Friday

22nd Jan 2021

Cyber criminals steal millions from EU banks

  • Fraudsters initiated transfers totaling €35 million from 5,000 Dutch business accounts based in two banks in March. (Photo: UK Ministry of Defence)

Cyber attacks have siphoned off at least €60 million from personal and business accounts in 60 banks located in Europe, the United States, and Latin America.

Security firms Guardian Analytics and McAfee published the findings in a joint report called "Dissecting Operation High Roller" on Tuesday (26 June).

Read and decide

Join EUobserver today

Become an expert on Europe

Get instant access to all articles — and 20 years of archives. 14-day free trial.

... or subscribe as a group

High-balance accounts in Italy, Germany and the Netherlands were the initial targets of the attacks before they spread out to the Americas.

The experts say at least €2 billion could have been stolen if the fraud campaign had demonstrated the same level of success against accounts based in The Netherlands.

In March alone, fraudsters initiated transfers totaling €35 million from 5,000 Dutch business accounts based in two banks.

The Guardian Analytics and McAfee study identified 60 servers processing thousands of attempted thefts that initially targeted consumers before moving onto businesses. Every class and size of financial institution was targeted.

In Italy, the accounts targeted held on average between €250,000 to €500,000. Hackers introduced a code in malware that transferred either a fixed percentage or a relatively small fixed amount onto a pre-paid debit card or bank account.

The system was able to bypass, in less than 60 seconds, physical authentication checks such as the smartcard reader common in Europe.

Account holders introduce or swipe their cards in the smartcard to generate security codes and pin numbers to access their accounts online.

"The defeat of two-factor authentication that uses physical devices is a significant breakthrough for the fraudsters. Financial institutions must take this innovation seriously, especially considering that the technique used can be expanded for other forms of physical security devices," say the researchers.

The same system of automated attacks in Italy then began to appear in Germany in January. Nearly €1 million was taken from a total of 176 accounts with average account balances nearing €50,000. The money was transferred to mule accounts in Portugal, Greece, and the United Kingdom.

In unrelated events also on Tuesday (26 June), a US sting operation arrested 24 people in the United States and abroad for buying and selling stolen credit card information.

The scam and thefts occurred in the United States, Canada and 11 European countries, reports the AFP.

Six people were arrested in the United Kingdom, two in Italy, and one each in Bulgaria, Germany and Norway.

The European Commission, for its part, says around one-third of EU citizens were banking online in 2010. The figure has most likely increased since.

It says that people's bank credentials are being sold traded by criminals in Europe for around €60 per account holder, and credit cards for as little as €1.

A European cyber crime centre should become operation in January 2013.

The centre, housed in the premises of Europol in The Hague, will be tasked to identify organised cyber-criminal networks and prominent offenders.

Hackers stole Van Rompuy's emails

Hackers last summer raided the emails of EU Council chief Herman Van Rompuy and 10 other senior EU officials.

MEPs chide Portugal and Council in EU prosecutor dispute

The Belgian and Bulgarian prosecutors who were appointed had also not been the experts' first choice. Belgian prosecutor Jean-Michel Verelst has challenged the council's decision at the European Court of Justice.

EU Commission mulls police access to encrypted apps

The European Commission has not ruled out allowing police access to encrypted services. Instead, it says a balance needs to be found to protect rights while at the same time offering some leeway to law enforcement.

News in Brief

  1. Netherlands imposes curfew to halt new corona variant
  2. Green NGO fails to stop Europe's biggest gas burner
  3. Swedish minister reminds Europe of Russia's war
  4. Spain: Jesuit order apologises for decades of sexual abuse
  5. NGOs urge Borrell to address Egypt rights 'crisis'
  6. EU conflict-area education aid favours boys
  7. EU told to avoid hydrogen in building renovations
  8. Hungary gives initial ok for UK and Russian vaccines

Opinion

Rule-of-law deal: major step for Europe of values

At the very moment when an incumbent president across the Atlantic was carrying out staggering attacks on the foundations of democracy, the European Parliament obtained a historic agreement to protect the rule of law in Europe.

Stakeholders' Highlights

  1. UNESDAEU Code of Conduct can showcase PPPs delivering healthier more sustainable society
  2. CESIKlaus Heeger and Romain Wolff re-elected Secretary General and President of independent trade unions in Europe (CESI)
  3. Nordic Council of MinistersWomen benefit in the digitalised labour market
  4. Nordic Council of MinistersReport: The prevalence of men who use internet forums characterised by misogyny
  5. Nordic Council of MinistersJoin the Nordic climate debate on 17 November!
  6. UNESDAMaking healthier diets the easy choice

Latest News

  1. EU leaders keep open borders, despite new corona variant risk
  2. EU and Cuba appeal for Biden to open up
  3. Portugal's EU presidency marks return of corporate sponsors
  4. MEPs chide Portugal and Council in EU prosecutor dispute
  5. EU warns UK to be 'very careful' in diplomatic status row
  6. A digital euro - could it happen?
  7. US returns to climate deal and WHO, as EU 'rejoices'
  8. Big tech: From Trump's best friend to censorship machine?

Join EUobserver

Support quality EU news

Join us