Looming cyber attack threatens major banks
Some online victims of Project Blitzkrieg From McAfee Labs
December 13th, 2012
12:01 AM ET

Looming cyber attack threatens major banks

By Pam Benson

Some of the nation's biggest banks are at risk of a massive cyber attack next year that could potentially siphon funds from unsuspecting customers, according to a leading digital security firm.

The fraud campaign, known as Project Blitzkrieg, is a credible threat, the Internet security firm McAfee Labs concluded in a new report.

The malware has been lying dormant in U.S. financial systems and is scheduled to go active by the spring of 2013, McAfee researchers concluded.

The project "appears to be moving forward as planned," the report states.

People familiar with the study said some 30 financial institutions are targets of the campaign.

CNNMoney: Not a single bank is malware-free

They include Fidelity, E*Trade, Charles Schwab, PayPal, Citibank, Wachovia, Wells Fargo, Capital One, Navy Federal Credit Union and others.

Information about the intended cyber attack was discovered in September by the Internet security firm RSA during the course of monitoring a web chat room that the company says was run by a Russian hacker known as vorVzakone.

According to the report, the Russian was believed to be using the chat room to recruit fellow hackers to steal assets from bank accounts as part of a criminal enterprise.

At the time, there were doubts about the credibility of the threat, with some experts suggesting it was part of a Russian law enforcement sting.

"Our researchers have been poring into this and what they have found, they actually found somewhere between 300 to 500 devices in the U.S. that have actually been infected with the particular malware that this individual is talking about," said Pat Calhoun, a senior vice president at McAfee.

"That, combined with some additional research we’re doing, has led us to believe this is true. This is actually a real operation that this individual is planning to launch sometime before spring 2013."

The McAfee report states, "The targets are U.S. banks, with the victims dispersed across various U.S. cities, according to the telemetry data. Thus this group will likely remain focused on U.S. banks and making fraudulent transactions."

Calhoun said that McAfee has access to the malware and, through reverse engineering, has learned much about its capability and targets.

"We see the IP addresses and names of banks and so on or references to URLs."

Calhoun said the behavior of the Trojan suggests it is a variant of a previous known strain called Gozi. RSA labeled this latest version, Gozi Prinimalka.

But it's a tedious task dissecting the malware, and the company is still trying to figure out how it would create fraudulent bank transactions, Calhoun said.

Based on their analysis, the McAfee researchers believe the plan is to attack a small group of bank customers.

"This strategy is necessary if the attackers hope to succeed in transferring several million dollars over the course of the project," the report states. "A limited number of infections reduces the malware's footprint and makes it hard for network defenses to detect its activities."

But Calhoun said the fact the malware has been detected allows for a defense to be mounted.

"Since we know about it, we will be able to protect against it," Calhoun said. "We're working very closely with law enforcement and a lot of the potential targets to make sure they understand this and know how to behave or how to protect themselves against it."

Wells Fargo, the only financial institution to respond to questions about preparations it might be taking to thwart the potential attack, said it was watching for the threat.

"Security is core to our mission and safeguarding our customers' information is at the foundation of all we do," Wells Fargo said in a statement. "We constantly monitor the environment, assess potential threats, and take action as warranted."

The Department of Homeland Security, which takes the lead for the government on cyber security issues, had no comment on the McAfee report or Project Blitzkrieg.

soundoff (65 Responses)
  1. Earl Blackledge

    This protocol is designed to protect communication in a secure manner using TCP/IP. It is a set of security extensions developed by IETF, and it provides security and authentication at the IP layer by using cryptography. To protect the content, the data is transformed using encryption techniques. There are two main types of transformation that form the basis of IPsec: the Authentication Header (AH) and Encapsulating Security Payload (ESP). These two protocols provide data integrity, data origin authentication, and anti-replay service. These protocols can be used alone or in combination to provide the desired set of security services for the Internet Protocol (IP) layer.'.."`

    http://calaguastourpackage.comThe latest write-up from our very own web site

    May 20, 2013 at 6:03 pm | Reply
  2. Team Security

    Security measures

    January 10, 2013 at 5:19 am | Reply
  3. massoud

    Jon Corzine invented project blitzkrieg while at MF Global,

    December 20, 2012 at 5:51 pm | Reply
  4. mediacrat

    Website is definitely down.
    WF On-phone support: "..hmm... let me check into your account..."
    me: "Don't give me that. This isn't the first time you've heard of this today."
    WF On-phone support: "Heh heh. Yeah. I can't get into my account either since Tuesday."
    I'm thinking.... RUN RUN RUN

