'Anonymous' Joins Hacker Army Targeting Central Banks for Cash
by Chiara Albanese , Daniele Lepido , and Giles Turner
Bloomberg March 17, 2017
In 2008, a group of thieves stole $700,000 from Russia’s central bank the old-fashioned way: they
infiltrated a processing center, handcuffed a guard, and made off with the cash.
These days, the criminal attacks on the Bank of Russia are far less labor-intensive -- and far more
lucrative. Over the course of last year, hackers looted up to $21 million from accounts opened with the
Bank of Russia.
The thefts from the Bank of Russia are part of a surge in cyber attacks on global monetary authorities in
2016, from Bangladesh to Warsaw. This year is likely to be even worse.
“For a central bank the question is not if, but when, they will be victim of a cyber-attack,” said Giulio
Coraggio, a lawyer focusing on cyber-security at DLA Piper in Milan.
The hacking collective “Anonymous,” known for its activism against big corporations, security forces,
and governments, is specifically targeting central banks, according to two people with direct knowledge
of the group’s activities, who asked not to be identified.
While the people wouldn’t say which banks are being targeted, they said the group has been busy
recruiting new hackers to aid it in its forays, and renewed its attack against a number of central banks in
February.
The group last year attacked at least eight monetary authorities, including the Dutch Central Bank, the
Bank of Greece, and the Bank of Mexico, the two people said. In a change of tack, it is also considering
plans to sell on any confidential information it obtains, according to one of the people.
The actions by non-state hacking and hacktivist groups such as Anonymous “are a wake-up call that
should alert us to the critical weaknesses of global financial systems,” said Stefano Zanero, a professor
of computer security at Italian university Politecnico di Milano.
Central Targets
A successful cyber-security attack on the U.S. banking system is “one of the most significant risks our
country faces,” Federal Reserve Chair Janet Yellen said in testimony before the congressional Joint
Economic Committee in November.
The most notable hack on a central bank so far resulted in a manhunt involving Interpol and the FBI,
1
�launched last year, to help solve the cyber-heist from Bangladesh’s central bank, where hackers used
Swift, the interbank messaging system, to steal $81 million.
“The Bangladeshi bank case last year really brought the focus on payments systems within central
banks,” said Adrian Nish, head of threat intelligence at BAE Systems Plc. “The realization that central
banks can be targeted this way for profit has become a greater concern since Bangladesh.”
Poland’s financial regulator was targeted in January by a suspected “watering hole” attack, where
hackers target an often-used website, according to research from BAE Systems. In this instance, the hack
originated from the website of Polish Financial Supervision Authority (KNF), where code was planted
that would serve malware to certain visitors of the site. The malicious code was selectively targeted at
financial institutions, and multiple banks were compromised via their users simply browsing the KNF
website.
The authority said last month in a statement that it had identified external attempts to hack its website
and it was in contact with representatives of supervised industries.
Similar code was also believed to be present on the website of the state-owned Banco de la República
Oriental del Uruguay, and the National Banking and Stock Commission of Mexico in late 2016, according
to analysis from BAE Systems and U.S. software company Symantec Corp.
Banco de la República Oriental del Uruguay and the National Banking and Stock Commission of Mexico
did not respond to requests for comment.
Spotting Gaps
“Cyber attacks have become military attacks,” said Biagio De Marchis, senior vice president in the
security and information systems division of Italian defense and security company Leonardo SpA, which
offers cyber-security services to clients which span from financial institutions to large companies to the
NATO alliance.
In response, central banks and related agencies have been busy attempting to stem the increasing
number of attacks. In June Swift hired BAE Systems and U.K. cybersecurity adviser NCC Group Plc in a bid
to improve its security defenses. BAE has since helped Swift analyze whether it needs to flag potential
issues to correspondent banks.
The number of warning flags raised due to concerns about a potential security issue BAE Systems has
examined are in the “double digits.” The problems range from system crashes due to software update
errors, to intruders hacking into banking platforms.
The Bank of England is even scooping up startups to help it battle online threats. It is currently running
an accelerator, launched in June 2016, and is to start working with Anomali in order to “hunt and
2
�investigate cyber security intelligence data in a highly automated fashion,” according to a case study
published in February by the Bank.
Limor Kessem, a consultant at IBM Security Systems, says greater vigilance on the part of central banks
makes sense in the face of the increased attacks they’re seeing. She said she has identified several
groups targeting banks, and expects more to jump in this year.
“If overall cybercrime activity on that sector is any indication,” Kessem said, “attacks on central banks
are also likely to increase.”
