bnn.lv Latviski   bnn-news.com English   bnn-news.ru По-русски
Monday 18.06.2018 | Name days: Madis, Alberts
LatviaLatvia

Latvian banks fall victim to large-scale theft

FaceBook
Twitter
Draugiem
print
(No Ratings Yet)

Baltic news, News from Latvia, BNN.LV, BNN-NEWS.COM, BNN-NEWS.RULast Wednesday, 3 May, a massive theft took place. Experts are still unsure about the exact scale and possible consequences of this crime. The crime involves IT service provider Rostelecom, which is partially owned by Russia. This company managed to intercept data flow from multiple banks. Among them are two Latvian banks, as reported by Nekā personīga.

The programme reports that banks claim no data was stolen from them, as all activities are safely encrypted. Internet security experts, on the other hand are not so certain. The Russian company most likely managed to access strategically important information about the internal function of those banks. This information can be used for large-scale attacks.

On 26 April, Rostelekom managed to achieve that all transactions performed by banks were being redirected in secret through Russia for five to seven minutes. NP notes that this was an unprecedented event when a company owned by the Russian state intercepted all correspondence.

It is possible that what happened was only a test. Reaction to this ‘test’ allows Russian special services to study the speed and methods used to trace the attack.

Cert.lv deputy manager Varis Teivans told the programme: «This is what happened with this data flow. For ban X, transaction communication with MasterCard or VISA was performed not through original partners in Germany or USA or elsewhere, but through internet service provider close to the Russian state.»

It is possible to trace Rostelekom’s attacks by the seconds on websites that process data flow. It is clear from looking at the data that banks’ transactions are performed using specific data transfer companies. Suddenly, all data starts flowing through Rostelekom servers, NP explains.

Rostelekom can be compared to Latvia’s Lattelecom, the programme notes. The only difference is the size and scale of the company. Rostelekom has enormous international internet connections with other world-class IT companies. Lattelecom established a high-speed optic communication line with Rostelekom in 2009.

The company was previously managed by Sergei Kalugin, who was later rotated to Transport Ministry. Since March 2017, the company has been managed by a different political figure from United Russia – Mikhail Osevskiy. He was St Petersburg’s vice-governor for ten years. After that, he was vice-president of VTB Bank.

Rostelekom’s data interception can be considered an attack, because the intercepted information was carefully selected to contain only specific bank and credit card servicing companies VISA and MasterCard. Something like that cannot happen automatically, journalists say.

Teivans says that this situation is an indication that Russia does not care about secrecy in its cyber-operations. It shows the country is prepared to play dirty in the open without worrying about opinions of international partners, because this Rostelekom is not isolated – it has partners around the world.

They all know an incident has taken place. The question is – what excuse will Rostelekom offer. It is a sigh that they will no longer try to hide. Perhaps it is their strategic goal – to not hide any longer. Perhaps they want their cyber capabilities to be shown to the public and more amplified and cultivated in public space. Similar to how Russian hackers were glorified during elections in USA. And this is a goal to some extent, Cert.lv expert told the programme.

It should be noted that data from Norvik and DNB Bank was intercepted in Latvia. Representatives of the two banks told NP that they use encryption methods to communicate with other service providers. Data intercepted by thieves should be unreadable to thieves.

Cert.lv experts are not as optimistic – even if the encryption key is intact, intercepted information is still very valuable for plans of future attacks. «It is the same as performing reconnaissance of the area before a battle, learning about the opposing army’s strengths and weaknesses. Having information allows generals to plan the scale, tactics and goals of attacks.»

Teivans explains the situation: «Neither we nor they can confirm that something has been stolen. It should be clear to everyone that financial institutions will always say that everything is good and nothing is stolen. […] Even though it was impossible to steal anything of value, they still surveyed the map. The attacker now knows the correspondence targets of those financial institutions when they perform transactions. They can now come up with measures to influence those processes.»

When asked if banks suffered damages or not, Defence Ministry’s state secretary Janis Garisons told NP: «It is hard to say, because we only have initial estimates. Banks should be asked directly.»

