Operation High Roller Targets North American Banks


A "major" U.S. bank is being targeted by a group of international criminals involved in a so-called Operation High Roller scam. The con targets treasury customers as well as the wealthy in a scheme to move tens, if not hundreds, of thousands of dollars overseas through wire transfers.

The revelation was made by threat researchers at Santa Clara, Calif., internet security company McAfee in an assessment of the complex threat in a recently published third quarter report. Similar attacks were announced in June as a part of a joint investigation by Guardian Analytics and McAfee.

Ryan Sherstobitoff, one of the McAfee researchers, was coy about describing the large American bank, so as not to violate any privacy pacts his company has with the bank.

The software being used in the crime, a combination of SpyEye and Zeus malware, infects potential victims' machines through carefully crafted emails that lead an intended target to click on either an attachment or a malicious website. That means that these networks of criminals already know who they're trying to scam — down to the names of treasury managers at multi-million dollar businesses.

The attacks have been running since the beginning of the year, and most likely originated in Russia and Eastern Europe, says Sherstobitoff.

The earlier scams, which affected roughly 109 U.S. businesses, simply locked corporate and treasury customers out of their internet banking portals for about two days while wire transfers were conducted from their accounts.

These latest attacks, discovered in September, can now copy even a consumer's online banking credentials while the victim is logging on, then present the user with a screen that asks that person to wait, while automatically filling out and completing a wire transfer. Afterwards it covers that transfer's tracks.

"This is the first confirmed instance where these types of [thieves] are targeting a U.S. financial institution," says Sherstobitoff. "Where before the problem in the U.S. was really manual account takeovers that required the human element, in this case, it's fully automated, where [victims] are stalled with a message while the malware is making the fraudulent wire transaction."

He says that McAfee discovered the targeted U.S. attack after finding SpyEye software loaded with a Javascript payload containing specific instructions naming the top 10 U.S. bank and how to route its online banking security.

Operation High Roller is more prevalent in Europe, where criminals are already moving past wire transfers to send cash to different countries through SEPA, a system not unlike the ACH network, Sherstobitoff says.

After all, he says, with these sort of attacks, Europe acts as an early warning system for what will eventually come across the Atlantic.



'The Law Penalizes the Consumers It Set Out to Protect': Comments of the Week

American Banker readers share their views on the most pressing banking topics of the week. As excerpted from the Comments sections of AmericanBanker.com articles.

(Image: Fotolia)

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments:
Not Registered?
You must be registered to post a comment. Click here to register.
Already registered? Log in here
Please note you must now log in with your email address and password.

The Most Influential Women in Payments

What does it take to lead in the still-mostly-male world of payments? This year's 20 Most Influential Women in Payments share stories about how they got to the top, their vision for the future of payments (hint: it's mainly mobile), and advice to other women working their way up the ladder.

A Newsletter featuring Bank Technology News' top stories plus special reports and data

Already a subscriber? Log in here
Please note you must now log in with your email address and password.