Sign in / up

back to article Hacking group RTM able to divert bulk financial transfers with malware

Cybercrime group RTM is deploying complex malware based in the Delphi programming language to target Remote Banking Systems (RBS), a type of business software used to make bulk financial transfers. The problem was severe enough to warrant an advisory from FinCERT, a Russian CERT responsible for fighting cybercrime targeting …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. POKE 649,0

    TEXT files!!

    Our corporate banking app used to have this. I could browse onto a secured network share where the transfer files were stored. Only SysAdmins and certain Finance peeps had access. Within this folder I could see many text files that were all plain text which included account details that our Banking application would pull data from when making transfers to Suppliers.... Some transfers could be in the millions. I still can't believe it today that it worked like this. Thankfully the software was upgraded to an online version so the server was decommed.

    0 0 Reply
    1. John G Imrie
      Reply Icon

      Re: TEXT files!!

      Text files would be ok (ish) if there was an MD5 or smiler digest of the file sent on a separate channel. But encrypting the files at rest would have been better.

      0 0 Reply
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Re: TEXT files!!

        MD5 can be potentially pre-imaged, so that's not an option.

        The best approach would be double-signing using black-box modules. It would be signed with both the private key of the sender and the public key of the recipient (both of which the recipient can verify at their end). That way there are three things the hackers would have to do to make an altered order authentic: hack into EACH black box to obtain the keys (and FIPS-compliant boxes are fitted with suicide circuits to prevent this), then resign the ticket with the corresponding keys.

        0 0 Reply
    2. Stevie
      Reply Icon

      Re: TEXT files!!

      No, it's okay, because all the Russian files are encoded in a scheme called Cyrillic, which has gibberish plaintext with backwards letters and stuff.

      4 0 Reply
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Re: TEXT files!!

        No, no, no. If you want some secure AF atomic transactions you need to get some AI, blockchains, keyboard strokes, and some self-destructing Intel Atom C2xxx chips to control it, deploy it with great success, then fire all the muggles and hire only wizards, and call the press. There, all done! Let's go to Chipotle for lunch!

        0 0 Reply
  2. noddybollock

    It the yanks I tell ya - Clinton getting her revenge

    .

    .

    Strange, when anything gets hacked in the USoA it's all ways seems to be about WHO done it, yet when the ruskies are attacked - no mention of the perps - strange that eh.

    2 0 Reply
    1. MrDamage Silver badge
      Reply Icon

      Yeah, it's almost like they want to fix the problem first, without giving the miscreants advanced warning of a polonium pellet to the leg.

      2 0 Reply
  3. Anonymous Coward
    Terminator

    Delphi and accounting software to blame for massive financial cybercrime

    "Cybercrime group RTM is deploying complex malware based in the Delphi programming language"

    There, I've fixed the title for you and not once managed to mention Microsoft Windows.

    1 0 Reply
  4. Version 1.0 Silver badge

    Security?

    We've heard of it but there's no real need to worry about it - the losses will be covered by insurance and the interest rates... assuming that the losses are real.

    If I was Russian and running a bank, what would be the best way to extract a decent income? Make it look like some gang has hacked the bank ...

    1 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like