Tuesday

3rd May 2016

Cyber criminals steal millions from EU banks

  • Fraudsters initiated transfers totaling €35 million from 5,000 Dutch business accounts based in two banks in March. (Photo: UK Ministry of Defence)

Cyber attacks have siphoned off at least €60 million from personal and business accounts in 60 banks located in Europe, the United States, and Latin America.

Security firms Guardian Analytics and McAfee published the findings in a joint report called "Dissecting Operation High Roller" on Tuesday (26 June).

Dear EUobserver reader

Subscribe now for unrestricted access to EUobserver.

Sign up for 30 days' free trial, no obligation. Full subscription only 15 € / month or 150 € / year.

  1. Unlimited access on desktop and mobile
  2. All premium articles, analysis, commentary and investigations
  3. EUobserver archives

EUobserver is the only independent news media covering EU affairs in Brussels and all 28 member states.

♡ We value your support.

If you already have an account click here to login.

High-balance accounts in Italy, Germany and the Netherlands were the initial targets of the attacks before they spread out to the Americas.

The experts say at least €2 billion could have been stolen if the fraud campaign had demonstrated the same level of success against accounts based in The Netherlands.

In March alone, fraudsters initiated transfers totaling €35 million from 5,000 Dutch business accounts based in two banks.

The Guardian Analytics and McAfee study identified 60 servers processing thousands of attempted thefts that initially targeted consumers before moving onto businesses. Every class and size of financial institution was targeted.

In Italy, the accounts targeted held on average between €250,000 to €500,000. Hackers introduced a code in malware that transferred either a fixed percentage or a relatively small fixed amount onto a pre-paid debit card or bank account.

The system was able to bypass, in less than 60 seconds, physical authentication checks such as the smartcard reader common in Europe.

Account holders introduce or swipe their cards in the smartcard to generate security codes and pin numbers to access their accounts online.

"The defeat of two-factor authentication that uses physical devices is a significant breakthrough for the fraudsters. Financial institutions must take this innovation seriously, especially considering that the technique used can be expanded for other forms of physical security devices," say the researchers.

The same system of automated attacks in Italy then began to appear in Germany in January. Nearly €1 million was taken from a total of 176 accounts with average account balances nearing €50,000. The money was transferred to mule accounts in Portugal, Greece, and the United Kingdom.

In unrelated events also on Tuesday (26 June), a US sting operation arrested 24 people in the United States and abroad for buying and selling stolen credit card information.

The scam and thefts occurred in the United States, Canada and 11 European countries, reports the AFP.

Six people were arrested in the United Kingdom, two in Italy, and one each in Bulgaria, Germany and Norway.

The European Commission, for its part, says around one-third of EU citizens were banking online in 2010. The figure has most likely increased since.

It says that people's bank credentials are being sold traded by criminals in Europe for around €60 per account holder, and credit cards for as little as €1.

A European cyber crime centre should become operation in January 2013.

The centre, housed in the premises of Europol in The Hague, will be tasked to identify organised cyber-criminal networks and prominent offenders.

News in Brief

  1. Delays as Brussels airport reopens terminal
  2. MEPs urge extra sanctions on Russian officials
  3. Poland's right-wing leader wants constitutional overhaul
  4. Don't silence media, Council of Europe tells countries
  5. Eurostat: 88,300 lone minors among refugees
  6. EU unemployment lowest in seven years
  7. Nord Stream II will undermine EU security, EPP leader says
  8. Brussels Airport reopens departure hall after attack

Stakeholders' Highlights

  1. European Music CouncilRegister Now for the 6th European Forum on Music in Wroclaw, European Capital of Culture 2016
  2. Belgrade Security ForumJoin Our Team for the 6th Belgrade Security Forum. Apply Now! Deadline May 20
  3. European Roundtable of IndustrialistsCompanies Make Progress on Number of Women in Leadership Roles
  4. Counter BalanceParliament Gets Tough on Control EU Bank's Funds
  5. ICRCSyria: Aleppo on the Brink of Humanitarian Disaster
  6. CESIWorld Day For Health and Safety at Work: Public Sector Workers in The Focus
  7. EFABasque Peace Process-Arnaldo Otegi Visits the European Parliament
  8. EscardioChina Pays Price of Western Lifestyle With Soaring Childhood Obesity
  9. Centre Maurits CoppetiersThe Existence of a State is a Question of Fact, Not a Question of Law
  10. Martens CentreJoin Us at The Event: Prospects For EU Enlargement After 2019
  11. ICRCSyria: Aid for Over 120,000 People Arrives in Besieged Town Near Homs
  12. Counter BalanceHighway to Hell: European Money Fuelling Controversial Infrastructure Projects

Latest News

  1. EU refutes Greenpeace's 'storm in teacup' on US trade
  2. Empty Gazpromises
  3. Russia wary as Nordic states mull closer Nato ties
  4. EU advances Turkey visa deal amid migration fears
  5. German populist party adopts anti-Islam manifesto
  6. TTIP leaks: US undermining EU standards, says Greenpeace
  7. Visas, economy and Charlemagne Prize This WEEK
  8. EU roaming charge cut enters UK referendum campaign