Swift warns of second victim of bank hackers

Swift warns of second victim of bank hackers

In news that will send a shiver down the spines of banking regulators worldwide, bank-owned messaging network Swift is warning members that a second bank has fallen victim to the same kind of malware-based attack that led to an $81 million loss at the Bangladesh Central Bank.

In a letter sent to member banks this morning, and reviewed by the New York Times, Swift warned that the latest attack bore numerous similarities to the $81 million heist suffered by the Central Bank of Bangladesh and was very likely part of a “wider and highly adaptive campaign targeting banks”.

“The attackers clearly exhibit a deep and sophisticated knowledge of specific operation controls within the targeted banks — knowledge that may have been gained from malicious insiders or cyberattacks, or a combination of both,” Swift said in its warning, which is expected to be posted on a secure part of its website on Friday.

Police investigating the attack in Bangladesh said the central bank was vulnerable to hackers because it did not have a firewall and used second-hand, $10 routers to network computers connected to the Swift payment network.

Researchers at BAE System claim that after gaining administrative rights at Bangladesh Bank, the hackers installed a piece of malware named evtdiag.exe which shielded the attackers by changing information on transfer requests made via Swift on the client interface used by the bank to track information about transfer requests.

The malware not only buried the fraudulent transactions but also intercepted Swift confirmation codes sent for printing and replaced the bogus transactional data with innocuous doctored copies of the messages.

The latest bank to fall victim to the attackers is understood to have used a PDF reader to confirm that payments had been made, suggesting a higher level of sophistication than had been evident in the Bangladesh bank hack. Swift says the thieves obtained a valid Swift credential that allowed them to “create, approve and submit” messages on the network. Those messages — sent from PCs in the bank’s back offices or from laptops — were then used to move money from one of the bank’s accounts.

Swift has declined to name the bank involved or the amount of money that was stolen.

The latest incident once again turns the spotlight on the security of the network used by banks to transfer billions of dollars in transactions daily.

Swift has reiterated its stance that the core network remain secure, pointing to internal deficiencies and security lapses at member banks connecting to the network.

“Your first priority should be to ensure that you have all the preventative and detective measures in place to secure your own environment,” Swift said in its latest message. “This latest evidence adds further urgency to your work.”

Comments: (5)

Hitesh Thakkar
Hitesh Thakkar - SME - Fintech startups (APAC and Africa) - India 13 May, 2016, 15:38Be the first to give this comment the thumbs up 0 likes

You are as safe as your weakest Link.... more than decade old Security rule again proves right.

A Finextra member
A Finextra member 13 May, 2016, 18:21Be the first to give this comment the thumbs up 0 likes

Hitesh, you are absolutely right. So, what can be done about it? Perhaps rules about controls, and security software need to be mandated by SWIFT to allow banks to connect to its network? Thoughts?

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 13 May, 2016, 19:141 like 1 like

Replace SWIFT with Bitcoin / Blockchain?:) On a more serious note, from personal experience of developing and implementing a SWIFT gateway software product, SWIFT already mandates security controls for interconnection of banking systems with SWIFT. If a bank hasn't implemented these security controls, will SWIFT let it connect to its network? Well, that's the $81 million question, isn't it?

Ramadas Mv
Ramadas Mv - Enterprise Banking Architects - New Delhi 17 May, 2016, 06:131 like 1 like

Exactly correct, its high time start discussion on SWIFT Security..in an increasingly networked world, any one banks security only is as good as other participant bank network !! SWIFT have only internal security measures, it has not established any specific measures to be uniformly adopted by financial institutions to secure their networks. it high time to build concensus among partipants and SWIFT together implement security measures to aviod such lapses.. 

Hitesh Thakkar
Hitesh Thakkar - SME - Fintech startups (APAC and Africa) - India 17 May, 2016, 09:391 like 1 like

SWIFT can take some best practices of Securities trading platforms which has more tight control for system control access.

SWIFT can build message gateway for External interfaces and PC based front and back office applications to post transactons. It can be further cascaded with fraud and risk module on same gateway for all such external interfaces before posting their transactions.