Identity Theft –A personal attack escalated to an organizational one

The goal and scope of ‘identity thefts’ has been traditionally considered to be individual: a method to illegally access somebody assets [i]. Nowadays there is evidence that it can be and is being used to steal corporations’ assets. 

A few days ago The New York Times published an article [ii] advancing a report to be published on Monday, by Kaspersky Lab, relative to the recent discovery of a massive bankers’ identity theft. 

“Kaspersky Lab says it has seen evidence of $300 million in theft through clients, and believes the total could be triple that”, “transferring millions of dollars from [more than 100] banks in Russia, Japan, Switzerland, the United States and the Netherlands” into rogue accounts, and turning on ATMs to dispense money at convenient times and places.

Since late 2013 and for nearly two years, hackers sent email containing malware to bank employees, succeeding to infect the banks’ systems, recording keystrokes and video, taking screen shots and controlling the banks’ computers remotely.

The hackers invested a significant amount of time in order to learn about the individuals and banks routine practices, “mimic[king] their activities” to impersonate bank officers and also limiting their fraudulent transactions to ‘reasonable’ amounts, easier to go undetected. 

In this way, the hackers succeeded at transforming individual identity thefts into a much more profitable heist.

* * *

[i] Wikipedia. (2015). “Identity theft is a form of stealing someone's identity in which someone pretends to be someone else by assuming that person's identity, usually as a method to gain access to resources or obtain credit and other benefits in that person's name”. Retrieved: 20150215. 

[ii] Sanger, D. E. and Perlroth, N. (Feb. 14, 2015). “Bank Hackers Steal Millions via Malware”. The New York Times. Retrieved: 20150215.