Hackers siphon off $31 million from British bank accounts

Crime agencies from across Europe partner with the FBI to investigate and shut down the spread of Dridex banking malware.

Katie Collins Senior European Correspondent
Katie a UK-based news reporter and features writer. Officially, she is CNET's European correspondent, covering tech policy and Big Tech in the EU and UK. Unofficially, she serves as CNET's Taylor Swift correspondent. You can also find her writing about tech for good, ethics and human rights, the climate crisis, robots, travel and digital culture. She was once described a "living synth" by London's Evening Standard for having a microchip injected into her hand.
Katie Collins
2 min read


Hackers have stolen more than £20 million ($31 million) from British online bank accounts using hostile, intrusive software that harvested user log-in details.

The UK's National Crime Agency has partnered with the FBI and European crime agency Europol to investigate the breach, which they say was perpetrated using malware called Dridex, first detected around November 2014. Once a computer has been infected with Dridex, hackers can gain access and steal the owner's bank details. Money can then be slowly siphoned out of an account on a monthly basis.

On Tuesday, the National Crime Agency warned Internet users in the UK to be vigilant, particularly people using computers running Windows software.

Only British bank accounts have been affected so far, but financial institutions worldwide have been targeted by Dridex. The malware was created by highly adept cybercriminals from Eastern Europe, the crime agencies said, and has been designed to go unnoticed. That makes the hackers themselves extremely difficult to track down.

Malware attacks aimed at nabbing people's banking information have been around since the advent of online banking. But they increased 9 percent last year, according to security researcher Kaspersky Labs. Before Dridex, there was Cridex, and before Cridex there were many other types of malware. As consumers grow increasingly wise to malware attacks, hackers become ever-more accomplished at disguising them.

"Those who commit cybercrime are very often highly skilled and can be operating from different countries and continents," Robert Anderson, executive assistant director of the FBI, said in a statement. "They can and will deploy new malware and we, along with our partners, are alive to this threat and are constantly devising new approaches to tackle cybercrime."

Cyberattacks by professional hackers usually target individuals by tricking them into clicking a link that downloads malicious software to their devices, often without them knowing. Attackers can then use the malware to either steal from a device, or to remotely take control of it.

When computers are taken over like this they're used to form a botnet -- effectively a network of computers an attacker can control and use to spread viruses and spam to others. The National Crime Agency and the FBI are currently undertaking simultaneous "sinkhole" operations, through which they try to cut off communication between the hackers and the botnets they're using to circulate Dridex.

According to the National Crime Agency, it has "rendered a large portion of the botnet harmless" and is "now initiating remediation activity to safeguard victims". Law enforcement agencies from multiple countries have also coordinated to secure one "significant" arrest.

"This is a particularly virulent form of malware and we have been working with our international law enforcement partners, as well as key partners from industry, to mitigate the damage it causes," said Mike Hulett, operations head at the National Crime Agency's National Cyber Crime Unit. "Our investigation is ongoing and we expect further arrests to [be] made."