SWIFT con­firms new cy­ber thefts and hack­ing tac­tics

Hack­ers be­com­ing more so­phis­ti­cated

Kuwait Times - - INTERNATIONAL -

Cy­ber at­tacks tar­get­ing the global bank trans­fer sys­tem have suc­ceeded in steal­ing funds since Fe­bru­ary’s heist of $81 mil­lion from the Bangladesh cen­tral bank as hack­ers have be­come more so­phis­ti­cated in their tac­tics, ac­cord­ing to a SWIFT of­fi­cial and a pre­vi­ously undis­closed let­ter the or­ga­ni­za­tion sent to banks world­wide. The mes­sag­ing network in a Nov 2 let­ter seen by Reuters warned banks of the es­ca­lat­ing threat to their sys­tems, ac­cord­ing to the SWIFT let­ter. The at­tacks and new hack­ing tac­tics un­der­score the con­tin­u­ing vul­ner­a­bil­ity of the SWIFT mes­sag­ing network, which han­dles tril­lions of dol­lars in fund trans­fers daily.

“The threat is very per­sis­tent, adap­tive and so­phis­ti­cated - and it is here to stay,” SWIFT said in the Novem­ber let­ter to client banks, seen by Reuters. The dis­clo­sures pro­vide fresh ev­i­dence that SWIFT re­mains at risk of at­tacks nearly a year af­ter funds were stolen from a Bangladesh Bank ac­count at the Fed­eral Re­serve Bank of New York. The un­prece­dented cy­ber theft prompted reg­u­la­tors around the globe to tighten bank se­cu­rity re­quire­ments, amidst a global in­ves­ti­ga­tion by the FBI, Bangladesh author­i­ties and In­ter­pol.

Banks us­ing the SWIFT network, which in­clude both cen­tral banks and com­mer­cial banks, have been hit with a “mean­ing­ful” num­ber of at­tacks - about a fifth of them re­sult­ing in stolen funds, since the Bangladesh heist, Stephen Gilderdale, head of SWIFT’s Cus­tomer Se­cu­rity Pro­gram said in an in­ter­view on Thurs­day. SWIFT, a Bel­gium-based co-op­er­a­tive owned by its user banks, had pre­vi­ously dis­closed hacks of three SWIFT users since Fe­bru­ary but said those did not lead to the loss of funds.

SWIFT’s let­ter to cus­tomers warned that hack­ers have re­fined their meth­ods for com­pro­mis­ing lo­cal bank sys­tems. One new tac­tic, the let­ter said, in­volved us­ing soft­ware that al­lows tech­ni­cians to ac­cess com­put­ers to pro­vide tech­ni­cal sup­port. “We un­for­tu­nately con­tinue to see cases in which some of our cus­tomers’ en­vi­ron­ments are be­ing com­pro­mised” by thieves who then send fraud­u­lent pay­ment in­struc­tions through the SWIFT network the same kind of mes­sages used to steal Bangladesh Bank funds, the let­ter said with­out elab­o­rat­ing fur­ther.

On Mon­day, a top po­lice in­ves­ti­ga­tor in Dhaka told Reuters that some Bangladesh cen­tral bank of­fi­cials de­lib­er­ately ex­posed its com­puter sys­tems and en­abled the theft. He de­clined to iden­tify those of­fi­cials by name or say how many there were. The com­ments by Mo­ham­mad Shah Alam, head of the Foren­sic Train­ing In­sti­tute of the Bangladesh po­lice’s crim­i­nal in­ves­ti­ga­tion depart­ment, are the first sign that in­ves­ti­ga­tors have got a firm lead in one of the world’s big­gest cy­ber heists. Ar­rests are likely soon, he said. Bangladesh Bank spokesman Sub­hankar Saha de­clined to com­ment on Alam’s com­ments. A New York Fed spokeswoman also de­clined com­ment.

SWIFT’s Gilderdale de­clined to pro­vide fur­ther de­tails about more re­cent at­tacks or to name vic­tims or amounts stolen. Asked how many heists had been at­tempted, he said only that it was “a mean­ing­ful num­ber of cases.” “In all of th­ese cases at­tack­ers are sus­pected of try­ing to repli­cate the modus operandi of the Bangladesh at­tack­ers,” he added.

The in­tru­sions had been de­tected in a va­ri­ety of ways, Gilderdale said. In some cases, clients’ an­tivirus soft­ware had iden­ti­fied mal­ware. In oth­ers, a new fea­ture on soft­ware SWIFT pro­vides to clients alerted SWIFT di­rectly of an at­tempted ma­nip­u­la­tion of a client’s sys­tem. In one case, a fi­nan­cial reg­u­la­tor had no­ti­fied SWIFT of an at­tempted attack. Gilderdale said de­spite the new thefts, SWIFT be­lieved the sys­tem was be­com­ing more se­cure. “In 80 per­cent of the cases that we are aware of and where we have com­pleted in­ves­ti­ga­tions, a fraud has not ac­tu­ally ended up tak­ing place,” he said.

“I per­son­ally am very pleased with the progress that we are mak­ing,” he added. Suc­cess­ful bank hack­ings were too rare to say whether an 80 per­cent suc­cess rate was good or bad, Ben Caudill, a cy­ber se­cu­rity con­sul­tant with Rhino Se­cu­rity Labs in Seat­tle, said. SWIFT said in its let­ter to clients that the cy­ber threats were evolv­ing. “There are likely to be mul­ti­ple groups of cy­ber at­tack­ers at­tempt­ing to com­pro­mise cus­tomer en­vi­ron­ments,” it said. “There has been an evo­lu­tion in the modus operandi, sig­ni­fy­ing that at­tack­ers are fur­ther adapt­ing their meth­ods,” it added.

Gilderdale said it was im­pos­si­ble to say for sure whether the rate of at­tacks was in­creas­ing be­cause pre­vi­ously SWIFT did not track or re­ceive in­for­ma­tion from clients about in­ci­dents. SWIFT said that in all cases, the in­fil­tra­tions in­volved cus­tomers’ SWIFT in­ter­faces and that its own cen­tral com­mu­ni­ca­tions network had not been com­pro­mised. The ad­di­tional at­tacks SWIFT dis­closed to Reuters do not in­clude oth­ers that have al­ready come to light since the Bangladesh Bank heist. Thieves stole $250,000 from Bangladesh’s Son­ali bank in 2013. More than $12 mil­lion was stolen from Ecuador’s Banco del Aus­tro in 2015. Viet­nam’s Tien Phong Bank said in May that it foiled an at­tempt to steal money via SWIFT. — Reuters

GAZA: A Pales­tinian youth rides a don­key cart loaded with scrap metal in Gaza City yes­ter­day. — AFP

Newspapers in English

Newspapers from Kuwait

© PressReader. All rights reserved.