{"id":1000,"date":"2016-06-16T19:11:46","date_gmt":"2016-06-16T19:11:46","guid":{"rendered":"http:\/\/54.201.249.27\/?p=1000"},"modified":"2016-06-16T19:11:46","modified_gmt":"2016-06-16T19:11:46","slug":"exclusive-hackers-compromise-global-banking-system-highest-level-investigator-reveals","status":"publish","type":"post","link":"https:\/\/blackopspartners.com\/exclusive-hackers-compromise-global-banking-system-highest-level-investigator-reveals\/","title":{"rendered":"EXCLUSIVE: Hackers Compromise Global Banking System at Highest Level, Investigator Reveals"},"content":{"rendered":"

EXCLUSIVE: Hackers Compromise Global Banking System at Highest Level, Investigator Reveals.<\/h1>\n

Criminals can alter banks’ most sensitive data, allowing fake money transfers and credit card fraud.<\/h3>\n

The global banking system has been compromised by cybercriminals who have demonstrated they have high-level access that gives them nearly full control to alter data and steal from banks, according to an expert who has been investigating them on the darknet private forums run by the hackers.<\/p>\n

Ed Alexander\u00a0is a cyberHUMINT (human intelligence) specialist and a subject matter expert on the darknet. Only accessible with special software, the darknet, in addition to legitimate applications, is used by criminal groups to conspire and sell illicit goods.<\/p>\n

In a previous interview, Alexander provided Epoch Times with extensive evidence on the current global bank heist. He formerly asked to remain anonymous in order to protect his investigations, yet is now going public to expose the two groups of hackers who are behind the attacks.<\/p>\n

The cyberattacks relate to the string of banks that were recently breached by hackers, including the $81 million stolen from the central bank of Bangladesh. Alexander has provided evidence that these banks are merely the tip of the iceberg, and that the hackers have found a vulnerability that grants them access to thousands of banks around the world and across the United States.<\/p>\n

<\/div>\n

In the\u00a0previous article<\/a>, evidence provided by Alexander showed that the cyberattacks began around 2006, when hackers with the Chinese military acted under state orders to breach critical networks in Mexico. From there, the hackers were able to gain access to the computer systems of a major bank, and then into a major money transfer network to which the bank\u2014and many other banks\u2014are connected.<\/p>\n

The Chinese hackers completed their assignment, and around June 2015 they sold the vulnerability they had exploited to cybercriminals on the darknet. Alexander\u00a0was able to provide screenshots from posts on a darknet cybercriminal marketplace that was selling access to the Mexican financial networks.<\/p>\n

The cybercriminals who purchased the vulnerability from the Chinese hackers are the ones currently carrying out attacks on the global banking system, and Alexander provided new evidence showing the cybercriminals have high-level access to the banking networks that they are using to alter data.<\/p>\n

Epoch Times spoke with three experts on cybercrime (two on record, one off-record) who were able to look over some of the screenshots of the attacks, which were provided as evidence. In their expert opinions the screenshots are legitimate, and their contents support Alexander\u2019s claims.<\/p>\n

According to James Scott, senior fellow at the\u00a0Institute for Critical Infrastructure Technology<\/a>\u00a0(ICIT), the screenshots \u201csuggest that an attacker may be exploiting a vulnerability in the system to establish a persistent presence and exfiltrate files.\u201d<\/p>\n

\u201cUnless it is patched and the attacker is removed from the system,\u201d Scott said, \u201cthe attacker can continue to capitalize from the vulnerability or sell it to other attackers.\u201d<\/p>\n

ICIT is a Washington-based cybersecurity think tank focused on threats to critical infrastructure, such as the financial system.<\/p>\n

Based on screenshots provided by Alexander, Scott speculated that the cybercriminals may be using their access to the network as a gateway to other money transfer networks or to spoof money transfer requests to additional banks, allowing the hackers to steal money.<\/p>\n

Keith Furst, founder of\u00a0Data Derivatives<\/a>, a consulting firm focused on financial cybercrime, noted the screenshots show the cybercriminals as having very high-level access on the bank networks. When it comes to banks, he said, only top-level permissions can alter data such as that shown in the screenshots, due to risk that a person could, for example, eliminate his or her debt or illegally transfer money.<\/p>\n

\u201cIf they can change information at this level, it implies they have access to other information,\u201d Furst said.<\/p>\n

An Inside Look<\/h2>\n

The following are screenshots provided to Epoch Times by Alexander, which he said show cybercriminals actively accessing and altering data on networks belonging to Uniteller, a money transfer network owned by Banorte, Mexico\u2019s third-largest bank.<\/p>\n

He added red-colored notes on the screenshots to show the timing of the attacks align with the current attacks on the global banks.<\/p>\n

