Operation High Roller

Operation High Roller was a series of fraud in the banking system in different parts of the world that used cyber-collection agents in order to collect PC and smart-phone information to electronically raid bank accounts.^[1] It was dissected in 2012 by McAfee and Guardian Analytics.^[2] A total of roughly $78 million was siphoned out of bank accounts due to this attack.^[3] The attackers were operating from servers in Russia, Albania and China to carry out electronic fund transfers.^[4]

Specifications

This cyber attack is described to have the following features:^[5]

• Bypassed Chip and PIN authentication.
• Required no human participation.
• Instruction came from cloud-based servers (rather than the hacker's PC) to further hide the identity of the attacker.
• Included elements of "insider levels of understanding".
• Banks in Europe, United States and Colombia were targeted.
• Impacted several classes of financial institution such as credit unions, large global banks, regional banks, and high-net-worth individuals.

While some sources have suggested it to be an extension of man-in-the-browser attack^[6] Operation High Roller is reported to have harnessed a more extensive level of automation distinguishing it from the traditional methods.^[7]

See also

• Stuxnet
• Flame
• Duqu
• Bundestrojaner
• Cyber-collection
• McAfee
• Guardian Analytics

References

External links

• CNN Money on Operation High Roller
• Operation High Roller on Yahoo Finance
• Fox News report on Operation High Roller
• McAfee/Guardian Analytics report on dissecting Operation High Roller
• Operation High Roller Revisited