Exclusive: SWIFT discloses more cyber thefts, pressures banks on security
The SWIFT logo is pictured in this photo illustration taken April 26, 2016. REUTERS/Carlo Allegri/Illustration/File Photo
By Jim Finkle
SWIFT, the global financial messaging system, on Tuesday disclosed new hacking attacks on its member banks as it pressured them to comply with security procedures instituted after February's high-profile $81 million heist at Bangladesh Bank.
In a private letter to clients, SWIFT said that new cyber-theft attempts - some of them successful - have surfaced since June, when it last updated customers on a string of attacks discovered after the attack on the Bangladesh central bank.
"Customers’ environments have been compromised, and subsequent attempts (were) made to send fraudulent payment instructions," according to a copy of the letter reviewed by Reuters. "The threat is persistent, adaptive and sophisticated - and it is here to stay."
The disclosure suggests that cyber thieves may have ramped up their efforts following the Bangladesh Bank heist, and that they specifically targeted banks with lax security procedures for SWIFT-enabled transfers.
The Brussels-based firm, a member-owned cooperative, indicated in Tuesday's letter that some victims in the new attacks lost money, but did not say how much was taken or how many of the attempted hacks succeeded. It did not identify specific victims, but said the banks varied in size and geography and used different methods for accessing SWIFT.
A SWIFT spokeswoman declined to elaborate on the recently uncovered incidents or the security issues detailed in the letter, saying the firm does not discuss affairs of specific customers.
All the victims shared one thing in common: Weaknesses in local security that attackers exploited to compromise local networks and send fraudulent messages requesting money transfers, according to the letter.
Accounts of the attack on Bangladesh Bank suggest that weak security procedures there made it easier to hack into computers used to send SWIFT messages requesting large money transfers. The bank lacked a firewall and used second-hand, $10 electronic switches to network those computers, according to the Bangladesh police.
SWIFT has repeatedly pushed banks to implement new security measures rolled out after the Bangladesh heist, including stronger systems for authenticating users and updates to its software for sending and receiving messages. But it has been difficult for SWIFT to force banks to comply because the nonprofit cooperative lacks regulatory authority over its members.
SWIFT told banks Tuesday that it might report them to regulators and banking partners if they failed to meet a November 19 deadline for installing the latest version of its software, which includes new security features designed to thwart the type of attacks described in its letter.
The security features include technology for verifying credentials of people accessing a bank's SWIFT system; stronger rules for password management; and better tools for identifying attempts to hack the software.
(For a graphic on how hackers made off with millions, click tmsnrt.rs/29WrMai)
SWIFT is trying coerce members into prioritizing cyber-security by threatening to share confidential information about security lapses that banks want to keep private, said Shane Shook, an independent security consultant who advises central banks.
"That type of information sharing is something that no bank likes to see happen without their direct approval and involvement, because it can affect market confidence," Shook said.
SWIFT disclosed the new hacks after reports of previous incidents prompted regulators in Europe and the United States to urge banks to bolster cyber-security.
Other cases involving fraudulent transfer requests include the theft of more than $12 million from Ecuador's Banco del Austro and a failed attempt later in 2015 to steal money from Vietnam's Tien Phong Bank.
The attacks have prompted regulators globally to press banks to bolster defenses.
The Bank of England in April ordered UK firms to detail actions to secure computers connected to the SWIFT system, while the European Banking Authority in May said domestic authorities should stress test banks for cyber risks.
The Federal Reserve and other U.S. agencies told banks in June to review protections against fraudulent money transfers.
Six U.S. senators on Monday urged the G20 nations to agree when they meet at a summit this weekend on a “coordinated strategy to combat cyber-crime at critical financial institutions.”
http://uk.reuters.com/article/us-cyber-heist-swift-idUKKCN11600C
The SWIFT logo is pictured in this photo illustration taken April 26, 2016. REUTERS/Carlo Allegri/Illustration/File Photo
By Jim Finkle
SWIFT, the global financial messaging system, on Tuesday disclosed new hacking attacks on its member banks as it pressured them to comply with security procedures instituted after February's high-profile $81 million heist at Bangladesh Bank.
In a private letter to clients, SWIFT said that new cyber-theft attempts - some of them successful - have surfaced since June, when it last updated customers on a string of attacks discovered after the attack on the Bangladesh central bank.
"Customers’ environments have been compromised, and subsequent attempts (were) made to send fraudulent payment instructions," according to a copy of the letter reviewed by Reuters. "The threat is persistent, adaptive and sophisticated - and it is here to stay."
The disclosure suggests that cyber thieves may have ramped up their efforts following the Bangladesh Bank heist, and that they specifically targeted banks with lax security procedures for SWIFT-enabled transfers.