The Defence Ministry’s representative replies the following way in relation to any attack objectives: «We can only assume, but it is hard to say if there was any goal, what was and what was not achieved.»

NP found out that the largest internet service providers in Latvia have formed LIX system. When internet communications in foreign countries were expensive, communication in Latvia was performed through this network. As technologies continue to develop, it is now cheaper to use networks in foreign countries.

Latvia has strict rules on data flow that affect so-called critical infrastructure, stating that it should be performed solely through state networks.

Teivans says that this situation raises certain concerns, «because this is not the first time when we see communication intended for Latvia or goes from Latvia is unexpectedly diverted through Moscow. Such cases were noted in the past as well. One such incident took place last year – data intended to be transferred from one institution in Latvia to another was unexpectedly transferred through Moscow.»

Estonia has a special law that states that bank transactions in the cyber environment have to be performed within Estonia’s borders. Latvian Defence Ministry wants to establish similar legislation, but it is currently very hard to limit the IT sector in the country.

Ref: 225.109.109.6011


Leave a reply

Corruption watchdog requests criminal prosecution of Bank of Latvia head

Latvia’s Corruption Prevention and Combating Bureau has sent materials of a criminal case to the prosecutor’s office with a request to commence criminal prosecution of Bank of Latvia governor Ilmārs Rimšēvičs and businessman Māris Martinsons.

Riga City Council votes to add Vidzeme market to Riga Central Market’s capital

Riga City Council’s City Property Development Committee has voted in favour of adding Vidzeme Market to AS Riga Central Market’s capital. Opposition members voted against this during the meeting.

Police dismantle criminal group specialising in storage and transportation of excise goods

Officers of Latvia’s State Revenue Service discovered a suspicious shipment during a routine inspection of a vehicle at Riga Passenger Port. With help from State Police, officers found more than 2.3 million illegal cigarettes and 960 litres of spirit, as confirmed by police.

airBaltic receives its ninth Bombardier CS300 aircraft

On 17 June, Latvia’s airBaltic airline received its ninth Bombardier CS300 aircraft. The airline plans to expand its existing aircraft fleet with 14 CS300 aircraft before the end of the year.

Employment agency invites employers to apply for new job support programme

Employers will be able to apply for participation in a programme of the European Social Fund to help create subsidized jobs for unemployed people. Eighteen offices of Latvia’s State Employment Agency will be offering registration until 27 June.

Programme: government continues working on MPC plan’s cancellation

The disproportionate mandatory procurement component costs have become one of the biggest political scandals in Latvia since autumn last year. Attempts to put an end to the MPC system are continuing alongside the search of those responsible for the dysfunctional system. The government’s work group say it is impossible to completely cancel the system, as reported by Nekā Personīga programme.

De Facto: ABLV Bank’s self-liquidation – controlled or not so much?

«Controlled self-liquidation» – this is the undefined procedure Finance and Capital Market Commission has picked for ABLV Bank. This decision came after three months of document assessment, discussions with politicians and active media campaigns, as noted by De Facto journalists.

Latvia police investigate link between murdered insolvency administrator and missing businessman

Latvia’s State Police have begun an investigation of a possible link between the murdered insolvency administrator Mārtiņš Bunkus and the missing businessman Andris Bojārs, as confirmed by police representative Ilze Jurēvica.

Hundreds of migrants rejected in Italy allowed to leave ships in Spain

Migrants taken on rescue ships in the Mediterranean Sea and turned away by Italy and Malta have arrived in Spain's port of Valencia as three ships arrived in the harbour, including the Aquarius, which rescued the 630 migrants the week before.

Monday expected to be exceptionally hot in Latvia

Cool masses of air will flow into Latvia at the beginning of the week. Wind speed will increase as well. Several rain-cloud zones will pass through the country. Monday is expected to be the hottest day of this week in Latvia, as air temperature will likely reach +23° C… +26° C in most of the country. South-east regions of Latvia may even experience air temperature of +29° C.

