The Carbanak financial heist: Raising the information security stakes

The Carbanak financial heist shows how high the stakes in information security have become for businesses of all sizes.

“The most sophisticated attack the world has seen to date” is how Kaspersky Lab’s North American managing director Chris Doggett describes the massive Carbanak electronic bank fraud that could have cost victims up to a billion dollars.

Using a range of techniques, the Carbanak gang cracked their targets’ networks, right down to monitoring financial firm officers through their computers, and stole money through the banks’ own ATM networks.

“That’s where the money is,” was 1930s bank robber Willie Sutton’s response to being asked why he robbed banks and that is what’s driving the Carbanak gang.

For every Willie Sutton or Carbanak gang there’s a million opportunistic street muggers and script kiddies looking to steal a few dollars from weak targets, though – and this is what the average small business or individual needs to be careful about.

Last week Kaspersky reported that nearly a quarter of all phishing attacks targeted financial data. The amounts being stolen are minuscule compared to Carbanak’s ill-gotten gains but far less work is required to crack a home or small business account.

For any large organisation that hasn’t learned from the Sony or Target hacks, the Carbanak heist should be warning that information security is now a responsibility of executives and boards.

Our customers and staff have entrusted to us to look after their confidential information and all of us have to take care with our data and systems.

Paul Wallbank is the publisher of Networked Globe, his personal blog Decoding The New Economy charts how our society is changing in the connected century.