Operation High Roller
Operation High Roller was a series of fraud in the banking system in different parts of the world that used cyber-collection agents in order to collect PC and smart-phone information to electronically raid bank accounts.[1] It was dissected in 2012 by McAfee and Guardian Analytics.[2] A total of roughly $78 million was siphoned out of bank accounts due to this attack.[3] The attackers were operating from servers in Russia, Albania and China to carry out electronic fund transfers.[4]
Specifications
This cyber attack is described to have the following features:[5]
- Bypassed Chip and PIN authentication.
- Required no human participation.
- Instruction came from cloud-based servers (rather than the hacker's PC) to further hide the identity of the attacker.
- Included elements of "insider levels of understanding".
- Banks in Europe, the United States and Colombia were targeted.
- Impacted several classes of financial institution such as credit unions, large global banks, regional banks, and high-net-worth individuals.
While some sources have suggested it to be an extension of man-in-the-browser attack[6] Operation High Roller is reported to have harnessed a more extensive level of automation distinguishing it from the traditional methods.[7]
See also
References
- ^ Rachael King, Operation High Roller Targets Corporate Bank Accounts, Wall Street Journal, June 26, 2012
- ^ "Operation High Roller auto-targets bank funds", CNET News
- ^ Time magazine (onlie) Business and Money, "How Exactly Do Cyber Criminals Steal $78 Million?", July 3rd 2012
- ^ SC Magazine : "High roller" fraud campaign persists, origin revealed Danielle WalkerOctober 29, 2012
- ^ Huffington Post on Operation High Roller, By Michael Rundle, June 26th 2012
- ^ DailyTech, June 26, 2012, "High Roller" Hacker Attack is Stealing Hundreds of Millions From the Rich
- ^ The Register, June 27th 2012, 'Operation High Roller' stole from the rich to give to unknown auto-mule crims in the cloud