Looming cyber attack threatens major banks
Some online victims of Project Blitzkrieg From McAfee Labs
December 13th, 2012
12:01 AM ET

Looming cyber attack threatens major banks

By Pam Benson

Some of the nation's biggest banks are at risk of a massive cyber attack next year that could potentially siphon funds from unsuspecting customers, according to a leading digital security firm.

The fraud campaign, known as Project Blitzkrieg, is a credible threat, the Internet security firm McAfee Labs concluded in a new report.

The malware has been lying dormant in U.S. financial systems and is scheduled to go active by the spring of 2013, McAfee researchers concluded.

The project "appears to be moving forward as planned," the report states.

People familiar with the study said some 30 financial institutions are targets of the campaign.

CNNMoney: Not a single bank is malware-free

They include Fidelity, E*Trade, Charles Schwab, PayPal, Citibank, Wachovia, Wells Fargo, Capital One, Navy Federal Credit Union and others.

Information about the intended cyber attack was discovered in September by the Internet security firm RSA during the course of monitoring a web chat room that the company says was run by a Russian hacker known as vorVzakone.

According to the report, the Russian was believed to be using the chat room to recruit fellow hackers to steal assets from bank accounts as part of a criminal enterprise.

At the time, there were doubts about the credibility of the threat, with some experts suggesting it was part of a Russian law enforcement sting.

"Our researchers have been poring into this and what they have found, they actually found somewhere between 300 to 500 devices in the U.S. that have actually been infected with the particular malware that this individual is talking about," said Pat Calhoun, a senior vice president at McAfee.

"That, combined with some additional research we’re doing, has led us to believe this is true. This is actually a real operation that this individual is planning to launch sometime before spring 2013."

The McAfee report states, "The targets are U.S. banks, with the victims dispersed across various U.S. cities, according to the telemetry data. Thus this group will likely remain focused on U.S. banks and making fraudulent transactions."

Calhoun said that McAfee has access to the malware and, through reverse engineering, has learned much about its capability and targets.

"We see the IP addresses and names of banks and so on or references to URLs."

Calhoun said the behavior of the Trojan suggests it is a variant of a previous known strain called Gozi. RSA labeled this latest version, Gozi Prinimalka.

But it's a tedious task dissecting the malware, and the company is still trying to figure out how it would create fraudulent bank transactions, Calhoun said.

Based on their analysis, the McAfee researchers believe the plan is to attack a small group of bank customers.

"This strategy is necessary if the attackers hope to succeed in transferring several million dollars over the course of the project," the report states. "A limited number of infections reduces the malware's footprint and makes it hard for network defenses to detect its activities."

But Calhoun said the fact the malware has been detected allows for a defense to be mounted.

"Since we know about it, we will be able to protect against it," Calhoun said. "We're working very closely with law enforcement and a lot of the potential targets to make sure they understand this and know how to behave or how to protect themselves against it."

Wells Fargo, the only financial institution to respond to questions about preparations it might be taking to thwart the potential attack, said it was watching for the threat.

"Security is core to our mission and safeguarding our customers' information is at the foundation of all we do," Wells Fargo said in a statement. "We constantly monitor the environment, assess potential threats, and take action as warranted."

The Department of Homeland Security, which takes the lead for the government on cyber security issues, had no comment on the McAfee report or Project Blitzkrieg.

soundoff (98 Responses)
  1. najistotniejsze zbiorniki betonowe

    Hello terrific website! Does running a blog like this require a
    massive amount work? I've very little knowledge of programming but I had been hoping to start my own blog
    soon. Anyways, if you have any recommendations or techniques for new blog
    owners please share. I know this is off topic but I simply wanted to ask.
    Appreciate it!

    February 25, 2021 at 5:50 pm | Reply
  2. Twitter Services

    Hola! I've been following your site for some time now and finally got the bravery to go ahead and give you a shout out from Lubbock Texas! Just wanted to say keep up the great work!


    February 25, 2021 at 5:34 pm | Reply
  3. Ranking zbiorników betonowych

    I am sure this post has touched all the internet viewers,
    its really really pleasant paragraph on building up new website.

    February 24, 2021 at 6:32 pm | Reply
  4. szamba

    What's up, just wanted to mention, I enjoyed this article.
    It was inspiring. Keep on posting!

    February 23, 2021 at 5:41 pm | Reply
  5. SocialMedia Services2021

    Do you want get more social network traffic, likes, and retweets? SMM Supreme uses his own panel system to generate social media traffic to any website. Best Quality-Price Ratio on the market with 714928 orders until now. – Facebook Fan Page Likes: $4.50/1000 – Instagram Followers: $0.78/1000 – Youtube Views: $1.62/1000 – Twitter followers: $2.10/1000 – Paypal Deposit – Payeer Deposit – Automatic order processing – Our Website: https://smmsupreme.com/


    February 19, 2021 at 2:31 pm | Reply
  6. Do Zobaczenia W Tym Miejscu

    You need to take part in a contest for one of the best blogs on the net.
    I am going to recommend this website!

