By Emily Frost – emily.frost@internationalbanker.com
Technology has advanced rapidly over the past decade, and now more than ever the advancements of computer technology have taken the mainstream role across industries around the globe. The banking sector has been revolutionised by computational methods and technological systems. By the same token, new forms of bank fraud, robbery and crime have evolved—with methods such as physical heists and getaways an almost distant memory. What might arguably be identified as much more of a danger is the new age banking sector threat of hackers and cybercriminals. Hackers are able to carry out theft and cyber warfare against major banking institutions from all over the globe—attacking institutions worldwide from the comfort of their computer desktops with the mere effort of a few keystrokes and mouse clicks. Cyber-boundary breaches are rife, according to research recently reported by the US FBI, who have found themselves working on an increasing number of investigations related to cybercrimes that specifically target banks and large financial-services institutions. American banks have had the greatest number of attacks to date—with bulge-bracket US banks such as JPMorgan Chase bearing the brunt of the cybercrime warfare most recently.
One the most prevalent types of crime being investigated currently is executed by hacking banking databases and mainframes and accessing huge swathes of critical banking data—including crucial customer personal and banking history details. This data is then processed to carry out a number of criminal procedures and in some cases passed on to other hackers working on collaborative hacking endeavours. Why US banks are the key target currently boils down to a few reasons—the most likely of which is that the hackers are either based within America’s major economic opponent, China, or its major political opponent, Russia. Often Russian hackers are seeking retaliation for the restraints and sanctions (imposed based on the conflict with Ukraine) that have impacted Russia. In China, the economic rivalry between China and the US is driving another hacker agenda to access US banking data. Overall the hackers involved are seeking to profit from the data they extract from their cybercrimes—one way or another. Although a number of involved parties play down the retaliation angle publicly so as not to stoke the hacker fire in the media, there is considerable evidence of bank hacking.
US banks have been the centre of political hacking fire over the past few years. Another example, which does not involve data extraction, has been “denial of service attacks”; these attacks direct large streams of web traffic to a bank’s website in order to create a slow, chaotic or non- existent web service and presence. Rapid and repeated streams of this type of attack can severely damage a bank’s business over the short and long term, depending on the will of the hackers involved. Hackers may also aim to steal important data from banking-institution targets to use directly for self-profit or sell to another party to generate a profit. The “dark net” has grown rapidly—processing an increasing number of transactions day by day. The dark net is a part of the Internet in which a wide range of certain business and monetary transactions can occur without regulation or the tracking and logging usually carried out by major search engines such as Google. The dark net acts as an online black-market environment and can provide the perfect marketplace for hackers to sell stolen data—such as customer credit card numbers and banking details. Major banking institutions need to improve their knowledge base and measures in this regard to help provide security against hackers. If the market for hackers to sell the stolen data is shut down, or at the very least minimised, then this type of hacking would essentially contract naturally of its own accord.
Perhaps the most serious of all is the type of hacking that is carried out under the supervision of a large political or commercial superpower, which has the goal of gathering financial intelligence to exploit for particular gains and goals. Commercial enterprises are capable of gleaning a lot of information from analysing the transactional data of a bank. In particular, data specifying deals in mergers and acquisitions and also equity financing are the ideal targets for some hackers; this information may be used for repositioning and new “modern age” insider trading. Banks hold all kinds of sensitive data, and this data can be of immense value when placed in the hands of the appropriate parties.
Banks are still lagging in terms of foreseeing and sufficiently protecting against hacker attacks—which are designed to be cutting edge while showing dogged commitment to purpose. Certain criminal hacking groups across the globe have even gone as far as developing hacking tools of such rigour that even the world’s strongest cyber defences can only hope to defeat them. Although banks and financial-services firms have realised the need to invest and act in the area of cyber security to a much greater extent and at a much faster rate compared to other major worldwide industries and business sectors, there is still much work to do in this area, and acceleration of pace is vitally needed.