Inside the Global Banking E-Heist

July 10, 2016

UniTeller is a financial services company that specializes in making international money transfers, servicing a network of some 87 banks and 32,000 payment locations worldwide. According to an expert in cybersecurity, those banks have potentially been compromised by hackers who have breached UniTeller’s network.

Edward Alexander is a cybersecurity expert who tracks and sometimes prevents digital crime. He has a team of more than 200 digital investigators working specifically on the cases related to the UniTeller breach. Their beat is the darknet, a large segment of the internet only accessible with special software and often used by criminal groups to conspire and sell illicit goods and services.

In 2015, Alexander’s team learned that hackers employed by the Chinese regime had begun penetrating the world’s financial systems as early as 2006.

Also in 2015, after having gained high-level access they used to map and mirror the world’s financial system for their official employers, these hackers sought to monetize the information they had gained through private transactions.


They sold information on UniTeller’s system, and on Banorte, Mexico’s third-largest bank and owner of UniTeller, to a group of international cybercriminals. The world learned of this when the central bank of Bangladesh revealed hackers had stolen $81 million from it. Now, according to Alexander, this same group is changing its tactics while looking to enlarge its operations.

Alexander knows what the criminal group is doing, because his operatives befriended some of its members and gained their trust to such a degree that they chatted about and shared proof of their crimes. This is what Alexander calls “offensive counter-intelligence.”

His people learn how to penetrate criminal networks and bring back intelligence that can be used to stop those networks. Banks and other institutions often pay well for such information.

Included in the evidence Alexander obtained is a series of screenshots that show the hackers stealing money by way of the UniTeller system.

Prolonged Bank Robbery

Among the screenshots are some showing the cybercriminals changing the daily spending limits on credit cards, and accessing transactions of prepaid uLink MasterCards issued for UniTeller customers through Fifth Third Bank in Cincinnati.

“In theory, rather than make it look like a large $81 million heist, it could be that they can try to nickel and dime the accounts using smaller amounts,” said Alexander.

Stolen credit cards and debit cards are commonly sold in bulk on darknet cybercrime markets in what people call “dumps” or “dumpz.” Criminals who purchase them will often use their information to make fake cards, which they then use to make purchases.

Read More: Here

0 comment