U.S. authorities are asserting that the country’s banks were unscathed by malware that enabled a foreign crime ring to steal hundreds of millions of dollars from 100 banks in 30 countries.
Reuters Wednesday reported that it had obtained a joint “private industry notification” from the Federal Bureau of Investigation and the Secret Service stating that the agencies had no evidence that any U.S. bank had been affected by malware from the so-called Carbanak crime ring.
The hackers took over bank systems to make fraudulent transfers and cash withdrawals. The crime ring’s activities were made public last week by Russian cybersecurity firm Kaspersky Lab.
“The FBI and USSS (U.S. Secret Service) have received no reports that Carbanak malware has affected the U.S. financial sector,” the agencies’ private memo to banks reportedly said. “But we continue to analyze investigative information as well as technical indicators released by private industry.”
Reuters did not say whether it had contacted banks for comment on whether they had actually been infected with the malware and lost money.
The Financial Services Information Sharing and Analysis Center, an industry consortium, told the New York Times on Saturday that “our members are aware of this activity. We have disseminated intelligence on this attack to the members,” and that “some briefings were also provided by law enforcement entities.”
In an interview with American Banker, Chris Doggett, managing director of Kaspersky Lab North America, said “We saw a number of U.S. bank targets, and we know definitively that at least one major U.S. bank was used as part of the Carbanak operation.”
The Society for Worldwide Interbank Financial Telecommunication’s SWIFT messaging network was apparently used by the hackers to move money between banks. In response to questions from CFO about the Kaspersky Lab findings, a SWIFT spokesperson said, “SWIFT does not respond to allegations about third parties.”