Swift confirms multiple cases of fraudulent message traffic

Swift confirms multiple cases of fraudulent message traffic

Interbank co-operative Swift has confirmed that it has experienced a number of recent instances of hackers compromising network interface devices at client banks to send fraudulent payment messages over the global banking network.

The confirmation that the recent $81 million heist at Bangladesh Bank was not an isolated incident emerged in a security alert sent by Swift to member banks worldwide and seen by Reuters.

The notice reads: "Swift is aware of a number of recent cyber incidents in which malicious insiders or external attackers have managed to submit Swift messages from financial institutions' back-offices, PCs or workstations connected to their local interface to the Swift network."

Yesterday, researchers at BAE Systems claimed that after gaining administrative rights at Bangladesh Bank, the hackers installed a piece of malware named evtdiag.exe which masked the $81 million in fraudulent transactions pushed through Swift's Alliance Access interface device.

The malware not only buried the fraudulent transactions but also intercepted Swift confirmation codes sent for printing and replaced the bogus transactional data with innocuous doctored copies of the messages.

In its warning to member banks, Swift said the attackers obtained valid credentials for operators authorised to create and approve Swift messages, then submitted fraudulent messages by impersonating those people.

The alert was accompanied by a software patch to block the malware used in the assault on Bangladesh Bank.

Swift spokeswoman Natasha Deteran told Reuters that the commonality in these cases was that internal or external attackers compromised the banks’ own environments to obtain valid operator credentials.

"Customers should do their utmost to protect against this," she said in an email to Reuters.

Comments: (2)

Saurabha Sahu
Saurabha Sahu - Wipro Limited - Bangalore 26 April, 2016, 15:19Be the first to give this comment the thumbs up 0 likes

Financials are the backbone of any organization. Maintaing security on and over the network is a vital part. Need to think, how we can make our financial eco system more robust from hacking as well as safe from the malacious virus? May be the new market enterant of Blockchain concept is an answer to this solution. 

Chetan Ghadge
Chetan Ghadge - Wipro - Pune 27 April, 2016, 04:48Be the first to give this comment the thumbs up 0 likes

Just giving some hollywood touch .

All these stories about software vulnerabilites and hacks reminds me of quote from the movie "Minoirty Report"


John Anderton : Why don't you cut the cute act, Danny boy, and tell me exactly what it is you're looking for?

Danny Witwer:  Flaws.

John Anderton : There hasn't been a murder in 6 years. There's nothing wrong with the system, it is perfect.

Danny Witwer: Perfect , I agree . But if there is a flaw it's human. It always is !!!!


Do i need to say anymore :)