Threat Management

Hacker behind bank cyber heist plot gets cold feet

The Russian hacker who was openly recruiting for a coordinated online raid of some 30 banks in the United States has scrapped the plan because he believes the authorities may have caught up to him.

"After all the media hype, it appears that the guy who planned and headed the attack kind of got cold feet about the whole thing," said Daniel Cohen, who heads business development in security firm RSA's managed threat services division. "He was worried about an international law enforcement case against him."

Based on an analysis of "underground chatter," researchers determined in early October that a Russian-speaking cyber gang -- apparently led by a hacker known as "vorVzacone" -- was preparing to launch a large-scale attack in which fraudsters would infect victims' computers with a trojan similar to Gozi, enabling the swindlers to initiate unauthorized wire transfers on their behalf by hijacking live banking sessions.

RSA said that if the plan worked out, it would have been one of the largest-ever coordinated attacks against American financial institutions. According to initial chatter, the ring relied on scores of botmasters, who would have controlled a segment of computers infected with the trojan being used, dubbed "Gozi Prinimalka." Additionally, the botmasters would have been trained in how to deliver instructions to compromised endpoints, with the goal of performing man-in-the-middle bank transfers. 

A few weeks after the media stories hit, Cohen said the hacker took to the same Russian-language forum on which he initially announced the operation to call it off. In addition, one of the hacker's original team members -- the person who would have been responsible for flooding victims' phones with traffic so they couldn't respond to their banks' out-of-band authentication requests -- posted on the forum that he was looking for new work.

The attack still may happen, but it appears that vorVzacone will not be as brash the next time around.

"He's retreated to the deeper web and could be planning the attack more secretly," Cohen said. "Only time will tell. This guy already has a record behind him for doing cyber crime and cyber fraud. It was a very grandiose plan, but it did seem doable from a technical point of view."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.