    December 20, 2012 at 5:36 pm | Reply
  5. and here it is

    And here it is, today the wells fargo website is down for the 3rd day.

    December 20, 2012 at 4:56 pm | Reply
  6. Kattman

    Here's something that's really funny HaHaHaHaHaHaHaHaHa thinks he is.

    December 14, 2012 at 7:52 am | Reply
  7. Hahahahaha

    I've got the answer!!!!!!!.........How come no one has thought of this before?!!!!!!!!.............It's...........It's..............."Tax breaks for the rich to fund cyber warfare!!!!!!!!!!!" Hahahahahahaaha

    December 13, 2012 at 2:09 pm | Reply


    December 13, 2012 at 12:28 pm | Reply
    • Hahahahaha

      Looks like the virus already has infected your Caps Lock!!!!!!!!!!!! Idiot!!!!!!! Hahahahahahahha

      December 13, 2012 at 2:10 pm | Reply
  9. wjmccartan

    Okay so they know this might happen, you don't think the banks would be smart eonough to make back up copies of people funds, so if they are lost or corrupted they can simply reset with the right data. I mean its a stretch that such a low technology would be used in a common sense fashion, I think they want to crash again and screw the recovery up even more then the republicans. This is a job for Super Bernake, send him in there and all will be okay, blah blah blah

    December 13, 2012 at 9:24 am | Reply
  10. michaelfury

    Did the Russians pull off this one too?


    December 13, 2012 at 8:35 am | Reply
  11. Mabecane

    You don't need to have an online account to have it cleaned, hackers get into bank data. They will move money from your savings to your checking account and transfer the amount in small increment under 10k to get under the radar. Banks do not have to notify the FBI if the amount is under 10k. The banks like to keep quiet. Meanwhile customers wreck their brains trying to figure where someone could have hacked them.
    All the hacker need is your account number and routing number no need for password and all that security we customers have to jump thru to make transaction. My son's accounts were cleaned out that way. Transfers were made from his bank to an other bank under a bogus name. The receiving bank under our laws are responsible to return the transfers before they get debited or not. As a customer the law covers you, as a business account it's an other story, money may be gone forever if the fraudulent transactions are not discovered in time.Keep an eye on your accounts.

    December 13, 2012 at 7:27 am | Reply
  12. Roscoe Chait

    I know... why banks? Because that's where the money is. Keeping all of this in mind, my bank has tried for years to talk me into online banking. I don't think so.

    December 13, 2012 at 2:55 am | Reply
    • Chris Gilroy

      You know, if people actually took security a little more serious and actually stopped using online banking all together until they all started using one-time token passwords, online banking would be almost 100% secure.

      With one-time tokens, it doesn't matter if you know my username/password. As long as you are not in control of my physical dongle, you will never get in. Sadly there's video games that offer this cheap security to login, but something like major banking and it's nowhere to be found.

      December 13, 2012 at 6:37 am | Reply
      • Logical

        It's because of the infrastructure demand behind the dongle. The security empire and data processing capability that would be necessary to give each customer of a large major bank would be enormous.
        ... although, they are posting multi-billion dollar quarters

        December 13, 2012 at 8:32 am |

Post a comment


CNN welcomes a lively and courteous discussion as long as you follow the Rules of Conduct set forth in our Terms of Service. Comments are not pre-screened before they post. You agree that anything you post may be used, along with your name and profile picture, in accordance with our Privacy Policy and the license you have granted pursuant to our Terms of Service.