bank was recipient named in failed Vietnam cyber-heist
Send a link to a friend
[May 17, 2016]
By Martin Petty and Mai Nguyen
HANOI (Reuters) - Cyber-criminals
unsuccessfully tried to send money from a Vietnamese bank to a Slovenian
one in December, but there have been no other cases of attempted
fraudulent transfers identified in Vietnam, a top central bank official
there said on Tuesday.
Le Manh Hung, head of the State Bank of Vietnam's (SBV) Information
Technology Department, told Reuters the Dec. 8 transfer - for 1.2
million euros ($1.36 million) via the SWIFT network - was the only
attempt to steal funds detected by Tien Phong Bank (TPBank).
Other Vietnamese banks and the SBV have not been hit, and the name
of the Slovenian bank was not known, he said. It was also not clear
how many accounts were listed as recipients.
The Slovenian central bank said it had no information on the matter
and was not informed about it by official bodies. The Slovenian
police had no immediate comment.
Unlisted TPBank revealed the interrupted cyber heist in response to
Reuters inquiries on Sunday. It involved the use of bogus SWIFT
messages, the technique at the heart of a massive theft in February
from the Bangladesh central bank.
SWIFT, a linchpin of the global financial system, is used by about
11,000 banks and financial institutions for transactions. The two
attacks on banks will likely increase scrutiny on the security of
Interpol was immediately informed of the attack via its
representative in Vietnam, Hung said.
There was no financial loss and TPBank found the bogus transfer
through its own reconciliation system, he said.
TPBank has not said which bank the funds were headed to and Hung
said he did not know the identity of the Slovenian partner.
Hung said TPBank was hit because a third-party vendor it had used to
connect to the SWIFT money transfer system was likely infected with
malware. The vendor's Internet servers were based in Singapore, he
said, adding he did not know the identity of the vendor provider.
SWIFT has declined comment on TPBank's claims. On Thursday, it had
said a unnamed commercial bank was targeted by a malware attack
similar to the one at Bangladesh Bank.
[to top of second column]
But SWIFT said in mid-May the malware it had found was used to remove traces of
fraudulent transactions, not to conduct the transaction, adding the attackers
had used other methods it did not identify to send the fraudulent transfer
Hung said it was the vendor that had been compromised, rather than TPBank's own
systems. TPBank has declined Reuters requests for further comment.
TPBank, founded in 2008 by Vietnam's top technology firm FPT Corp, is considered
one of the communist country's most modern and tech-savvy banks and it this
month received the "Best Internet Banking" prize from The Asian Banker.
In February, in one of the world's biggest ever cyber-heists, hackers tried to
steal nearly $1 billion from Bangladesh Bank's account at the New York Federal
Reserve. Most orders were blocked but $81 million was transferred to accounts in
the Philippines and most of the money remains missing.
(Additional reporting by Marja Novak in Ljubljana, Slovenia; Editing by Raju
Gopalakrishnan and John Stonestreet)
[© 2016 Thomson Reuters. All rights
Copyright 2016 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.