Operation High Roller

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

Operation High Roller was a series of fraud in the banking system in different parts of the world that used cyber-collection agents in order to collect PC and smart-phone information to electronically raid bank accounts.[1] It was dissected in 2012 by McAfee and Guardian Analytics.[2] A total of roughly $78 million was siphoned out of bank accounts due to this attack.[3] The attackers were operating from servers in Russia, Albania and China to carry out electronic fund transfers.[4]


This cyber attack is described to have the following features:[5]

  • Bypassed Chip and PIN authentication.
  • Required no human participation.
  • Instruction came from cloud-based servers (rather than the hacker's PC) to further hide the identity of the attacker.
  • Included elements of "insider levels of understanding".
  • Banks in Europe, the United States and Colombia were targeted.
  • Impacted several classes of financial institution such as credit unions, large global banks, regional banks, and high-net-worth individuals.

While some sources have suggested it to be an extension of man-in-the-browser attack[6] Operation High Roller is reported to have harnessed a more extensive level of automation distinguishing it from the traditional methods.[7]

See also[edit]


External links[edit]