Week in Lithuania. Lithuanian Railways joins European train system Interrail

Lithuanian state railway company Lietuvos Geležinkeliai has joined Interrail, a European train system that allows passengers to buy cheaper tickets for train travel across Europe.

Zolitūde tragedy lawyer criticises Latvian laws as favourable to insolvency administrators, not business owners

Outspoken Latvian lawyer, Aldis Gobzems, who defends in civil trials the victims of the Zolitūde supermarket collapse, where 54 people died and dozens suffered injuries, has joined the KPV LV party for the parliamentary election and is pointing to perceived political support to a few successful insolvency administrators.

Eurozone simulation with monthly billions to be quit in 2018

The European Central Bank has stated it would quit end its massive programme to stimulate the eurozone economy by buying bonds for 30 billion euros each month in December.

Human traffickers in Hungary sent to prison for 71 people dead in meat truck

For the deaths of 71 migrants, who suffocated in a sealed meat truck in Hungary in August 2015, a Hungarian court has sentenced four men to 25-year jail terms after finding them guilty of people-smuggling.

Lithuanian employers bristle against minimum wage raise to 450 euro

The disparities of the socio-economic development of the regions are very high in Lithuania, so raising the minimum wage from 400 euros now to 450 euros as suggested by the Lithuanian Government would cripple many small and medium-sized business owners in the less prosperous regions and the municipalities, Lithuanian economists caution. The minimum wage was raised in Lithuania by 20 per cent to 400 euros last year.

No-confidence vote on Latvian Justice Minister postponed to June 20

In the Latvian parliament, two motions asking for the resignation of Latvian Justice Minister Dzintars Rasnačs have been submitted and the vote is expected to take place on June 20.

Judge urges to stop testing politicians for cooperation with Soviet KGB

As Latvian politicians running in elections have to acknowledge that they have not worked for the Soviet State Security Committee during the Soviet occupation of the country, courts have since 1995 been looking into cases of possible cooperation and now, due to the lack of evidence, politicians should drop the evaluation of possible cooperation with the KGB, suggested a judge at the Riga Regional Court.

State budget income up 11% in Latvia this year

In the Latvian state budget, a total of 3.8 billion euros have been paid in the first five months of 2018, which is by 11% more than in the respective period last year, the Latvian State Revenue Service stated.

Volkswagen fined billion euros for diesel exhaust scheme

German car maker Volkswagen has been fined one billion euros by German prosecutors for its diesel emissions scandal and the car firm's management has stated it did not plan to appeal against the fine.

U.S.: Sanctions against North Korea to remain until complete denuclearisation

The U.S. has warned North Korea that it would not see any economic sanctions lifted until it has demonstrated «complete denuclearisation», according to U.S. Secretary of State Mike Pompeo.

Popular restaurant chain denies alleged tampering with cash registers

Criminal police in Latvia has conducted searches at the popular Riga restaurant chain Vairāk Saules on suspicion of alleged tampering with its cash registers.

Pigs in first swine fever-hit farm culled

As to the first case of domestic pigs in Latvia being infected with the African swine fever virus in 2018, Latvian veterinary authorities have culled 165 pigs in the affected farm in central Latvia.

Bank of Latvia head appeals against decision to remove his access to state secrets

The Bank of Latvia President, Ilmārs Rimšēvičs, who is suspected of accepting a bribe, has appealed to the Prosecutor General, Ēriks Kalnmeiers, against the decision by the Latvian Constitution Protection Bureau to remove his permit to access state secrets.

Charging electric car to cost 15 cents per minute in Latvia

As Latvia builds its network of 150 quick charging stations for electric vehicles, the Latvian government has approved the cost of the service at 15 euro cents per minute with the value added tax.

Bank watchdog allows ABLV Bank to perform voluntary liquidation

Latvian Financial and Capital Market Commission (FCMC) has decided at a board meeting to allow ABLV Bank to start its voluntary liquidation process.

Have you been offered a bribe for particular choice in election?

View Results

Loading ... Loading ...

Polls Archive



Category feed: Feed: