'Anonymous' joins hacker army targeting central banks for cash

In 2008, a group of thieves stole $700,000 from Russia’s central bank the old-fashioned way: they infiltrated a processing centre, handcuffed a guard, and made off with the cash.

These days, the criminal attacks on the Bank of Russia are far less labour-intensive — and far more lucrative. Over the course of last year, hackers looted up to $21 million from accounts opened with the Bank of Russia.

The thefts from the Bank of Russia are part of a surge in cyber attacks on global monetary authorities in 2016, from Bangladesh to Warsaw. This year is likely to be even worse. 

“For a central bank the question is not if, but when, they will be victim of a cyber-attack,” said Giulio Coraggio, a lawyer focusing on cyber-security at DLA Piper in Milan.

The hacking collective “Anonymous,” known for its activism against big corporations, security forces, and governments, is specifically targeting central banks, according to two people with direct knowledge of the group’s activities.

While the people wouldn’t say which banks are being targeted, they said the group has been busy recruiting new hackers to aid it in its forays, and renewed its attack against a number of central banks in February.

The group last year attacked at least eight monetary authorities, including the Dutch Central Bank, the Bank of Greece, and the Bank of Mexico, the two people said. In a change of tack, it is also considering plans to sell on any confidential information it obtains, according to one of the people.

The actions by non-state hacking and hacktivist groups such as Anonymous “are a wake-up call that should alert us to the critical weaknesses of global financial systems,” said Stefano Zanero, a professor of computer security at Italian university Politecnico di Milano.

A successful cyber-security attack on the US banking system is “one of the most significant risks our country faces,” Federal Reserve Chair Janet Yellen said in testimony before the congressional Joint Economic Committee in November.

The most notable hack on a central bank so far resulted in a manhunt involving Interpol and the FBI, launched last year, to help solve the cyber-heist from Bangladesh’s central bank, where hackers used Swift, the interbank messaging system, to steal $81 million.

“The Bangladeshi bank case last year really brought the focus on payments systems within central banks,” said Adrian Nish, head of threat intelligence at BAE Systems. 

Poland’s financial regulator was targeted in January by a suspected “watering hole” attack, where hackers target an often-used website, according to research from BAE Systems. In this instance, the hack originated from the website of Polish Financial Supervision Authority (KNF), where code was planted that would serve malware to certain visitors of the site. The 

malicious code was selectively targeted at financial institutions, and multiple banks were compromised via their users simply browsing the KNF website.

The authority said last month in a statement that it had identified external attempts to hack its website and it was in contact with representatives of supervised industries. Similar code was also believed to be present on the website of the state-owned Banco de la República Oriental del Uruguay, and the National Banking and Stock Commission of Mexico in late 2016, 

according to analysis from BAE Systems and US software company Symantec. Banco de la República Oriental del Uruguay and the National Banking and Stock Commission of Mexico did not respond to requests for comment.