SecureState Blog

Read SecureState's award winning blog.

Project Blitzkrieg is a cybercriminal project aimed at recruiting 100 bot masters to help launch a series of lucrative online attacks against several United States based banks.  Last week the RSA posted on their blog several details around this planned attacks.  Journalist Brian Krebs recently posted a translated version of the Russian hacker vorVzakone’s recruitment post.  In this post, vorVzakone mentions that American banks are being targeted due to the weaker security mechanisms in placed around wire transfers.  Majority of the banks within Europe currently use two-factor authentication for transfers.

Is This a Real Threat?

Many individuals in the security and underground community have already started to question the legitimacy of this threat, as vorVzakone has recently published a video showing his face, home, and license plate number. Because of this, vorVzakone has made another statement as to why he revealed his identity.  He claims that Russian hackers can target financial institutions in the United States without having to worry about the consequences as long as their identities are not discovered during the actual theft.  He then went on to advertise a service that could aid fellow hackers in avoiding jail time.  For $40,000 any hacker can escape being prosecuted by the use of vorVzakone’s “insurance from criminal prosecution” services.  This service relies mostly on bribing investigators, police chiefs, lawyers and prosecutors. Typically, members of the criminal underground are not this confident, which leads to the thought that this project was initiated by Russian law enforcement in an attempt to unmask several cyber criminals.

Banks are Continual Targets

Over the past few weeks we have alerted on several attacks against financial institutions.  Most of these attacks have been Distributed Denial of Service (DDoS) attacks, but on paper Project Blitzkrieg appears to be a version of Zeus and Spyeye on steroids, aimed at creating fraudulent wire transfers.  In the event this threat is real, SecureState advises users to exercise caution when completing bank transactions.  Many banks now have options to alert by email or text when certain transactions are made over a certain amount.  Implementing these features and monitoring your account closely will help to quickly identify potential fraud so corrective action can be taken.