New hack­ing tac­tics and cy­ber thefts re­vealed

China Daily (Hong Kong) - - WORLD - By REUTERS in Lon­don

Cy­ber­at­tacks tar­get­ing the global bank trans­fer sys­tem have suc­ceeded in steal­ing funds since Fe­bru­ary’s heist of $81 mil­lion from the Bangladesh cen­tral bank as hack­ers have be­come more so­phis­ti­cated in their tac­tics, ac­cord­ing to a SWIFT of­fi­cial and a pre­vi­ously undis­closed let­ter the or­ga­ni­za­tion sent to banks world­wide.

The mes­sag­ing net­work in a Nov 2 let­ter seen by Reuters warned banks of the es­ca­lat­ing threat to their sys­tems, ac­cord­ing to the SWIFT let­ter.

The at­tacks and new hack­ing tac­tics un­der­score the con­tin­u­ing vul­ner­a­bil­ity of the SWIFT mes­sag­ing net­work, which han­dles tril­lions of dol­lars in fund trans­fers daily.

“The threat is very per­sis­tent, adap­tive and so­phis­ti­cated — and it is here to stay,” SWIFT said in the Novem­ber let­ter to client banks.

The dis­clo­sures pro­vide fresh ev­i­dence that SWIFT re­mains at risk of at­tacks nearly a year after funds were stolen from a Bangladesh Bank ac­count at the Fed­eral Re­serve Bank of New York.

Tight­ened se­cu­rity

The un­prece­dented cy­ber theft prompted reg­u­la­tors around the globe to tighten bank se­cu­rity re­quire­ments, amidst a global in­ves­ti­ga­tion by the FBI, Bangladesh au­thor­i­ties and In­ter­pol.

Banks us­ing the SWIFT net­work, which in­clude both cen­tral banks and com­mer­cial banks, have been hit with a “mean­ing­ful” num­ber of at­tacks — about a fifth of them re­sult­ing in stolen funds, since the Bangladesh heist, Stephen Gilderdale, head of SWIFT’s Cus­tomer Se­curi- ty Pro­gram, said in a re­cent in­ter­view.

SWIFT, a Bel­gium-based co­op­er­a­tive owned by its user banks, had pre­vi­ously dis­closed hacks of three SWIFT users since Fe­bru­ary but said those did not lead to the loss of funds.

SWIFT’s let­ter to cus­tomers warned that hack­ers have re­fined their meth­ods for com­pro­mis­ing lo­cal bank sys­tems. One new tac­tic, the let­ter said, in­volved us­ing soft­ware that al­lows tech­ni­cians to ac­cess com­put­ers to pro­vide tech­ni­cal sup­port.

was stolen from Bangladesh’s cen­tral bank in Fe­bru­ary this year in one of the world’s big­gest cy­ber heists.

“We un­for­tu­nately con­tinue to see cases in which some of our cus­tomers’ en­vi­ron­ments are be­ing com­pro­mised” by thieves who then send fraud­u­lent pay­ment in­struc­tions through the SWIFT net­work — the same kind of mes­sages used to steal Bangladesh Bank funds, the let­ter said with­out elab­o­rat­ing fur­ther.

On Mon­day, a top po­lice in­ves­ti­ga­tor in Dhaka said that some Bangladesh cen­tral bank of­fi­cials de­lib­er­ately ex­posed its com­puter sys­tems and en­abled the theft.

He de­clined to iden­tify those of­fi­cials by name or say how many there were.

The com­ments by Mo­ham­mad Shah Alam, head of the Foren­sic Train­ing In­sti­tute of the Bangladesh po­lice’s crim­i­nal in­ves­ti­ga­tion de­part­ment, are the first sign that in­ves­ti­ga­tors have got a firm lead in one of the world’s big­gest cy­ber heists.

Ar­rests are likely soon, he said.

Newspapers in English

Newspapers from China

© PressReader. All rights reserved.