Over the past Philippine Independence Day (held in June), a hacker group managed to steal millions of Philippine pesos from United Coconut Planters Bank (UCPB) using a combination of massive ATM withdrawals and online transfers during the three-day holiday.
The first investigations have concluded, so the Philippine authorities have revealed that the attack would have been perpetrated by local hackers in complicity with local cybercriminals, who managed to make about 60 withdrawals at a single ATM, completely emptying the machine.
Another detail revealed about the incident is that the amount stolen amounts to 167 million Philippine pesos (around $35 million USD). According to one source, the authorities are looking at whether the crime was perpetrated with the collaboration of internal staff of the bank under attack.
Other reports indicate that behind the incident a much larger and more dangerous hacker group could be found, as a fraction of the stolen money was transferred through online operations to accounts of other local banks, from which the money was withdrawn moments after the attack.
The anonymous informant claims that at least 13 bank accounts were created for this purpose; the accounts used by the hackers are inactive: “The owners of these accounts are being investigated by local authorities”. The informant also mentions that complaints are being filed against holders of other accounts potentially linked to embezzle.
The authorities remain surprised by the cunning of the hackers, as they took advantage of the low activity on holidays to complete the mass heist with the help of the bank’s ATM network. As mentioned in previous paragraphs, the criminals managed to make 57 withdrawals from a single cashier, conduct that could be verified when analyzing the bank’s surveillance videos. It was the local authorities who analyzed the videos, discovering that those who made these cash withdrawals were Nigerian immigrants.
Regarding the method hackers used to go unnoticed, the informant believes the problem began when the bank decided to upgrade its computer systems, so much of its IT infrastructure migrated to Microsoft-offered services: “Many of us believe this generated an exploitable vulnerability,” says the anonymous informant.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.