American banks will reportedly face a massive cyberattack in coming weeks. A Russian-speaking hacker is organizing a massive trojan attack based around fraudulent wire transfers--and American banks appear to be at the center of the raid. Mor Ahuvia of security firm RSA reports that botmasters are now being recruited for the complicated attack, which functions almost like a criminal startup. Prior versions of the trojan to be used in the planned heist has already been used to siphon more than $5 million from U.S. bank accounts since 2008.
The cybercriminal at the center of the project, “vorVzakone,” (or Thief-in-Law in Russian), is recruiting participants through Underweb forums. Botmasters who agree to participate in the project will receive a share of profits in exchange for participation. U.S. banks were allegedly chosen (as Ahuvia puts it) for “anti-American motives,” but domestic banks also have a gaping security hole. The vorVzakone team is planning to flood American banks with fraudulent wire transfers. While banks in Europe require two-factor authentication for wire transfers, American banks do only in rare circumstances.
Security researcher Brian Krebs reports that the cyberattack will allegedly ingeniously distract American victims. Account holders' phone lines will be flooded, preventing them from receiving confirmation calls or text messages from their banks while their accounts are siphoned. According to a screenshot acquired by Krebs, account holders at major American financial institutions such as TD Ameritrade, Bank of America, Capital One, Chase, PNC Bank, and Wells Fargo are at risk.
This being 2012, vorVzakone even made a video clip to show how victims' phone lines will be flooded via Skype.
For Russian speakers, vorVzakone even made a YouTube clip explaining much of his scheme.
Kaspersky Labs' ThreatPost blog notes that the Russian attack, which is called “Project Blitzkrieg,” comes fresh on the heels of sustained DDoS attacks on American banks. VorVzakone's team claims to use a proprietary trojan called Gozi Prinimalka, which will complete fraudulent wire transfers through manual session-hijacking scenarios.
There are several anomalous factors surrounding the threatened bank trojan attack. It is highly unusual for cybercriminals such as vorVzakone to make self-promoting YouTube videos and to post help-wanted ads for accomplices online, and it is equally unusual for prominent firms such as RSA to go public before an attack actually takes place. One thing is for sure: The security breaches that the Russian hackers claim they will exploit exist in America--but not in the European Union, where more stringent regulations exist.
[Image: Vault Door via Shutterstock]