bankers £500 million in bonuses last year.

 

Source.

This Is What Happens When Someone Is Desperate To Sell $750 Million Of Stocks

Submitted by Tyler Durden  on 10/13/2014 23:22 -0400.