The Brussels-based firm, a member-owned cooperative, indicated in Tuesday's letter that some victims in the new attacks lost money, but did not say how much was taken or how many of the attempted hacks succeeded. It did not identify specific victims, but said the banks varied in size and geography and used different methods for accessing SWIFT.
A SWIFT spokeswoman declined to elaborate on the recently uncovered incidents or the security issues detailed in the letter, saying the firm does not discuss affairs of specific customers.
All the victims shared one thing in common: Weaknesses in local security that attackers exploited to compromise local networks and send fraudulent messages requesting money transfers, according to the letter.
Accounts of the attack on Bangladesh Bank suggest that weak security procedures there made it easier to hack into computers used to send SWIFT messages requesting large money transfers. The bank lacked a firewall and used second-hand, $10 electronic switches to network those computers, according to the Bangladesh police.
SWIFT has repeatedly pushed banks to implement new security measures rolled out after the Bangladesh heist, including stronger systems for authenticating users and updates to its software for sending and receiving messages. But it has been difficult for SWIFT to force banks to comply because the nonprofit cooperative lacks regulatory authority over its members.
SWIFT told banks Tuesday that it might report them to regulators and banking partners if they failed to meet a November 19 deadline for installing the latest version of its software, which includes new security features designed to thwart the type of attacks described in its letter.
The security features include technology for verifying credentials of people accessing a bank's SWIFT system; stronger rules for password management; and better tools for identifying attempts to hack the software.
(For a graphic on how hackers made off with millions, click tmsnrt.rs/29WrMai)
SWIFT is trying coerce members into prioritizing cyber-security by threatening to share confidential information about security lapses that banks want to keep private, said Shane Shook, an independent security consultant who advises central banks.
"That type of information sharing is something that no bank likes to see happen without their direct approval and involvement, because it can affect market confidence," Shook said.
SWIFT disclosed the new hacks after reports of previous incidents prompted regulators in Europe and the United States to urge banks to bolster cyber-security.
Other cases involving fraudulent transfer requests include the theft of more than $12 million from Ecuador's Banco del Austro and a failed attempt later in 2015 to steal money from Vietnam's Tien Phong Bank.
The attacks have prompted regulators globally to press banks to bolster defenses.
The Bank of England in April ordered UK firms to detail actions to secure computers connected to the SWIFT system, while the European Banking Authority in May said domestic authorities should stress test banks for cyber risks.
The Federal Reserve and other U.S. agencies told banks in June to review protections against fraudulent money transfers.
Six U.S. senators on Monday urged the G20 nations to agree when they meet at a summit this weekend on a “coordinated strategy to combat cyber-crime at critical financial institutions.”
http://uk.reuters.com/article/us-cyber-heist-swift-idUKKCN11600C
Today at 7:52 am by Rocky
» utube 3/28/24 MM&C Iraqi Dinar - IQD Update - SWIFT - Purchasing Power - Urban Renaissance - Releas
Today at 7:51 am by Rocky
» Al-Mandalawi: Iraq is witnessing competition between major companies...and the House of Representati
Today at 7:49 am by Rocky
» The President of the Republic stresses the importance of the role of programmers in developing the w
Today at 7:46 am by Rocky
» The Minister of Industry and Minerals follows up on the technical and production performance of the
Today at 7:45 am by Rocky
» The Minister of Finance is following up on the field the progress of the newly implemented ASYCUDA s
Today at 7:44 am by Rocky
» Statistics: There are more than 15 million bank accounts in Iraq
Today at 7:42 am by Rocky
» Representative: One paragraph hinders the passage of a general amnesty within the House of Represent
Today at 7:37 am by Rocky
» Parliamentary Finance: “The draft federal budget law will be devoid of new job grades.”
Today at 7:36 am by Rocky
» Parliamentary action to resolve the fate of “food security contracts” in 15 governorates
Today at 7:35 am by Rocky
» 300 factories turned into "iron scrap" in Diyala
Today at 7:34 am by Rocky
» A deputy expects the dollar exchange rate to reach 140 Iraqi dinars
Today at 7:32 am by Rocky
» Al-Yasiri: The American administration is working hard to destroy the Iraqi economy
Today at 7:31 am by Rocky
» Infographic: The highest annual salaries of leaders of Arab countries
Today at 7:30 am by Rocky
» Communications announces that the electronic signature project has reached advanced stages
Today at 7:29 am by Rocky
» Parliamentary Integrity presents a file related to Kuwaiti violations of Iraqi oil
Today at 7:27 am by Rocky
» Parliamentary move to include amendments to Parliament’s internal regulations on the agenda (documen
Today at 7:25 am by Rocky
» The Iraqi President urges the Minister of Finance to expedite the payment of salaries to the Kurdist
Today at 7:23 am by Rocky
» Central Bank of Iraq sales exceeded $251 million at today’s auction
Today at 7:21 am by Rocky
» The Foreign Minister questions the "Iraqi resistance" attacks against Israel: the other side did not
Today at 7:20 am by Rocky
» The Minister of Labor announces progress in the electronic payment system
Today at 7:17 am by Rocky
» Interior Ministry: For the first time, we controlled the smuggling of petroleum derivatives by 98 pe
Today at 7:16 am by Rocky
» International companies offer offers to invest in the Dhi Qar marshes.. What distinguishes them?
