- Title: Hackers hit Russian bank customers, planned international cyber raids
- Date: 22nd May 2017
- Summary: MOSCOW, RUSSIA (FILE) (REUTERS) VARIOUS OF EXTERIORS OF SBERBANK MAIN OFFICE
- Embargoed: 5th June 2017 17:52
- Keywords: Sberbank Alfa Bank mobile devices cyber raids hackers banks cyber attack Russia
- Location: MOSCOW AND UNKNOWN LOCATION, RUSSIA
- City: MOSCOW AND UNKNOWN LOCATION, RUSSIA
- Country: Russia
- Topics: Crime/Law/Justice,Crime
- Reuters ID: LVA0036HX8BBB
- Aspect Ratio: 16:9
- Story Text: Russian cyber criminals used malware planted on Android mobile devices to steal from domestic bank customers and were planning to target European lenders before their arrest, investigators and sources with knowledge of the case told Reuters.
Their campaign raised a relatively small sum by cyber-crime standards - more than 50 million roubles ($892,000) - but they had also obtained more sophisticated malicious software for a modest monthly fee to go after the clients of banks in France and possibly a range of other western nations.
Russia's relationship to cyber-crime is under intense scrutiny after U.S. intelligence officials alleged that Russian hackers had tried to help Republican Donald Trump win the U.S. presidency by hacking Democratic Party servers.
The Kremlin has repeatedly denied the allegation.
The gang members tricked the Russian banks' customers into downloading malware via fake mobile banking applications, as well as via pornography and e-commerce programmes, according to a report compiled by cyber security firm Group-IB which investigated the attack with the Russian Interior Ministry.
The criminals - 16 suspects were arrested by Russian law enforcement authorities in November last year - infected more than a million smartphones in Russia, on average compromising 3,500 devices a day, Group-IB said.
The hackers targeted customers of state lender Sberbank, and also stole money from accounts at Alfa Bank and online payments company Qiwi, exploiting weaknesses in the companies' SMS text message transfer services, two people with direct knowledge of the case told Reuters.
Although operating only in Russia before their arrest, they had developed plans to target large European banks including French lenders Credit Agricole, BNP Paribas and Societe General, Group-IB said.
The gang, which was called "Cron" after the malware it used, did not steal any funds from customers of the three French banks. However, it exploited the bank service in Russia that allows users to transfer small sums to other accounts by sending an SMS message.
Having infected the users' phones, the gang sent SMS messages from those devices instructing the banks to transfer money to the hackers' own accounts.
Russia's Ministry of internal affairs on Monday (May 22) distributed a video that shows several men being detained. The ministry said a number of people had been arrested, including a man it described as the group's leader - a 30-year-old man living in Ivanovo, an industrial city 300 km (185 miles) northeast of Moscow, from where he had gave orders to a team of 20 people across six different regions.
Four people remain in detention while the others are under house arrest, the ministry said in a statement.
- Copyright Holder: FILE REUTERS (CAN SELL)
- Copyright Notice: (c) Copyright Thomson Reuters 2017. Open For Restrictions - http://about.reuters.com/fulllegal.asp
- Usage Terms/Restrictions: None