Operation High Roller was a series of fraud in the banking system in different parts of the world that used cyber-collection agents in order to collect PC and smart-phone information to electronically raid bank accounts.[1] It was dissected in 2012 by McAfee and Guardian Analytics.[2] A total of roughly $78 million was siphoned out of bank accounts due to this attack.[3] The attackers were operating from servers in Russia, Albania and China to carry out electronic fund transfers.[4]

Specifications

edit

This cyber attack is described to have the following features:[5]

  • Bypassed Chip and PIN authentication.
  • Required no human participation.
  • Instruction came from cloud-based servers (rather than the hacker's PC) to further hide the identity of the attacker.
  • Included elements of "insider levels of understanding".
  • Banks in Europe, the United States and Colombia were targeted.
  • Impacted several classes of financial institution such as credit unions, large global banks, regional banks, and high-net-worth individuals.

While some sources have suggested it to be an extension of man-in-the-browser attack[6] Operation High Roller is reported to have harnessed a more extensive level of automation distinguishing it from the traditional methods.[7]

See also

edit

References

edit
  1. ^ Rachael King (June 26, 2012). "Operation high roller targets corporate bank accounts". Wall Street Journal.
  2. ^ "Operation high roller auto-targets bank funds". CNET News.
  3. ^ "How exactly do cyber criminals steal $78 million?". Time magazine (online) Business and Money. July 3, 2012.
  4. ^ Danielle Walker (October 29, 2012). ""High roller" fraud campaign persists, origin revealed". SC Magazine. Archived from the original on 2012-11-01.
  5. ^ Michael Rundle (June 26, 2012). "Operation high roller". Huffington Post.
  6. ^ ""High roller" hacker attack is stealing hundreds of millions from the rich". DailyTech. June 26, 2012. Archived from the original on 2012-06-30.
  7. ^ "'Operation high roller' stole from the rich to give to unknown auto-mule crims in the cloud". The Register. June 27, 2012.
edit