Today at 7:15 am by Rocky
» “Tough” comments on interest rates raise the dollar globally
Today at 7:14 am by Rocky
» Iraq is the fifth largest oil supplier to South Korea in a month
Today at 7:12 am by Rocky
» Recovering more than 100 billion as a result of more than 200,000 employees on social welfare
Today at 7:11 am by Rocky
» The Sudanese consultant announces the completion of Baghdad Metro track designs
Today at 7:08 am by Rocky
» Al-Sudani stresses ending the problem of triple-shift schools
Today at 7:07 am by Rocky
» Iraq begins building two new tankers to transport petroleum products
Today at 7:06 am by Rocky
» Forming a council for “competition and preventing monopoly”
Today at 7:04 am by Rocky
» Features of an Iraqi-Turkish agreement regarding the status of the Kurdistan Workers’ Party
Today at 7:02 am by Rocky
» {Al-Buzrajiya} between the hammer of fraud and the power of the owners
Today at 7:01 am by Rocky
» Ministry of Oil: The gas sector is witnessing great development
Today at 6:59 am by Rocky
» An agreement with Britain in the field of securities
Today at 6:58 am by Rocky
» Discussions between Baghdad and Ankara to open a new port
Today at 6:57 am by Rocky
» Trade: About 11 million citizens updated their new card information
Today at 6:56 am by Rocky
» Electronic payment is sustainable growth
Today at 6:55 am by Rocky
» Experts: Iraq qualifies to be an important tourist country
Today at 6:54 am by Rocky
» Amending the Health Professions Law “robs” scientists of the central appointment 3 years after it wa
Today at 5:20 am by Rocky
» Is the “blessings package” that Erbil paid to the citizens of Kurdistan related to the elections?
Today at 5:19 am by Rocky
» Exceeded 5,000 projects.. Allocating 10 trillion dinars to support governorate reconstruction plans
Today at 5:18 am by Rocky
» “His need no longer exists.” Parliamentary Finance confirms the necessity of returning the retiremen
Today at 5:17 am by Rocky
» To communicate with the bases... 12 directives from Al-Sadr, including blocking numbers for non-gove
Today at 5:15 am by Rocky
» In an interview with "Baghdad Today"... an Iranian researcher reveals the importance of Haniyeh's vi
Today at 5:14 am by Rocky
» After it was 63 trillion in 2023... the 2024 budget deficit will rise to 80 trillion dinars
Today at 5:13 am by Rocky
» Parliament reveals the date of the first evaluation of the governors and determines the party respon
Today at 5:11 am by Rocky
» The President of the Republic informs Al-Araji and Al-Basri: Momentum must be mobilized to eliminate
Today at 5:10 am by Rocky
» Can the Federal Court sue others? A legal clarification of its response mechanism to abuse
Today at 5:09 am by Rocky
» Despite promises to soon stop burning gas.. What is the secret behind Iraq renewing the Iranian gas
Today at 5:07 am by Rocky
» Advisor to Al-Sudani: The dollar is on the way to further decline, and 70% of Iraqi traders have ent
Today at 5:06 am by Rocky
» Iraq exported more than 99 million barrels of oil last February
Today at 5:04 am by Rocky
» Barzani “gives good news” to Kurdistan employees: salaries, land, and loan exemptions
Today at 5:03 am by Rocky
» Alia Nassif: Nour Zuhair returned to the port of Umm Qasr to make deals.. An influential Shiite forc
Today at 5:02 am by Rocky
» The Prime Minister announces the movement of nearly 500 stalled projects
Today at 5:00 am by Rocky
» A government strategy to enhance investments.. Iraq is on the verge of a new era of economic develop
Today at 4:59 am by Rocky
» Ranging between 20% and 50%.. The Kurdistan government decides to reduce service fees, customs dutie
Today at 4:58 am by Rocky
» Al-Sudani: The reform approach in the security services is an integral part of reform in other secto
Today at 4:56 am by Rocky
» Everyone in Iraq wants the Sudanese visit to Washington to be successful, even the factions!
