Hacker behind bank cyber heist plot gets cold feet

Share this article:

The Russian hacker who was openly recruiting for a coordinated online raid of some 30 banks in the United States has scrapped the plan because he believes the authorities may have caught up to him.

"After all the media hype, it appears that the guy who planned and headed the attack kind of got cold feet about the whole thing," said Daniel Cohen, who heads business development in security firm RSA's managed threat services division. "He was worried about an international law enforcement case against him."

Based on an analysis of "underground chatter," researchers determined in early October that a Russian-speaking cyber gang -- apparently led by a hacker known as "vorVzacone" -- was preparing to launch a large-scale attack in which fraudsters would infect victims' computers with a trojan similar to Gozi, enabling the swindlers to initiate unauthorized wire transfers on their behalf by hijacking live banking sessions.

RSA said that if the plan worked out, it would have been one of the largest-ever coordinated attacks against American financial institutions. According to initial chatter, the ring relied on scores of botmasters, who would have controlled a segment of computers infected with the trojan being used, dubbed "Gozi Prinimalka." Additionally, the botmasters would have been trained in how to deliver instructions to compromised endpoints, with the goal of performing man-in-the-middle bank transfers. 

A few weeks after the media stories hit, Cohen said the hacker took to the same Russian-language forum on which he initially announced the operation to call it off. In addition, one of the hacker's original team members -- the person who would have been responsible for flooding victims' phones with traffic so they couldn't respond to their banks' out-of-band authentication requests -- posted on the forum that he was looking for new work.

The attack still may happen, but it appears that vorVzacone will not be as brash the next time around.

"He's retreated to the deeper web and could be planning the attack more secretly," Cohen said. "Only time will tell. This guy already has a record behind him for doing cyber crime and cyber fraud. It was a very grandiose plan, but it did seem doable from a technical point of view."

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Popular Science served up Rig Exploit Kit on its website

The monthly science magazine served up malicious code to readers earlier this week and has remedied the issue.

Deloitte releases paper on vetting leaks, avoiding costly hoax

Deloitte releases paper on vetting leaks, avoiding costly ...

The research presents techniques for distinguishing legit data leaks from false claims.

Attack on White House systems breached unclassified networks

The White House experienced a sustained cyberattack on its systems that impacted its network for nearly two weeks.