Operation High Roller Targets North American Banks

A "major" U.S. bank is being targeted by a group of international criminals involved in a so-called Operation High Roller scam. The con targets treasury customers as well as the wealthy in a scheme to move tens, if not hundreds, of thousands of dollars overseas through wire transfers.

The revelation was made by threat researchers at Santa Clara, Calif., internet security company McAfee in an assessment of the complex threat in a recently published third quarter report. Similar attacks were announced in June as a part of a joint investigation by Guardian Analytics and McAfee.

Ryan Sherstobitoff, one of the McAfee researchers, was coy about describing the large American bank, so as not to violate any privacy pacts his company has with the bank.

The software being used in the crime, a combination of SpyEye and Zeus malware, infects potential victims' machines through carefully crafted emails that lead an intended target to click on either an attachment or a malicious website. That means that these networks of criminals already know who they're trying to scam — down to the names of treasury managers at multi-million dollar businesses.

The attacks have been running since the beginning of the year, and most likely originated in Russia and Eastern Europe, says Sherstobitoff.

The earlier scams, which affected roughly 109 U.S. businesses, simply locked corporate and treasury customers out of their internet banking portals for about two days while wire transfers were conducted from their accounts.

These latest attacks, discovered in September, can now copy even a consumer's online banking credentials while the victim is logging on, then present the user with a screen that asks that person to wait, while automatically filling out and completing a wire transfer. Afterwards it covers that transfer's tracks.

"This is the first confirmed instance where these types of [thieves] are targeting a U.S. financial institution," says Sherstobitoff. "Where before the problem in the U.S. was really manual account takeovers that required the human element, in this case, it's fully automated, where [victims] are stalled with a message while the malware is making the fraudulent wire transaction."

He says that McAfee discovered the targeted U.S. attack after finding SpyEye software loaded with a Javascript payload containing specific instructions naming the top 10 U.S. bank and how to route its online banking security.

Operation High Roller is more prevalent in Europe, where criminals are already moving past wire transfers to send cash to different countries through SEPA, a system not unlike the ACH network, Sherstobitoff says.

After all, he says, with these sort of attacks, Europe acts as an early warning system for what will eventually come across the Atlantic.

For reprint and licensing requests for this article, click here.
Bank technology
MORE FROM AMERICAN BANKER