Celebrities, high-net-worth individuals and politicos are in extortionists’ crosshairs: A group of unidentified hackers is threatening to publish Swiss bank account information.
According to Reuters, the group more specifically has hit the high-end Valartis Bank Liechtenstein, located in the Alpine principality that lies between Switzerland and Austria. The bank was formerly part of the Swiss-listed Valartis Group—but was recently sold to a Hong Kong-based holding company known as Citychamp Watch & Jewellery Group.
The outlet reports that blackmailers have found their way into the Liechtenstein bank's system and obtained customer account information, including that of many Germans—and are demanding 10% of the account balances, to be paid in Internet cryptocurrency Bitcoin.
The bank has not yet responded to requests for comment on the matter.
The approach differs from most financially motivated bank hacks, according to independent security researcher Graham Cluley.
“In a typical bank heist, the attackers either raid affected customers' accounts outright or they abuse something like the SWIFT platform to fraudulently transfer money to an account under their control,” he said, in a blog. “[Here}, the hackers want money from the bank's customers, or else they'll leak their account information online…The potential for fraud ultimately rests online, where an actor can abuse someone's bank account number and routing number to submit an Automated Clearing House (ACH) transaction.”
It’s an interesting gambit—if having the account info were such a threat to customers’ financial security, why wouldn’t the hackers simply use that information to drain the accounts entirely rather than asking for a 10% cut?
“Different countries have different ways of allowing people to withdraw money from their bank accounts,” Cluley said. “To process that kind of transaction, a criminal needs to have a valid bank account number and the routing number for the financial institution at which that account is held. But depending on how they attempt to withdraw money, they might need a physical card or photo identification.”
One answer could be the potential for getting caught.
“A bank can technically detect suspicious transactions through the use of anti-fraud measures,” Cluley noted. “It could alert the user, for example, if they detect a money withdrawal from another country, but as we all know, bad actors can circumvent that obstacle through the use of the VPN.”
As for what to do, disabling online transactions will in the very least help prevent remote actors from stealing account holders' money, he added.
Photo © Denis Linine/Shutterstock.com