Читать книгу Hacking Innovation - Josh Linkner - Страница 15

A masked man walks into a bank, hands the teller a note demanding that unmarked bills be placed in a paper bag and handed over. Or else. For many of us, this is what comes to mind when we think of a bank robbery. It’s been done the same since long before the days of Bonnie and Clyde.

Perhaps the most famous bank robber of all time, the notorious John Dillinger robbed 13 banks across five states in the Midwest, making away with over $300,000 in loot. His criminal feats were so compelling that his exploits have been glamorized in 14 star-studded motion pictures.

Compare that to the 2015 heist that most of us never heard about. Over 100 banks across 30 countries were taken for over $1 billion. Though robbers like Jesse James are more infamous, even his spoils pale in comparison to these perpetrators, who have never been identified or caught. Russian cybersecurity firm Kaspersky issued a report that documented these new robbers’ exploits. Thought to be a gang of hackers from Russia and China, they leveraged hacker mindsets to perpetrate the biggest heist in history.

Studying the crimes, Kaspersky reverse-engineered their approach. It began not only with a clear motive (stealing money) and target (banks), but also with intense curiosity. Rather than following a traditional approach, the hackers relentlessly questioned conventional tactics. They dared to try completely new strategies.

One part of their scheme involved breaking into the source code of ATM machines, allowing them to be remotely controlled. From thousands of miles away, the gang instructed specific machines to literally spew cash at exact times. They enlisted ‘money mules’ to approach the ATM machines at a precise time and collect the cash without even pressing a single button. Another aspect of the plan included deducting small amounts from thousands of accounts and then routing these funds from one account to another, through a series of inter-connected servers, making the eventual flow of funds untraceable.

To accomplish this historic heist, the robbers first had to get inside the fortress. To do this, they sent thousands of emails to unsuspecting bank employees around the world. The emails lured bank employees to open an attachment. With a single click, secretive malware was installed on the banks’ computer systems, providing the hackers unfettered access from the inside.

Rather than executing a quick grab-and-go, the patient hackers used their newfound access to study the inner-workings of each target bank. Their sense of exploration drove them to find new, better possibilities. They carefully studied each bank’s security protocols, audit trails, reporting structures, and asset flows. Their underlying quest for more insight led them deeper into their victims’ cyber-vaults, allowing them to reveal unprecedented access to near limitless funds.

Hacker mindset #2, Compasses Over Maps, enabled a crime of epic proportion and allowed these deviants to cover their tracks for a clean getaway. Rather than locking on a plan before launching their scheme, they learned and adapted along the way. They playfully taunted bank security professionals by rigging ATMs to spit out cash, and they harnessed curiosity to walk away unscathed, with over a billion dollars.

We should all feel uncomfortable here. There were real victims in this crime, and the criminals who committed these thefts should be brought to justice. I certainly don’t condone their crimes and am not encouraging you to break the law. But if we put aside their malicious intent, this small group solved a very complex problem in a novel way. Their innovative hacks outsmarted their competition and enabled them to achieve, if not exceed, their desired outcome. Embracing the hacker mindset of Compasses Over Maps can empower you to achieve your own outcomes with the same skill of these notorious criminals. But please direct your hack toward positive, legitimate ends.