\n

\"A<\/p>\n

A screenshot shows cybercriminals stealing data from a bank network. Hackers have breached the global banking system and currently hold high-level access. (Courtesy of Ed Alexander)<\/p>\n<\/div>\n

The above screenshot allegedly shows the cybercriminals stealing data from\u00a0a banking network. Alexander said it shows them running a command in a remote host outside the security domain of the bank, and suggests the hackers accessed the data without having direct login credentials to the network.<\/p>\n

The vulnerability also lets the hackers send commands to the servers remotely. \u201cRemote code execution allowed the attackers to run any command on the system,\u201d Alexander said. \u201cIt also facilitated upload of other malicious files, which provided greater, more permanent access.\u201d<\/p>\n

He noted the screenshot merely captures a single moment in the attack. He said after the hackers ran the command that displayed data shown in the screenshot, they ran another command that allowed them to tamper with the files and steal data from the system.<\/p>\n

\n

\"A<\/p>\n

A screenshot shows cybercriminals manipulating the back-end database system of a banking network. (Courtesy of Ed Alexander)<\/p>\n<\/div>\n

The above screenshot was the result of the cybercriminals trying to prove they could manipulate back-end database systems on the banking network, which allows them, according to Alexander, \u201cto effectively change credit limits on various card types.\u201d<\/p>\n

By changing the limits on the credit cards, the cybercriminals would be able to steal large amounts of money through fraudulent credit card transactions.<\/p>\n

\u201cThe important thing here is that the attackers had access to the back-end databases and could easily manipulate, change, or destroy the data records and settings of Uniteller at will,\u201d he said.<\/p>\n

He said the screenshot was taken on May 26, but noted the March 2 timestamp suggests the cybercriminals could have been altering the system for close to three months.<\/p>\n

\n

\"A<\/p>\n

A screenshot shows the time of the cyberattacks on a critical banking system, and shows the hackers successfully running an exploit on the network. (Courtesy of Ed Alexander)<\/p>\n<\/div>\n

Alexander said the above screenshot was the result of the cybercriminals showing proof of the time, date, and level of access they had gained to the banking system.<\/p>\n

He noted that, \u201cAlong with the date, there was a screenshot returned of the system name string (uname -a command), its IP configuration data (ifconfig command) and a copy of the local password file to that particular server (\/etc\/passwd).\u201d<\/p>\n

\n

\"A<\/p>\n

A screenshot shows cybercriminals with \u201croot\u201d access to a major financial system. (Courtesy of Ed Alexander)<\/p>\n<\/div>\n

The above screenshot shows the cybercriminals with \u201croot\u201d (administrative) access to the banking server. It also shows files and directories, which the cybercriminals were allegedly modifying when the screenshot was taken.<\/p>\n

\u201cAdditionally, it is important to remember again, that the vulnerability being used here was run OUTSIDE Unitellers\u2019 security domain,\u201d Alexander said. \u201cThus, the attackers were remotely executing code on that server as they claimed.\u201d<\/p>\n

\"20160526\"<\/p>\n

The above screenshot shows a directory and file structure, which Alexander said was provided by the cybercriminals to show they were able to move between directories.<\/p>\n

The cybercriminals were interested in this particular directory, he said, since they claimed it allowed them to access a U.S. bank that Uniteller has a relationship with.<\/p>\n

He said this screenshot was also important, since the cybercriminals had previously demonstrated \u201cthat they had full credentials to Uniteller\u2019s systems and services and had the ability to change them at will.\u201d<\/p>\n

He also states that this is only a snapshot in time of a significant cybercrime that is currently in process.<\/p>\n

 <\/p>\n

Originally published on The Epoch Times.<\/span><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"

The global banking system has been compromised by cybercriminals who have demonstrated they have high-level access that gives them nearly full control to alter data and steal from banks, according to an expert who has been investigating them on the darknet private forums run by the hackers.<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[6,10],"tags":[],"acf":[],"_links":{"self":[{"href":"https:\/\/blackopspartners.com\/wp-json\/wp\/v2\/posts\/1000"}],"collection":[{"href":"https:\/\/blackopspartners.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blackopspartners.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blackopspartners.com\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/blackopspartners.com\/wp-json\/wp\/v2\/comments?post=1000"}],"version-history":[{"count":0,"href":"https:\/\/blackopspartners.com\/wp-json\/wp\/v2\/posts\/1000\/revisions"}],"wp:attachment":[{"href":"https:\/\/blackopspartners.com\/wp-json\/wp\/v2\/media?parent=1000"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blackopspartners.com\/wp-json\/wp\/v2\/categories?post=1000"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blackopspartners.com\/wp-json\/wp\/v2\/tags?post=1000"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}