Hackers created their own payment system to steal money from all banks


The threat to banks

Law enforcement bodies managed to stop in 2015 attempt large-scale theft of money from almost all banks in Russia. About this stated the head of the “K” to combat crimes in the field of computer security the Ministry of internal Affairs of Russia Alexey Moshkov, reports “Interfax”.

It prevented theft in the past year in the amount of 1.5 billion rubles, said the head of the press service of the “K” Alexander Vurasko. It’s almost 1% of the aggregate profits of banks in 2015 (192 billion rubles). The amount of actual damage is estimated at 400-600 million rubles, but it can grow, as new victims are declared, added Vurasko. Hackers have developed about hundreds of different schemes to steal funds from the accounts of both the banks and their customers. “They have compromised the international payment system — they found the vulnerability and wrote the software that would allow to generate a false payment documents, but the application of this software managed to stop,” says Murasko.

Visa payment system and VisaNet processing network have not been compromised, says the press service of Visa on request . “As we see it, the examples referenced by the representative of the Ministry of internal Affairs of the Russian Federation relate to third-party processing companies that are not related to Visa. So we can not comment on them”, — said in response.

According to Vurasko, hackers almost paralyzed banking system and have compromised a system of exchange of interbank messages (the most used Russian banks to the international system SWIFT, but the interior Ministry does not disclose information, it is or not).

To withdraw funds from the accounts of hackers has created and registered its own payment system. As said Vurasko, it was registered in the foreign jurisdiction and comply with all international standards. “It is possible that the necessary registration documents, the hackers sent an email, in some countries such registration is valid,” he said.

A source in one of the international payment systems suggests that the system could be registered in one of the countries of the CIS. “The law of Europe and the United States does not provide for registration of payment systems,” he adds. Source to another payment system, says that in Asian countries such mode is not available.

The staff of the Ministry of internal Affairs detained a criminal group in November last year. However, in January of this year, two major Russian Bank was again attacked by hackers. It was a new group, but it was associated with arrested in November and consisted of 40-60 people. “Hackers attacked two banks from the first hundred, processing centers of banks gave commands to transfer funds from the accounts, money began to leave the millions, and the Central Bank even had to turn off these banks from BESP,” says Murasko. Members of this group were also detained.

The ideologist of the criminal group — 30-year-old Muscovite with higher education, the name of the Ministry of internal Affairs does not reveal in the interests of the investigation.

Hackers come

Interior Ministry officials say that if the hackers stole the money mostly customers of the banks, but now they are developing such programmes, which allow you to write off money from the accounts of the banks themselves, which they have opened, for example, in other banks.

According to estimates of the Central Bank, in 2014 from the accounts of citizens and companies the hackers wrote off 3.5 billion rubles From the cards, the scammers copied to 1.58 billion rubles Most of the amount (over 1 bln) fraudsters stole via the Internet Bank and mobile application. The volume of illegal transactions through remote channels of servicing, increased by 44.8%. At the end of 2015 the Bank has estimated the damage of Russia from cybercrime at $1 billion, and, as the first Deputy Chairman of the Board Lev Khasis, the bases for reducing the impact of those crimes.

At the beginning of this year, the company Digital Security has released a review in which experts predicted that in 2016, the banks and their customers will face increased hacker attacks — will increase the number of attacks on users using the so-called social engineering, when the scammers encourage users to install their own malicious software. Also in 2016 will increase the number of attacks on customer accounts through attacks on the banks, the company predicted. The attacker can capture various internal systems, including payment systems, platform for payment services, mobile communication, Internet. “Seizing control of such a platform will allow customers to withdraw money directly to e-wallets”, warned earlier the Director of audit security Digital Security Alexey Tyurin.