
Hackers’ $81M Sneak Attack on World Banking - graedus
http://www.nytimes.com/2016/05/01/business/dealbook/hackers-81-million-sneak-attack-on-world-banking.html
======
sdneirf
I suspect there's a lot more successful attack that resulted in monetary loss
than meets the media. When I was at a venture-funded startup back in 2011, we
had just raised $15M and on a fri late afternoon, our CFO received an email
that looked like it came from our bank. He clicked on it and was immediately
phished. Between 4-5pm they transferred $3M out of the account in multiple
chunks. The company hasn't set up alerts and the bank, which was a regional
one, did not have sophisticated filters to catch them. Long story short, it
quickly went Dubai, Hong Kong and London. By the time Mon comes around, some
of the money has been re-tranferred again to Asia and Eastern Europe.

~~~
msellout
Did you recover any money? How difficult was the process?

~~~
sdneirf
Super difficult. We recovered 40% from banks who were willing to look at our
evidence. Turns out there was no international banking law that deals with
stuff like this. Banks basically make their own decision whether who's
right/wrong. The banks in Dubai and Far East basically told us to pound sand.
We ended up threatening to sue our regional bank. They covered 20%. So we
ended up losing 40%. The funny thing was FBI was involved. You'd think these
guys are hot to trot. The guy we spoke to basically sounded like a local
policeman whom you just told you lost your bike. "Oh yeah, we are tracking
down leads". Net net, don't hire dumb people who can easily get phished. Once
the money is gone, it almost always never come back. We counted ourselves
lucky that we only lost 40% instead of 100% which is common from what we
learned.

~~~
sdneirf
I should probably write a longer post on this and just throw it up. Sounds
like people might be interested in learning about the experience.

------
tiplus
details here: [http://baesystemsai.blogspot.de/2016/04/two-bytes-
to-951m.ht...](http://baesystemsai.blogspot.de/2016/04/two-bytes-to-951m.html)

------
at-fates-hands
When I read articles like this, I have to believe they have someone on the
inside, or have some inside knowledge as to how the transfers take place and
where the weak points in the process are.

~~~
mephistopheles
I doubt that; they most likely were just a bunch of nerds who recognised the
cheap routers and discovered the vulnerabilities from just playing around with
a laptop and something like Kali Linux.

~~~
detaro
The malware integrated with the SWIFT software, printed manipulated printed
receipts, ...

While it is not impossible that someone random was careful and clever enough
to observe all the details necessary by watching the system for a while, what
is known publicly about the attack IMHO looks more like someone prepared for
an attack against SWIFT and then found a vulnerable endpoint.

------
Waleedasif322
For some reason, this reminded me of the Mastermind from the Atavist series.

