Hacker behind bank cyber heist plot gets cold feet

Share this article:

The Russian hacker who was openly recruiting for a coordinated online raid of some 30 banks in the United States has scrapped the plan because he believes the authorities may have caught up to him.

"After all the media hype, it appears that the guy who planned and headed the attack kind of got cold feet about the whole thing," said Daniel Cohen, who heads business development in security firm RSA's managed threat services division. "He was worried about an international law enforcement case against him."

Based on an analysis of "underground chatter," researchers determined in early October that a Russian-speaking cyber gang -- apparently led by a hacker known as "vorVzacone" -- was preparing to launch a large-scale attack in which fraudsters would infect victims' computers with a trojan similar to Gozi, enabling the swindlers to initiate unauthorized wire transfers on their behalf by hijacking live banking sessions.

RSA said that if the plan worked out, it would have been one of the largest-ever coordinated attacks against American financial institutions. According to initial chatter, the ring relied on scores of botmasters, who would have controlled a segment of computers infected with the trojan being used, dubbed "Gozi Prinimalka." Additionally, the botmasters would have been trained in how to deliver instructions to compromised endpoints, with the goal of performing man-in-the-middle bank transfers. 

A few weeks after the media stories hit, Cohen said the hacker took to the same Russian-language forum on which he initially announced the operation to call it off. In addition, one of the hacker's original team members -- the person who would have been responsible for flooding victims' phones with traffic so they couldn't respond to their banks' out-of-band authentication requests -- posted on the forum that he was looking for new work.

The attack still may happen, but it appears that vorVzacone will not be as brash the next time around.

"He's retreated to the deeper web and could be planning the attack more secretly," Cohen said. "Only time will tell. This guy already has a record behind him for doing cyber crime and cyber fraud. It was a very grandiose plan, but it did seem doable from a technical point of view."

Share this article:

Sign up to our newsletters

More in News

Brazilian president signs internet 'Bill of Rights' into law

Brazilian president signs internet 'Bill of Rights' into ...

President Dilma Rousseff signed the legislation on Wednesday at the NetMundial conference in Sao Paulo.

Android trojan sends premium SMS messages, targets U.S. users for first time

Android trojan sends premium SMS messages, targets U.S. ...

An SMS trojan for Android, known as FakeInst, has been observed sending premium SMS messages to users all over the world, including, for the first time, the United States.

Report: DDoS up in Q4 2013, vulnerability scanners leveraged to exploit sites

Report: DDoS up in Q4 2013, vulnerability scanners ...

Researchers observed 346 DDoS attacks in the final quarter of 2013 and attackers used Vega and Skipfish vulnerability scanners to exploit web flaws at financial companies.