Denial of service attacks used to cover up fraudulent bank transfers

Brian Krebs documents a sophisticated offline/online attack on banks. Thieves combine a fraudulent wire-transfer to an innocent jewelry store with a denial-of-service attack on the bank that ties up the IT and other staff. The jeweler has been told that the money is to buy expensive jewels and watches, which are given to a stooge recruited as a courier and reshipper.

The bureau says the attacks coincide with corporate account takeovers perpetrated by thieves who are using a modified version of the ZeuS Trojan called “Gameover.” The rash of thefts come after a series of heavy spam campaigns aimed at deploying the malware, which arrives disguised as an email from the National Automated Clearing House Association (NACHA), a not-for-profit group that develops operating rules for organizations that handle electronic payments. The ZeuS variant steals passwords and gives attackers direct access to the victim’s PC and network.

In several recent attacks, as soon as thieves wired money out of a victim organization’s account, the victim’s public-facing Internet address was targeted by a network attack, leaving employees at the organization unable to browse the Web.

A few of the attacks have included an odd twist that appears to indicate the perpetrators are using money mules in the United States for at least a portion of the heists. According to an FBI advisory, some of the unauthorized wire transfers from victim organizations have been transmitted directly to high-end jewelry stores, “wherein the money mule comes to the actual store to pick up his $100K in jewels (or whatever dollar amount was wired).”

DDoS Attacks Spell ‘Gameover’ for Banks, Victims in Cyber Heists



  1. This is likely to become a huge hassle.  Is there any estimate of the impact that all ongoing DDOS attacks have on the rest of the web?  Is it a significant amount of the total number of packets?

    Edited to add…

    Just a few stories later on my morning rss reading is slashdot reporting that Anonymous is threatening a Robin Hood campaign against banks by mass donations to charities using stolen credit card information.

    It seems pretty clear that the card holders and the charities would be the ones who’d suffer, not the banks, but it would be a typical Anon strategy to add DDOS to the mix.

    I’ve been writing some fiction in which a primary tactic used between battling high-frequency trading hedge funds is similarly DDOSing (through botnets) the others to create a layer of information lag in markets that opens an arbitrage window.  I guess I’d better just send it out soon before it becomes a standard technique in real life.  It’s suspected to already be a factor in the markets via surges of quote-requests that never develop into transactions.

Comments are closed.