Today at 4:55 am by Rocky
» Sources and experts expect the agenda.. in his bag is the Baghdad dollar and the factions’ truce, bu
Today at 4:54 am by Rocky
» The decision to raise gasoline prices arouses the ire of drivers...a reminder of the large demonstra
Today at 4:53 am by Rocky
» Parliamentary services: 3 important hospitals in Baghdad will enter service at the end of the year
Today at 4:52 am by Rocky
» Iraq signs a contract to supply Iranian gas for a period of five years
Today at 4:50 am by Rocky
» Parliament adds a voting paragraph on amending the Penal Code to its agenda
Today at 4:49 am by Rocky
» His political advisor: We are not afraid of Sudanese entering the elections alone
Today at 4:48 am by Rocky
» Parliamentary services explain the reasons for the rise in real estate prices in Baghdad
Today at 4:46 am by Rocky
» Attia, criticizing the government's decisions: "The citizen's feathers will be ruffled without servi
Today at 4:45 am by Rocky
» Parliamentary Communications: Zain Iraq and Asiacell did not pay their debts
Today at 4:44 am by Rocky
» The Governor of Karbala announces the imminent establishment of the largest industrial city in the c
Today at 4:43 am by Rocky
» A government determination to end the issue of displaced persons in the middle of this year
Today at 4:42 am by Rocky
» Iraq buys gas from Kurdistan to generate electricity
Today at 4:41 am by Rocky
» Parliamentary signatures to include an amendment to the internal regulations to decide the choice of
Today at 4:40 am by Rocky
» In Basra.. a demonstration against foreign workers in Iraqi companies (video)
Today at 4:38 am by Rocky
» Al-Samarrai: Presidency of Parliament is an entitlement to the constituents, and calling it a “frame
Today at 4:36 am by Rocky
» Electronic food supplies in 6 governorates... covering 11 million Iraqis and “writing off” about 700
Today at 4:34 am by Rocky
» Corruption of the Ministry of Transport.. Representatives express their surprise at the minister’s s
Today at 4:32 am by Rocky
» The biggest supporter of the invasion of Iraq.. The death of former US Senator Joe Lieberman
Today at 4:31 am by Rocky
» Iraq is ranked “late.” A list of the most and least safe Arab countries for women
Today at 4:30 am by Rocky
» The Council of Ministers exempts the Gulf Interconnection Authority from guarantee fees: it is a gov
Yesterday at 7:48 am by Rocky
» The Iraqi government raises the size of the 2024 budget, and Parliament is “surprised”
Yesterday at 7:46 am by Rocky
» Popular Movement: We have many economic options away from American hegemony
Yesterday at 7:42 am by Rocky
» The Oil Parliament stresses the need to transfer part of the revenues to the producing governorates
Yesterday at 7:41 am by Rocky
» It will cover 14 regions in eastern Iraq.. A deputy reveals the “border electricity” project
Yesterday at 7:40 am by Rocky
» Experts Warn Mass Migration Threatens US Food Security
Yesterday at 7:37 am by Bama Diva
» Al-Fateh: America occupies Iraq through agreements
Yesterday at 7:37 am by Rocky
» Anger in Iraq over a "sudden decision"... and a reminder of a "general strike" that paralyzed the co
Yesterday at 7:34 am by Rocky
» Parliamentary Committee: Parliament is discussing today a decision that “disturbed” the Iraqis
Yesterday at 7:33 am by Rocky
» Ministry of Electricity: Our production will reach 27 thousand megawatts by May
Yesterday at 7:31 am by Rocky
» Diagnosing the “most important” problems in the oil file between Baghdad and Erbil.. What is the rel
Yesterday at 7:30 am by Rocky
» The Iraqi Fiqh Academy and the Sunni Endowment issue a fatwa to pay Zakat al-Fitr
Yesterday at 7:28 am by Rocky
» The National Bank of Iraq continues its digital transformation by launching its new banking system a
Yesterday at 7:26 am by Rocky
» Parliamentary Investment and the Central Bank are discussing the housing initiative
Yesterday at 7:25 am by Rocky
» The Prime Minister announces the restart of 500 suspended projects
Yesterday at 7:23 am by Rocky
» Al-Barti assesses the region's employees: Your salaries are insured and will be paid after resettlem
Yesterday at 7:21 am by Rocky
» Iraqi-American discussions in anticipation of the Sudanese visit
Yesterday at 7:20 am by Rocky
» Iraq and Turkey hold meetings in Ankara to discuss technical issues related to the development road
Yesterday at 7:17 am by Rocky
» A government parliamentary agreement to support budget revenues and governorate allocations for inve
Yesterday at 7:16 am by Rocky
» Oil: The gas sector is witnessing great development
Yesterday at 7:15 am by Rocky
» A Kurdish-French agreement to develop trade and economic relations
Yesterday at 7:13 am by Rocky
» Exchange companies in Mosul demand that they be entered into the currency selling window
Yesterday at 7:12 am by Rocky