|
Exclusive: SWIFT confirms new cyber
thefts, hacking tactics
Send a link to a friend
 [December 13, 2016]
By Tom Bergin and Jim Finkle
LONDON/BOSTON (Reuters) - Cyber attacks
targeting the global bank transfer system have succeeded in stealing
funds since February’s heist of $81 million from the Bangladesh central
bank as hackers have become more sophisticated in their tactics,
according to a SWIFT official and a previously undisclosed letter the
organization sent to banks worldwide.
The messaging network in a Nov. 2 letter seen by Reuters warned banks of
the escalating threat to their systems, according to the SWIFT letter.
The attacks and new hacking tactics underscore the continuing
vulnerability of the SWIFT messaging network, which handles trillions of
dollars in fund transfers daily.
"The threat is very persistent, adaptive and sophisticated – and it is
here to stay," SWIFT said in the November letter to client banks, seen
by Reuters.
The disclosures provide fresh evidence that SWIFT remains at risk of
attacks nearly a year after funds were stolen from a Bangladesh Bank
account at the Federal Reserve Bank of New York. The unprecedented cyber
theft prompted regulators around the globe to tighten bank security
requirements, amidst a global investigation by the FBI, Bangladesh
authorities and Interpol.
Banks using the SWIFT network, which include both central banks and
commercial banks, have been hit with a "meaningful" number of attacks -
about a fifth of them resulting in stolen funds, since the Bangladesh
heist, Stephen Gilderdale, head of SWIFT’s Customer Security Programme,
told Reuters in an interview on Thursday.
SWIFT, a Belgium-based co-operative owned by its user banks, had
previously disclosed hacks of three SWIFT users since February but said
those did not lead to the loss of funds.
SWIFT's letter to customers warned that hackers have refined their
methods for compromising local bank systems. One new tactic, the letter
said, involved using software that allows technicians to access
computers to provide technical support.
"We unfortunately continue to see cases in which some of our customers’
environments are being compromised" by thieves who then send fraudulent
payment instructions through the SWIFT network - the same kind of
messages used to steal Bangladesh Bank funds, the letter said without
elaborating further.
On Monday, a top police investigator in Dhaka told Reuters that some
Bangladesh central bank officials deliberately exposed its computer
systems and enabled the theft. He declined to identify those officials
by name or say how many there were. The comments by Mohammad Shah Alam,
head of the Forensic Training Institute of the Bangladesh police's
criminal investigation department, are the first sign that investigators
have got a firm lead in one of the world's biggest cyber heists. Arrests
are likely soon, he said.
Bangladesh Bank spokesman Subhankar Saha declined to comment on Alam's
comments. A New York Fed spokeswoman also declined comment.
INFORMATION SHARING
SWIFT's Gilderdale declined to provide further details about more recent
attacks or to name victims or amounts stolen. Asked how many heists had
been attempted, he said only that it was "a meaningful number of cases.”
“In all of these cases attackers are suspected of trying to replicate
the modus operandi of the Bangladesh attackers,” he added.
[to top of second column] |
Swift code bank logo is displayed on an iPhone 6s on top of Euro
banknotes in this picture illustration made in Zenica, Bosnia and
Herzegovina, January 26, 2016. REUTERS/Dado Ruvic
The intrusions had been detected in a variety of ways, Gilderdale
said. In some cases, clients' antivirus software had identified
malware.
In others, a new feature on software SWIFT provides to clients
alerted SWIFT directly of an attempted manipulation of a client's
system. In one case, a financial regulator had notified SWIFT of an
attempted attack.
Gilderdale said despite the new thefts, SWIFT believed the system
was becoming more secure.
"In 80 percent of the cases that we are aware of and where we have
completed investigations, a fraud has not actually ended up taking
place,” he said.
"I personally am very pleased with the progress that we are making,"
he added.
Successful bank hackings were too rare to say whether an 80 percent
success rate was good or bad, Ben Caudill, a cyber security
consultant with Rhino Security Labs in Seattle, said.
SWIFT said in its letter to clients that the cyber threats were
evolving.
"There are likely to be multiple groups of cyber attackers
attempting to compromise customer environments," it said.
"There has been an evolution in the modus operandi, signifying that
attackers are further adapting their methods," it added.
Gilderdale said it was impossible to say for sure whether the rate
of attacks was increasing because previously SWIFT did not track or
receive information from clients about incidents.
SWIFT said that in all cases, the infiltrations involved customers’
SWIFT interfaces and that its own central communications network had
not been compromised.
The additional attacks SWIFT disclosed to Reuters do not include
others that have already come to light since the Bangladesh Bank
heist.
Thieves stole $250,000 from Bangladesh's Sonali bank in 2013. More
than $12 million was stolen from Ecuador's Banco del Austro in 2015.
Vietnam's Tien Phong Bank said in May that it foiled an attempt to
steal money via SWIFT.
(Editing by Brian Thevenot and Matthew Lewis)
[© 2016 Thomson Reuters. All rights
reserved.]
Copyright 2016 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed. |