    February 19, 2021 at 6:14 am | Reply
  7. najistotniejsze szamba betonowe

    Wonderful blog! I found it while browsing
    on Yahoo News. Do you have any tips on how to get listed in Yahoo News?
    I've been trying for a while but I never seem to get there!
    Appreciate it

    February 18, 2021 at 7:07 pm | Reply
  8. najważniejsze zbiorniki betonowe

    Howdy, i read your blog occasionally and i own a similar one and i was just wondering if you get a lot of spam comments?
    If so how do you prevent it, any plugin or anything you can advise?
    I get so much lately it's driving me mad so any assistance is very much appreciated.

    February 18, 2021 at 7:07 pm | Reply
  9. uporczywy

    If you want to get much from this post then you have to apply these methods to your won weblog.

    February 18, 2021 at 8:49 am | Reply
  10. lodisiva1982.netlify.app

    Religion And Literature Phd Earthsea Onlyfans

    Check out my web site: pdf book (lodisiva1982.netlify.app)

    February 17, 2021 at 3:04 pm | Reply
  11. Gsa Ser Proxies

    Oh my goodness! a tremendous article dude. Thank you Nonetheless I'm experiencing challenge with ur rss . Don’t know why Unable to subscribe to it. Is there anyone getting identical rss downside? Anybody who is aware of kindly respond. Thnkx


    February 16, 2021 at 12:46 am | Reply
  12. https://topphimhot.net

    best i have ever seen !


    February 13, 2021 at 5:51 am | Reply
  13. https://www.yamatocosmos.com

    best i have ever seen !


    February 8, 2021 at 6:40 pm | Reply
  14. https://www.yamatocosmos.com

    best i have ever seen !


    February 8, 2021 at 5:34 pm | Reply
  15. Virginia Orcutt

    Earn 1000 a Day With Our Passive Income System


    February 6, 2021 at 6:29 am | Reply
  16. Michael Pluym

    Earn 2000 a Month With Our Passive Income System


    February 5, 2021 at 7:44 pm | Reply
  17. Boost Social Subscribers

    Very clean internet site, appreciate it for this post.


    February 4, 2021 at 8:48 pm | Reply
  18. Social Likes

    I like this post, enjoyed this one thankyou for putting up.


    February 2, 2021 at 8:17 am | Reply
  19. Build Your Own Landing Pages

    Get Our Passive Income System – Step 1: Get our ready made niche websites, Step 2: Setup your Paypal account. Step 3: Run our Unlimited Traffic System from 850 sources of traffic (Approximately 35000 views a day guaranteed). Then just wait and earn your income 100 on autopilot. More info: https://www.k3reviews.com/2020/08/16/monster-mode-700k/


    February 1, 2021 at 12:26 pm | Reply
  20. Ramiro Josiah


    January 28, 2021 at 10:46 pm | Reply
  21. YesBet88

    best i have ever seen !


    January 28, 2021 at 6:57 pm | Reply
  22. Jasper Thamphia

    Social network traffic Facebook likes Twitter Followers Instagram Followers and much more


    January 27, 2021 at 1:24 am | Reply
  23. Victor Chartraw

    Do you want get more social network traffic, likes, and retweets? SMM Supreme uses his own panel system to generate social media traffic to any website. Best Quality-Price Ratio on the market with 714928 orders until now. – Facebook Fan Page Likes: $4.50/1000 – Instagram Followers: $0.78/1000 – Youtube Views: $1.62/1000 – Twitter followers: $2.10/1000 – Paypal Deposit – Payeer Deposit – Automatic order processing – 30 minutes to send to customers


    January 26, 2021 at 10:29 pm | Reply
  24. 농구 베팅

    best i have ever seen !


    January 23, 2021 at 6:10 am | Reply
  25. 꽁머니

    Hola! I've been following your web site for some time now and finally got the
    bravery to go ahead and give you a shout out from
    New Caney Texas! Just wanted to mention keep up the fantastic job!

    January 15, 2021 at 5:37 pm | Reply
  26. Mina Hatala

    Fantastic weblog! Is your theme custom made or even do you download this through someplace? A topic like your own with a few basic tweeks would definitely help make my blog leap out. You should tell me in places you received your layout. With thanks


    January 11, 2021 at 11:09 pm | Reply
  27. slot

    Best view i have ever seen !


    January 10, 2021 at 12:16 pm | Reply
  28. Amiee Alvarez

    Wow, incredible blog format! How lengthy have you been running a blog for? you made blogging glance easy. The whole glance of your website is excellent, as well as the content material!


