Hackers changed ruble exchange rate for 15% by means of a virus
Material posted: Publication date: 08-02-2016
Group-IB published the review in which insists that ruble rate fluctuations in February, 2015 were caused by hacker attack to Power bank. Before the Central Bank reported that demands were exposed by bank, and hacker attack wasn't.

Company Group-IB has published the review in which it is said that the Russian hackers have cracked system of safety of regional bank on the site and by means of a virus could change a rouble exchange rate at the exchange auctions more than to 15 %. It is a question of the Kazan Power bank, the head of department of investigations and service of cyberinvestigation Group-IB Dmitry Volkov has explained RBC.

Hackers used a virus under name Corkow Trojan. As a result of attack the bank has placed in February, 2015 orders more than on $500 million on nerynochnomu. Actions of the hacker have caused very big volatilnost within six minutes that has allowed to make the transaction on purchase of dollars at the rate of 59,0560 and in 51 second to sell at the rate of 62,3490, is told in the review.

The harmful software applied to attack, is capable to open on the computer bekdor (the channel of remote management) through legitimately looking sites or files and then to force it to performance of commands of hackers. Virus Corkow is constantly updated for detour of anti-virus programs. It has got into 250 thousand computers worldwide and has infected more than hundred financial institutions, is told in review Group-IB. Means of anti-virus protection are not capable to resist effectively to this threat, experts have found out. In all banks where this harmful program has been fixed, has been established and correctly the antivirus worked. Thus the harmful program can be in a network not noticed more than six months.

Using the harmful software, the hacker has caused serious jumps of a dollar exchange rate, it is underlined in report Group-IB. For 14 minutes the hacker has achieved abnormal volatilnosti that has allowed to buy dollar for 55 rbl., and to sell on 62 rbl. Before incident traders 60-62 rbl. for dollar bargained in a market range.

The power bank asserted that then its losses have made 244 million rbl. at the expense of these transactions. In turn, proofs of that hackers have got profit on this operation, no. Later the Moscow stock exchange has informed that its systems have not been cracked as a result of this incident. Investigation of the Central Bank has not established manipulations in the currency market. Also the Central Bank denied earlier the information on extraneous intervention in trading system "Power bank": according to the Central Bank, these demands were exposed by bank.

In Group-IB underline that on volatilnosti usual clients of a stock exchange have earned. «As a result of this fraud the bank has incurred big financial and reputatsionnyj a damage as many players in the market do not trust the version with breaking and willingly all write off on an error of the operator of trading system», - is told in the review. Nevertheless Wolves has declared that the Power bank can collect the losses from those who is responsible for penetration of harmful maintenance into trading system. «However these persons it is necessary to establish still», - he speaks.

In the end of March, 2015 the committee on the currency market of the Moscow stock exchange recommended to stock exchange board to exclude Power bank from structure of participants of the auctions of the currency market because of insufficient security of system of information security of bank. Transactions with Power bank that day concluded three broker companies: "finam", BKS and «Otrytie the Broker» which clients bought currency at a low course. The bank through court has demanded from brokers to compensate the losses. From "Opening" he demanded 117,3 million rbl., with BKS - 118,5 million and with "Finama" - 7,8 million rbl., however in March the Vahitovsky district court of Kazan has refused satisfaction of the claim on the ground that the Power bank also had been put in the statement in law enforcement bodies.

sledstvie conducts the Ministry of Internal Affairs of Tatarstan which has brought under the statement of bank criminal case under item 272 of the criminal code of Russian Federation (wrongful access to the computer information). According to agency "Interfax", in April investigating bodies seized means of clients of "Finama", "Opening" and BKS. The same day tatarstanskoe the Ministry of Internal Affairs has declared that the auctions on behalf of Power bank have passed on February, 27th after introduction of a computer virus. Thus the consequence on criminal case has been decided to continue.

As it is marked in review Group-IB, in August, 2015 there was other important incident to use of the settlement system uniting about 250 banks and allowing to remove means from cards Visa and MasterCard under favourable tariffs. Then through cash dispenses of one of participants of this settlement system some hundreds millions roubles which as it was found out later, were result of hacker attack with use all the same trojan Corkow have been given out.

Julia Titova

Source: <http://www.rbc.ru/finances/08/02/2016/56b89bab9a7947474f91de83?from=main>

Tags: security , information Society