Project Blitzkrieg Might Ruin 2013 for You
Those wily Russian hackers are at it again, this time coming after our hard-earned American dollars in the form of a massive scam that could net the perpetrators upwards of $100 million. According to a report from security firm RSA, the scheme, dubbed “Project Blitzkrieg,” is set to launch in Spring 2013. Every financial institution from PayPal to Wells Fargo could be hit. That is, if it’s a real operation at all.
Headed up by famed Russian hacker “vorVzakone,” Project Blitzkrieg targets more than 30 U.S. banks. Using a highly functional Trojan virus known as “Gozi Prinimalka,” the botmasters are able to clone the information of any infected PC, thereby granting them access to the user’s online banking service. From there, you can start waving goodbye to your money, because the bots will funnel it into several pre-determined accounts.
vorVzakone didn’t stop at “take the money and run” in his plan, though. He also plans to flood the fraud hotlines at the banks with a Skype autodialer that will keep wires jammed for hours. vorVzakone must be feeling confident, as he demonstrated the jamming process (which he also offers as a service for sale) in a recent YouTube video. Because, after all, as the hacker said on the Russian UnderWeb forum, he’s in The Motherland—no U.S. official is going to touch him.
That kind of brazen behavior, while atypical for most hacking groups, seems to be the modus operandi for vorVzakone and his ilk. Project Blitzkrieg actually has had a web presence since September, with Vory recruiting members and posting another YouTube video (in six parts) showing his face, license plate number and home, all without a trace of worry. Risky, considering that the FBI recently began having quite a bit of success catching career cybercriminals who share personal info.
Perhaps that has something to do with his “insurance from criminal prosecution” service, which promises to keep its subscribers out of jail and still hacking. For 15,000 rubles ($500), users can buy an insurance service that aims to bribe officials to keep them out of prison. If that’s not good enough, Vory also promises to provide “people who are ready to go to prison instead of the subscriber” for a cool $100,000. Breaking Bad, anyone?
Vory is promising to bribe everyone from internal affairs detectives to investigators and police chiefs—an unprecedented range of law enforcement to be sure. Couple that level of promise with Vory’s incredible openness about the scheme, and it starts to look like the one scammer is scamming the other scammers.
Call me crazy, but it seems like you shouldn’t trust dudes who look like they just stepped out of a KMFDM video. Beyond that, Vory has been discussing the progress of and recruiting for Project Blitzkrieg for months—virtually all out in the open on the UnderWeb forum. It is unheard of, for the most part, for serious hacking groups to recruit from the masses, especially so publicly. That alone should raise some red flags, inasmuch as these hugely renown Russian hackers (Vory and his buddy, NSD) have broken their cover to flaunt themselves, a big no-no in the hacking world.
Yet, to date, no arrests. There are YouTube videos, scores of text files, and other evidence tying the aforementioned Russian hackers to the effort. So either Vory decided to scam his fellow thieves, or they actually did run into some trouble with the law and flipped to mitigate the damages. It’s certainly not unheard of. “Insurance from criminal prosecution,” indeed.
Or these guys just have enormous balls and really believe no one is going to touch them. That’s not unheard of either, and there’s no reason it shouldn’t be—Americans are defrauded collectively of $21 billion annually online. And besides, our online banking services are essentially wide open compared to the dual-layer authentication European financial services use. We are, effectively, the perfect mark: incautious, wealthy and gullible, at least in terms of online security. No wonder Vory thinks he can plaster his face all over YouTube.
Gozi doesn’t target banks, per se, but rather you—users of online banking. The Trojan has to be on the user’s computer so naturally you’d want to avoid all the behaviors that lead to Trojans. Downloading unfamiliar files, banking on unsecure networks, friending malicious accounts on social media, clicking suspicious links—all this contributes to losing your info. But then, you knew that already.