Operation High Roller achieves 'organized crime' status

update New breed of sophisticated financial fraud campaign targets high balance accounts from financial institutions to siphon money from there to automated mule accounts, research finds. One McAfee exec says Asia was not spared either.

update A global financial fraud that uses an active and passive automated transfer system to siphon money from high balance accounts in financial institutions has been discovered by McAfee and Guardian Analytics.

According to a joint report released Tuesday, the online fraud, dubbed "Operation High Roller", attacks banking systems worldwide and impacted thousands of financial institutions including credit unions, large global banks and regional banks. The criminals have attempted to transfer between 60 million euros (US$75.1 million) and 2 billion euros (US$2.5 billion) to mule business accounts belonging to the "organized crime" syndicate from at least 60 banks so far, the study revealed.

"With no human participation required, each attack moves quickly and scales neatly. This operation combines an insider level of understanding of banking transaction systems with both custom and off-the-shelf malicious code," the report said.

Building on established Zeus and SpyEye tactics, the fraud scheme is able to bypass physical chip-and-pin authentication by using automated mule account databases to conduct server-based fraudulent transactions, with the highest attempted transaction reaching up to 100,000 euros (US$130,000), it explained.

So far, the attack has been sighted in Italy, Germany, the Netherlands, and has expanded to Latin America and the United States, McAfee noted.

"The advanced methods discovered in Operation High Roller show fraudsters moving toward cloud-based servers with multi-faceted automation in a global fraud campaign," David Marcus, director of security research for McAfee Labs, said in a blog post.

McAfee and Guardian Analytics also said they had been working with law enforcements to report the location of criminally-controlled servers found in the U.S. and to educate others on the attack. However, the study showed high concentrations of malicious servers in Eastern Europe, and "strategic placement" in other countries such as China, Canada, Germany and Italy.

Michael Sentonas, Asia-Pacific vice president and CTO of McAfee, later told ZDNet Asia that a number of popular banks and credit unions across Asia-Pacific were also targeted as part of this operation. Australia, for instance, was a target because the security vendor found victim logs linking to one popular bank and other credit unions in the country, which indicate there were attempts at making fraudulent transactions.

"We cannot confirm successful versus non-successful attempted fraudulent transfers in Australia at this time. But based on the scale of the targeted campaign in Australia, the financial implications confirmed in other countries, and the attempts that were tracked, we could extrapolate a potential volume of US$6 million in initiated transactions," Sentonas stated.