Cybercriminals Create Online Traffic Jams to Cover for Bank Heists
Shady money mules draped in $100,000 worth of jewelry and operating under the cover of darkness it sounds like the opening scene to a bad mystery movie but it's real, and it's part of a new cybercrime campaign drawing national attention.
The FBI is warning people to be aware of a new cybercrime scheme in which online crooks launch crippling cyberattacks against banks while simultaneously harvesting your bank-account credentials and making it impossible for you to get your money back once the fraud is complete.
Cybercriminals first send phishing emails claiming to be from the National Automated Clearing House Association (NACHA), informing recipients there was a problem with their bank-account transaction and it could not be processed. Once victims click on the link in the bogus email, they are infected with "Gameover," a variant of the infamous Zeus Trojan , which enables crooks to harvest bank-account credentials.
This could be game over for the scam, but the next step is where it gets particularly dangerous.
After their targeted computers are compromised with Gameover, the attackers launch distributed denial-of-service attacks (DDoS) against the victims' financial institutions as a type of smokescreen to cover up the heist.
A DDoS is the online equivalent of a traffic jam; no damage is done, but no data can get in or out of a website while it's happening.
"The belief is the DDoS is used to deflect attention from the wire transfers as well as to make them unable to reverse the transactions (if found)," the FBI wrote.
Here's where the expensive jewelry comes into play: The FBI has found that the perpetrators of this scheme are contacting jewelry stores and requesting to purchase "precious stones and high-end watches." The cybercrooks use the money they've stolen with Gameover to pay the jewelry store, and then a money mule picks up the jewelry.
"Later on, the transaction is reversed or cancelled (if the financial institution caught the fraud in time) and the jeweler is out whatever jewels the money mule was able to obtain," according to the FBI.
On his Krebs on Security blog, researcher Brian Krebs wrote that similar schemes, in which criminals use a DDoS to create a smokescreen, have worked in the past, most notably against Sony, which fought an attack from the Anonymous hacking group in May as hackers were busy stealing information from more than 100 million customers.