You Are the Weakest Link, for Carbanak

carbanak10-260924Criminal gangs based in Russia, Ukraine and China are thought to have stolen huge sums of cash from dozens of banks and other financial institutions

The operation is believed to have been going on over the last two years and targeted banks in 30 countries including the U.S. and UK.

Security experts believe the attack targeted what is the weakest link in most organizations, the people who work there. In this case the hackers sent very specific emails so that the recipients would be far more likely to open any attachments.

The group, dubbed the Carbanak gang, used emails that looked official but were infected with malware. Once the employee clicked the hackers could see and record everything on their machine. This allowed them to then transfer money without it being readily noticed. For instance they might inflate someone’s account balance then transfer out the difference to a bank account in China or the U.S.

Amazingly they were also able to hijack ATMs and have them dole out cash to their members at an appointed time.

A researcher at security company Kaspersky Lab said the thefts were very slick and professional.

Banks and financial companies are also prone to under reporting any breaches in their security as it is bad for business, so the true extent may never be known.

Kaspersky estimate that $1bn may have been taken and that it is still going on.