British banks are thought to have lost tens of millions of pounds after a gang of Russian based hackers spent the last two years orchestrating the largest cybercrime ever uncovered.
As much as £650 million is thought to have gone missing after the gang used computer viruses to infect networks in more than 100 financial institutions worldwide.
The hackers managed to infiltrate the bank’s internal computer systems using malware, which lurked in the networks for months, gathering information and feeding it back to the gang.
The illegal software was so sophisticated that it allowed the criminals to view video feeds from within supposedly secure offices as they gathered the data they needed to steal.
Once they were ready to strike, they were able to impersonate bank staff online in order to transfer millions of pounds into dummy accounts.
They were even able to instruct cash machines to dispense money at random times of the day even without a bank card.
While the criminals behind the audacious electronic raid are thought to be based in Russia, the scale of their crime was truly global with banks in Japan, China, the United States and throughout Europe having been hit.
The scale of the losses by UK based financial institutions has not yet been disclosed, but is thought to run into tens of millions of pounds.
The scam was uncovered by the Russian cybersecurity firm, Kaspersky Lab, which was called in to investigate after a cash machine in Ukraine was found to have been spitting out money at random times.
As investigators began to look into the problem they were staggered by the scale of the crime they uncovered.
A spokesman for Kaspersky Lab said: “The plot marks the beginning of a new stage in the evolution of cybercriminal activity, where malicious users steal money directly from banks, and avoid targeting end users.”
Despite the fact the plot has been uncovered, it is feared that banks may still find themselves falling victim as once installed the malware can operate almost independently and is extremely difficult to identify.
The cybercriminals would gain entry to an employee’s system through a process called spear phishing, where they would send an email which appeared to come from a trusted source.