The hackers often struck late on Fridays, starting about a year ago, sending skeleton crews at more than a dozen European banks rushing to keep bombardments of digital gibberish from crashing their websites.
Damaging as the bandwidth-choking attacks were, they were merely smokescreens. Once employees dropped their guard to fight one attack, hackers struck again, exploiting the openings to steal account information and create counterfeit debit cards.
One attack was so fast that, within two hours, $9 million was withdrawn from automated teller machines in 46 cities, according to Francis deSouza, president of products and services for Symantec Corp (SYMC)., the Mountain View, California-based information security company that investigated the incidents.
Symantec’s findings show that the attacks, which have been around for years, have evolved from nuisances causing temporary website outages into one of the cheapest and most effective ways to rob banks. They’ve become the online equivalent of a common street hustle, with the initial assault being the shiny object that distracts bank security teams long enough to pick customers’ pockets.