Inside the Global Banking E- Heist. Uni. Teller is a financial services company that specializes in making international money transfers, servicing a network of some 8. According to an expert in cybersecurity, those banks have potentially been compromised by hackers who have breached Uni. Teller’s network. Robbery Prevention and Procedures. The 10 best bank robbery movies on our. Edward Alexander is a cybersecurity expert who tracks and sometimes prevents digital crime. He has a team of more than 2. Uni. Teller breach. Their beat is the darknet, a large segment of the internet only accessible with special software and often used by criminal groups to conspire and sell illicit goods and services. In 2. 01. 5, Alexander’s team learned that hackers employed by the Chinese regime had begun penetrating the world’s financial systems as early as 2. Also in 2. 01. 5, after having gained high- level access they used to map and mirror the world’s financial system for their official employers, these hackers sought to monetize the information they had gained through private transactions. They sold information on Uni. Teller’s system, and on Banorte, Mexico’s third- largest bank and owner of Uni. Teller, to a group of international cybercriminals. The world learned of this when the central bank of Bangladesh revealed hackers had stolen $8. Now, according to Alexander, this same group is changing its tactics while looking to enlarge its operations. Alexander knows what the criminal group is doing, because his operatives befriended some of its members and gained their trust to such a degree that they chatted about and shared proof of their crimes. This is what Alexander calls “offensive counter- intelligence.”His people learn how to penetrate criminal networks and bring back intelligence that can be used to stop those networks. Banks and other institutions often pay well for such information. Included in the evidence Alexander obtained is a series of screenshots that show the hackers stealing money by way of the Uni. Teller system. Prolonged Bank Robbery. The Fifth Third Bank building in Cincinnati in this file photo. While the criminal group has the tools it needs to access Uni. Teller’s system, they need time, Alexander said, to learn how to exploit the breach. Alexander said the hackers have “traversed into the networks” of banks connected to Uni. Teller, and have begun launching additional attacks to gain deeper access to the connected banks. Alerts. When Alexander saw the attacks begin, he alerted U. S. In response, Alexander said, Guerra blocked Alexander from sending him additional messages on Linked. In.“We have attempted to contact the victim banks to offer our support and intelligence. However, the response received from Fifth Third, Uni. Teller, and Banorte seems to be the standard response worldwide. The firm received the same responses. The individual requested to remain anonymous due to his company’s ongoing investigation into the attacks. Uni. Teller did not respond to two emails from Epoch Times to confirm; and Banorte did not respond to two emails, a phone call, and a voice message. Alexander attempted to alert Fifth Third Bank of the attacks, only to receive an email stating the bank had not been breached and declined his help. Larry Magnesen, spokesperson for Fifth Third Bank, told Epoch Times, “Our team has, with due diligence, evaluated the claim, and there is no reason to be concerned here with respect to Fifth Third Bank.”Alexander notes that Fifth Third Bank’s system has likely not been directly hacked, but has been compromised due to its connection to the Uni. Teller network. A Quiet Response. While Uni. Teller did not respond to Alexander and made no public announcement of the breach, it appears that it did take the warnings seriously. Around June 1, Uni.
Teller’s online services for customers to log in to their accounts and create new accounts were taken offline. As of July 7, the login page was still offline. According to James Scott, senior fellow at the Institute for Critical Infrastructure Technology (ICIT), the three business days Uni. Teller had between the initial alert from Alexander on May 2. Memorial Day weekend) would have likely been “enough time to freeze ongoing transactions and prepare the system for . Figure, the IRS Get. Transcript tool was offline around a year.”After the Uni. Teller service had been down for 1. June 2. 0, Alexander called Uni. Teller’s toll- free customer service number to ask why the service was offline. He was told in the recorded call that “the site is undergoing maintenance.”Meanwhile, Alexander’s darknet investigations showed that while Uni. Teller was likely trying to fix the breach, the hackers were still very much active. Inside the Attacks. The gang member befriended by Alexander’s operatives provided many screenshots showing names of individuals, names of banks, and money transfers. Alexander said the screenshots show the criminals in the process of launching their attacks against Uni. Teller. Scott took time to corroborate the claims, and said the content of the screenshots align with Alexander’s analysis of their contents. He noted that while it would be possible to spoof images such as these, it wouldn’t be something an individual could do on short notice. The images also demonstrate an accurate picture of databases that a financial institution would likely have. A screenshot of a cyberattack shows transactions being made. The screenshot also identifies the names of account holders and the amount of money being transferred. Alexander said the money is being sent through the Uni. Teller network to Fifth Third Bank to transfer funds to the loadable u. Link Master. Card. He said the number sets in the center- left column appear to be money being sent in foreign currency from the United States, to the u. Link cardholders in their respective country.“These can very well be multiple transactions that are occurring,” he said, noting the member of the gang who took the screenshot did not specify on this particular screenshot. He pointed out the word “remittance” at the top of the center- right column, and noted “When you see the word . On the fourth line down, the “From. TEST- ACKFile. From. Fifth Third Bank to Uni. Teller, which further suggests the hackers have access between Uni. Teller’s compromised network and Fifth Third Bank. Finally, he pointed to the name “u. Link” in the lower- right corner, and noted it refers to the u. Link prepaid Master. Card.“That is showing there is clearly admin access to where those files are,” he said, adding that it’s possible the files contain wire transfer credentials but the gang member did not specify. Scott said at the very least, the image shows the hackers have a level of access to the system that allows them to read, write, and execute files on the system. A screenshot from a cyberattack shows payments being made. An ACH is an automatic clearinghouse. An example would be if you had a bank account set to automatically pay a cellphone bill.“Each one of those are payment transactions, when you see the ACH in there,” Alexander said, noting the screenshot shows payments being made at set times.“That shows they have access to transactions,” he said. They could easily open any of those files to see the types of transactions and leverage that type of information.”He pointed out the center- left column, which states “swadmin staff,” and noted it shows the gang member with administrator- level access to the system. Scott said the image shows the hackers have the ability to read files shown on the page, but wouldn’t be able to alter the files. He noted, “if they’re trying to steal files, that’s all they actually need.” He also pointed out that the word “staff” next to “swadmin” shows the system is recognizing the account as legitimate. A screenshot from a cyberattack shows login credentials.(Courtesy of Edward Alexander; this image has been edited to remove sensitive information)The above screenshot shows login credentials to Uni. Teller networks, and Alexander pointed out the mention of “api” in the screenshot. An API, or “application program interface,” allows applications to communicate with each other. They could, for example, allow a computer to access a database or respond to calls from another system.“It’s another vector, and the fact that it’s there, we know Uni. Teller is compromised and Uni. Teller’s API sends and receives calls from others that are connected to it,” Alexander said.“How all these banks connect to Uni. Teller is through the API,” he said, noting this could be how hackers are gaining access to bank systems connected to Uni. Teller. Scott noted that the page shows website links to IDology’s IDCenter, which is a login portal for companies, and that the hackers may have been running attacks to gain a set of user credentials for the portal. A screenshot of a cyberattack shows files the hackers have access to. He noted that “CC” stands for “credit card” and “DC” stands for “debit card.”Alexander pointed out other files listed in the screenshot, which suggest the gang member had also gained access to transactions, storage, the encryptions utility, and the FTP file root. Scott noted the image shows the hackers have the ability to read, write, and execute files on the FTP system, which would allow them to transfer information to and from the system. He said using the FTP “is a common way to exfiltrate data”. On the Inside: Catching Bank Robbers (TV Movie 2.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
January 2017
Categories |