Banking Blog

Finance Blogs » Banking Blog » Banks vs. cybercriminals

Banks vs. cybercriminals

By David McMillin ·
Saturday, December 15, 2012
Posted: 6 am ET

In a scheme traced to a Russian computer and a hacker who calls himself "vorVzakone," 30 U.S. banks are under the threat of attack by a gang of international computer criminals.

While this may sound like something from a fictional James Bond movie, the plot looks to be very real. According to a white paper issued by security technology company McAfee, the banking industry needs to prepare for an attack that could wipe out hundreds of millions of dollars. The attacks fall under the umbrella of Project Blitzkrieg, and rumors of its authenticity have been swirling for some time. According to McAfee's extensive research, the rumors are true.

"McAfee Labs believes that Project Blitzkrieg is a credible threat to the financial industry and appears to be moving forward as planned," writes Ryan Sherstobitoff, a threats researcher with McAfee Labs.

In fact, it looks as though there already have been at least 300 victims in the U.S.

What can you do to protect yourself? Other than closely monitor your balance to immediately report any stolen funds, not much. This isn't as simple as a hacker uncovering your credit card info and going on a shopping spree. It involves techniques such as so-called victim machine cloning and webinjects. It's up to banks to protect you from these kinds of sophisticated cybercrimes. It's part of the reason that you pay bank fees. Financial institutions have to invest in resources that can fend off these malicious activities, and those resources cost a lot of money.

The banking industry has been under attack this year. Just a few months ago, all of the major U.S. banks suffered massive distributed denial of service attacks that prevented account holders from accessing bank websites. While big banks were the targets of those attacks, Sherstobitoff suggests that this attack could be geared toward small banks, too. He writes that Project Blitzkrieg may target "smaller financial institutions in the hope of exploiting their lack of expertise in dealing with such incidents."

What do you think of the news? Are banks winning the war against cybercriminals?

Bankrate wants to hear from you and encourages comments. We ask that you stay on topic, respect other people's opinions, and avoid profanity, offensive statements, and illegal content. Please keep in mind that we reserve the right to (but are not obligated to) edit or delete your comments. Please avoid posting private or confidential information, and also keep in mind that anything you post may be disclosed, published, transmitted or reused.

By submitting a post, you agree to be bound by Bankrate's terms of use. Please refer to Bankrate's privacy policy for more information regarding Bankrate's privacy practices.
Joan Glassman
December 18, 2012 at 1:10 pm

I can't believe if these crooks can crack a bank code we cannot
stop them. I sure there are plenty of cyberbrains here that
can have defenses put in. I sure these are all coming from
Africa. Come on banks, don't wait for an attack. I sure there is nothing like a American brain. FOR EVERY ATTACK, REACT.

Nancy Mc
December 18, 2012 at 1:08 pm

Let's have a list of the 30 banks.

December 18, 2012 at 12:31 pm

Sooo, who are the 30 banks? This story is a piece of garbage. If you can't provide the bank names then don't give a misleading headline.

December 18, 2012 at 11:41 am

I think serious cybercrime should be a capital offense.

Marla Moore
December 18, 2012 at 11:40 am


December 18, 2012 at 10:28 am

Can't imagine what kind of bank Thomas used...if it happened. Several months ago, my debit card number was somehow compromised(not the pin though). A little over 500.00 was charged against my chk'g acct. My bank noticed these charges were unusual for me. (I've been with them for over 20 yrs, they know I rarely used my atm as a debit card or access funds from other than my bank atm) They called me and ask for verification of these charges. I refuted them, signed a deposition and within 4 days the charges were dropped against my acct. A new debit/atm card was issued. I never lost a 1.00. So as another layer of safety, stick with your bank so they get to know you. Use credit card or cash for purchases rather than debit. Sticking with one major credit card vendor holds true too. Mine is with a credit union. Have been with them for over 20 years. They know my spending habits and frequently call for verification on certain purchases out of the ordinary for me. This is worth far more than any "deal" to switch banks or credit cards.....

Kondo Kev
December 18, 2012 at 9:23 am

Yes, & never use a credit card when you're out in town with your old lady wining & dining her fat ass from restaurant, to a movie, whatever it might be. Always bring a "wad" with you. I saw a television show that waiters/waitresses conceal this tiny device that they swipe your card so quickly in the palm of their hand & swipe your card when you're not in sight of it. It's done in a blink of an eye, maybe quicker. They actually slowed down the presentation of the show to show you how quickly it's done. Amazing if you're a theif. Just simply amazing !
It shows you how technology has come over the years & keeps on coming, sometimes (& almost always) in the crooks hand. It was built for concealment. I couldn't beleive how easy it is to get ones credit card numbers. They fill this device with the customers' credit card numbers, then they turn it over to the "Master Thief", who in turns, pays them very well, If you're a theif, that's gonna pay your utilities bills for ya. Plus your car payment, your boat payment, looks like a huge atomic bomb just ready to explode.

Carol Dorn
December 18, 2012 at 9:15 am

What is the name of the 30 banks, so people could be aware. Thanks Carol Dorn

Nick S.
December 18, 2012 at 9:13 am

One other note - it is similar to a handheld device, which holds all the banking information of a customer - whether there are sufficient funds, whether the card has been stolen, expired whatever - at the end of the day, the merchant plugs this device into a computer which then hooks up to the mainframe and does it's computing duties. Rarely, is there any mistake made by the data on the handheld - so merchants are guaranteed payment. Banks are protected through fraud alerts and it all works fairly well.

Or being similar to the trustworthiness of writing a check - checks float in the system about 7 days, through clearing houses - at the end of the process, good checks clear and bad ones fail.

It's about checks and balances - good computing, good virus protection software coupled with other methods are most certainly guarantees minimal assault impact.

Nick S.
December 18, 2012 at 9:03 am

Adam Banker - The end trail of the money usually ends up in a country with no law, or corresponding relations with the rest of the banking world. Criminals figuratively walk in with a license to steal and no-one to arrest them, in countries like Kenya or Sudan and other lawless states. Then they shift these funds to other banks in countries where they have legitimacy and no questions asked policies because funds come from seemingly legitimate accounts elsewhere.

Seems to me, most banking would be done off of the mainframe on clone sites, and then scanned for viruses, hacked accounts and suspicious banking activity before being plugged back into the mainframe. Any portion of which could be put on hold, corrected or remedied prior to being put back into the mainframe system.

Just a thought.