    January 6, 2021 at 7:47 pm | Reply
  29. earn passive income fast

    Imagine getting hundreds of people flooding your inbox on autopilot, This is made thanks to traffic conveyed on autopilot over various “viral tiers”. 100 commissions of up to 900+ dollars DAILY. More details: https://bit.ly/2YfQFcC


    December 26, 2020 at 10:52 am | Reply
  30. Lewis Maller

    Interesting read , I’m going to spend more time researching this subject


    December 20, 2020 at 5:27 pm | Reply
  31. detectives privados cantabria

    detectives privados coslada


    December 11, 2020 at 10:22 pm | Reply
  32. Earl Blackledge

    This protocol is designed to protect communication in a secure manner using TCP/IP. It is a set of security extensions developed by IETF, and it provides security and authentication at the IP layer by using cryptography. To protect the content, the data is transformed using encryption techniques. There are two main types of transformation that form the basis of IPsec: the Authentication Header (AH) and Encapsulating Security Payload (ESP). These two protocols provide data integrity, data origin authentication, and anti-replay service. These protocols can be used alone or in combination to provide the desired set of security services for the Internet Protocol (IP) layer.'.."`

    http://calaguastourpackage.comThe latest write-up from our very own web site

    May 20, 2013 at 6:03 pm | Reply
  33. Team Security

    Security measures

    January 10, 2013 at 5:19 am | Reply
  34. massoud

    Jon Corzine invented project blitzkrieg while at MF Global,

    December 20, 2012 at 5:51 pm | Reply
  35. mediacrat

    Website is definitely down.
    WF On-phone support: "..hmm... let me check into your account..."
    me: "Don't give me that. This isn't the first time you've heard of this today."
    WF On-phone support: "Heh heh. Yeah. I can't get into my account either since Tuesday."
    I'm thinking.... RUN RUN RUN

    December 20, 2012 at 5:36 pm | Reply
  36. and here it is

    And here it is, today the wells fargo website is down for the 3rd day.

    December 20, 2012 at 4:56 pm | Reply
  37. Kattman

    Here's something that's really funny HaHaHaHaHaHaHaHaHa thinks he is.

    December 14, 2012 at 7:52 am | Reply
  38. Hahahahaha

    I've got the answer!!!!!!!.........How come no one has thought of this before?!!!!!!!!.............It's...........It's..............."Tax breaks for the rich to fund cyber warfare!!!!!!!!!!!" Hahahahahahaaha

    December 13, 2012 at 2:09 pm | Reply


    December 13, 2012 at 12:28 pm | Reply
    • Hahahahaha

      Looks like the virus already has infected your Caps Lock!!!!!!!!!!!! Idiot!!!!!!! Hahahahahahahha

      December 13, 2012 at 2:10 pm | Reply
  40. wjmccartan

    Okay so they know this might happen, you don't think the banks would be smart eonough to make back up copies of people funds, so if they are lost or corrupted they can simply reset with the right data. I mean its a stretch that such a low technology would be used in a common sense fashion, I think they want to crash again and screw the recovery up even more then the republicans. This is a job for Super Bernake, send him in there and all will be okay, blah blah blah

    December 13, 2012 at 9:24 am | Reply
  41. michaelfury

    Did the Russians pull off this one too?


    December 13, 2012 at 8:35 am | Reply
  42. Mabecane

    You don't need to have an online account to have it cleaned, hackers get into bank data. They will move money from your savings to your checking account and transfer the amount in small increment under 10k to get under the radar. Banks do not have to notify the FBI if the amount is under 10k. The banks like to keep quiet. Meanwhile customers wreck their brains trying to figure where someone could have hacked them.
    All the hacker need is your account number and routing number no need for password and all that security we customers have to jump thru to make transaction. My son's accounts were cleaned out that way. Transfers were made from his bank to an other bank under a bogus name. The receiving bank under our laws are responsible to return the transfers before they get debited or not. As a customer the law covers you, as a business account it's an other story, money may be gone forever if the fraudulent transactions are not discovered in time.Keep an eye on your accounts.

    December 13, 2012 at 7:27 am | Reply
  43. Roscoe Chait

    I know... why banks? Because that's where the money is. Keeping all of this in mind, my bank has tried for years to talk me into online banking. I don't think so.

    December 13, 2012 at 2:55 am | Reply
    • Chris Gilroy

      You know, if people actually took security a little more serious and actually stopped using online banking all together until they all started using one-time token passwords, online banking would be almost 100% secure.

      With one-time tokens, it doesn't matter if you know my username/password. As long as you are not in control of my physical dongle, you will never get in. Sadly there's video games that offer this cheap security to login, but something like major banking and it's nowhere to be found.

      December 13, 2012 at 6:37 am | Reply
      • Logical

        It's because of the infrastructure demand behind the dongle. The security empire and data processing capability that would be necessary to give each customer of a large major bank would be enormous.
        ... although, they are posting multi-billion dollar quarters

        December 13, 2012 at 8:32 am |

Post a comment


CNN welcomes a lively and courteous discussion as long as you follow the Rules of Conduct set forth in our Terms of Service. Comments are not pre-screened before they post. You agree that anything you post may be used, along with your name and profile picture, in accordance with our Privacy Policy and the license you have granted pursuant to our Terms of Service.