Operation High Roller was a series of fraud in the banking system in different parts of the world that used cyber-collection agents in order to collect PC and smart-phone information to electronically raid bank accounts.[1] It was dissected in 2012 by McAfee and Guardian Analytics.[2] A total of roughly $78 million was siphoned out of bank accounts due to this attack.[3] The attackers were operating from servers in Russia, Albania and China to carry out electronic fund transfers.[4]
Specifications
editThis cyber attack is described to have the following features:[5]
- Bypassed Chip and PIN authentication.
- Required no human participation.
- Instruction came from cloud-based servers (rather than the hacker's PC) to further hide the identity of the attacker.
- Included elements of "insider levels of understanding".
- Banks in Europe, the United States and Colombia were targeted.
- Impacted several classes of financial institution such as credit unions, large global banks, regional banks, and high-net-worth individuals.
While some sources have suggested it to be an extension of man-in-the-browser attack[6] Operation High Roller is reported to have harnessed a more extensive level of automation distinguishing it from the traditional methods.[7]
See also
editReferences
edit- ^ Rachael King (June 26, 2012). "Operation high roller targets corporate bank accounts". Wall Street Journal.
- ^ "Operation high roller auto-targets bank funds". CNET News.
- ^ "How exactly do cyber criminals steal $78 million?". Time magazine (online) Business and Money. July 3, 2012.
- ^ Danielle Walker (October 29, 2012). ""High roller" fraud campaign persists, origin revealed". SC Magazine. Archived from the original on 2012-11-01.
- ^ Michael Rundle (June 26, 2012). "Operation high roller". Huffington Post.
- ^ ""High roller" hacker attack is stealing hundreds of millions from the rich". DailyTech. June 26, 2012. Archived from the original on 2012-06-30.
- ^ "'Operation high roller' stole from the rich to give to unknown auto-mule crims in the cloud". The Register. June 27, 2012.