How Russian Hackers Spiked the Currency Exchange Rate
It took just minutes, and a whole lot of money.
Russian hackers found a way to dramatically alter a currency exchange rate—in just 14 minutes.
Launching a virus known as Corkow Trojan against Russia-based Energobank, a group of Russian hackers altered the value of the ruble against the dollar, Bloomberg is reporting, citing an interview with Group-IB, the company that investigated the attack. The virus, which hit Energobank in Feb. 2015, allowed the hackers to buy more than $500 million “at non-market rates,” according to the report. The move was enough for the ruble’s exchange rate to jump from 55 to 66 rubles per dollar before it settled back down.
Oddly, the hackers are not believed to have profited from the attack, ostensibly because they did not sell any of the currency as rates fluctuated. But Group-IB told Bloomberg that it may have been a proof-of-concept to prepare for another hack.
The attack was discovered by Russia’s central bank and the Moscow Exchange after analyzing the day’s currency trading. While the Moscow Exchange would only confirm that it wasn’t hacked, the central bank claims that it couldn’t find any evidence of market manipulation, according to Bloomberg. Instead, the central bank believes that the massive fluctuation was due to mistaken trades. Whatever the case, Group-IB is convinced that the hack was enough to affect the ruble-dollar exchange rate.
Get Data Sheet, Fortune’s technology newsletter.
Indeed, the Group-IB, which investigates high-profile cybercrimes and cyber-theft, told Bloomberg that the Corkow Trojan is one of the more sophisticated tools hackers can use, and may even have the ability to attack machines that aren’t even connected to the Internet. In order to do so, the Trojan realizes that it’s on a local company network, and by worming its way through internal connections between those machines, can infect them through that connectivity. This allows the attacker to eventually gain access to the offline computers.
This isn’t the first time Russia-based hackers have been charged with malicious attacks. In December, for instance, Ukraine accused Russia of hacking into its power companies and ultimately taking down a power grid, a claim that Russia denies. Russian hackers were also cited for allegedly hacking the White House and State Department in 2014, giving them access to the President’s schedule, unclassified e-mails, and other data.
For more, read: Hackers Just Attacked 20 Million Alibaba Users’ Accounts
In 2014, Bloomberg Businessweek reported that Russian hackers managed to plant a “digital bomb” in the NASDAQ computer systems in 2010 that could have wreaked havoc on trading. While the “bomb” never went off, it sent a loud and clear message that sophisticated hackers can, and do, target critical infrastructure with ease.
While Group-IB says that the Energobank attack was performed by Russia-based hackers, it’s unknown whether it was the government snooping to see how it could affect exchange rates or independent hackers trying out their skills. And since most hackers at that level are experts, they often hide their tracks well enough to never be discovered.
Of course, if the hacks did originate from within the Russian government, it wouldn’t come as a surprise. China has admitted to having cyber warriors, and the U.S. may have been behind an attack that took down North Korea’s Internet access in 2014, after the U.S. linked a hack on Sony’s SNE -2.44% network to the country. The U.S. and Israel also reportedly worked together to use a worm that ultimately targeted Iran’s nuclear program. Still, it’s hard to pinpoint in many cases where the attacks originate.
Looking ahead, it’s possible that this won’t be the last time we hear of the Corkow Trojan. In a 2014 blog post, experts at security firm ESET said that Corkow has been roaming the Internet since 2011, seeking out banks and cash with no sign of slowing down.
“Several features, like enumeration of smart cards, targeting of dedicated banking applications mostly used by corporate customers, and looking for user activity regarding online banking sites and applications, electronic trading platform sites and applications and so forth, all suggest that the attackers are focusing their sights on financial professionals and enterprises, whose bank accounts usually hold a higher balance than those of most individuals,” the experts wrote at the time.
PLEASE COMMENT AND SUBSCRIBE!