Exclusive: SWIFT confirms new cyber thefts, hacking tactics
By Tom Bergin and Jim Finkle | LONDON/BOSTON
Cyber attacks targeting the global bank transfer system have succeeded in stealing funds since February’s heist of $81 million from the Bangladesh central bank as hackers have become more sophisticated in their tactics, according to a SWIFT official and a previously undisclosed letter the organization sent to banks worldwide.
The messaging network in a Nov. 2 letter seen by Reuters warned banks of the escalating threat to their systems, according to the SWIFT letter. The attacks and new hacking tactics underscore the continuing vulnerability of the SWIFT messaging network, which handles trillions of dollars in fund transfers daily.
"The threat is very persistent, adaptive and sophisticated – and it is here to stay," SWIFT said in the November letter to client banks, seen by Reuters.
How hackers made off with millions: When hackers tried to steal nearly $1 billion from Bangladesh’s central bank, the Federal Reserve Bank of New York failed to spot warning signs and nearly let all the money go. Here's an animated guide of how the heist worked.
The disclosures provide fresh evidence that SWIFT remains at risk of attacks nearly a year after funds were stolen from a Bangladesh Bank account at the Federal Reserve Bank of New York. The unprecedented cyber theft prompted regulators around the globe to tighten bank security requirements, amidst a global investigation by the FBI, Bangladesh authorities and Interpol.
Banks using the SWIFT network, which include both central banks and commercial banks, have been hit with a "meaningful" number of attacks - about a fifth of them resulting in stolen funds, since the Bangladesh heist, Stephen Gilderdale, head of SWIFT’s Customer Security Programme, told Reuters in an interview on Thursday.
SWIFT, a Belgium-based co-operative owned by its user banks, had previously disclosed hacks of three SWIFT users since February but said those did not lead to the loss of funds.
SWIFT's letter to customers warned that hackers have refined their methods for compromising local bank systems. One new tactic, the letter said, involved using software that allows technicians to access computers to provide technical support.
"We unfortunately continue to see cases in which some of our customers’ environments are being compromised" by thieves who then send fraudulent payment instructions through the SWIFT network - the same kind of messages used to steal Bangladesh Bank funds, the letter said without elaborating further.
On Monday, a top police investigator in Dhaka told Reuters that some Bangladesh central bank officials deliberately exposed its computer systems and enabled the theft. He declined to identify those officials by name or say how many there were. The comments by Mohammad Shah Alam, head of the Forensic Training Institute of the Bangladesh police's criminal investigation department, are the first sign that investigators have got a firm lead in one of the world's biggest cyber heists. Arrests are likely soon, he said.
Bangladesh Bank spokesman Subhankar Saha declined to comment on Alam's comments. A New York Fed spokeswoman also declined comment.
INFORMATION SHARING
SWIFT's Gilderdale declined to provide further details about more recent attacks or to name victims or amounts stolen. Asked how many heists had been attempted, he said only that it was "a meaningful number of cases.”
“In all of these cases attackers are suspected of trying to replicate the modus operandi of the Bangladesh attackers,” he added.
The intrusions had been detected in a variety of ways, Gilderdale said. In some cases, clients' antivirus software had identified malware.
In others, a new feature on software SWIFT provides to clients alerted SWIFT directly of an attempted manipulation of a client's system. In one case, a financial regulator had notified SWIFT of an attempted attack.
Gilderdale said despite the new thefts, SWIFT believed the system was becoming more secure.
"In 80 percent of the cases that we are aware of and where we have completed investigations, a fraud has not actually ended up taking place,” he said.
"I personally am very pleased with the progress that we are making," he added.
Successful bank hackings were too rare to say whether an 80 percent success rate was good or bad, Ben Caudill, a cyber security consultant with Rhino Security Labs in Seattle, said.
SWIFT said in its letter to clients that the cyber threats were evolving.
"There are likely to be multiple groups of cyber attackers attempting to compromise customer environments," it said.
"There has been an evolution in the modus operandi, signifying that attackers are further adapting their methods," it added.
Gilderdale said it was impossible to say for sure whether the rate of attacks was increasing because previously SWIFT did not track or receive information from clients about incidents.
SWIFT said that in all cases, the infiltrations involved customers’ SWIFT interfaces and that its own central communications network had not been compromised.
The additional attacks SWIFT disclosed to Reuters do not include others that have already come to light since the Bangladesh Bank heist.
Thieves stole $250,000 from Bangladesh's Sonali bank in 2013. More than $12 million was stolen from Ecuador's Banco del Austro in 2015. Vietnam's Tien Phong Bank said in May that it foiled an attempt to steal money via SWIFT.
http://www.reuters.com/article/us-usa-cyber-swift-exclusive-idUSKBN1412NT
By Tom Bergin and Jim Finkle | LONDON/BOSTON
Cyber attacks targeting the global bank transfer system have succeeded in stealing funds since February’s heist of $81 million from the Bangladesh central bank as hackers have become more sophisticated in their tactics, according to a SWIFT official and a previously undisclosed letter the organization sent to banks worldwide.
The messaging network in a Nov. 2 letter seen by Reuters warned banks of the escalating threat to their systems, according to the SWIFT letter. The attacks and new hacking tactics underscore the continuing vulnerability of the SWIFT messaging network, which handles trillions of dollars in fund transfers daily.
"The threat is very persistent, adaptive and sophisticated – and it is here to stay," SWIFT said in the November letter to client banks, seen by Reuters.
How hackers made off with millions: When hackers tried to steal nearly $1 billion from Bangladesh’s central bank, the Federal Reserve Bank of New York failed to spot warning signs and nearly let all the money go. Here's an animated guide of how the heist worked.
The disclosures provide fresh evidence that SWIFT remains at risk of attacks nearly a year after funds were stolen from a Bangladesh Bank account at the Federal Reserve Bank of New York. The unprecedented cyber theft prompted regulators around the globe to tighten bank security requirements, amidst a global investigation by the FBI, Bangladesh authorities and Interpol.
Banks using the SWIFT network, which include both central banks and commercial banks, have been hit with a "meaningful" number of attacks - about a fifth of them resulting in stolen funds, since the Bangladesh heist, Stephen Gilderdale, head of SWIFT’s Customer Security Programme, told Reuters in an interview on Thursday.
SWIFT, a Belgium-based co-operative owned by its user banks, had previously disclosed hacks of three SWIFT users since February but said those did not lead to the loss of funds.
SWIFT's letter to customers warned that hackers have refined their methods for compromising local bank systems. One new tactic, the letter said, involved using software that allows technicians to access computers to provide technical support.
"We unfortunately continue to see cases in which some of our customers’ environments are being compromised" by thieves who then send fraudulent payment instructions through the SWIFT network - the same kind of messages used to steal Bangladesh Bank funds, the letter said without elaborating further.
On Monday, a top police investigator in Dhaka told Reuters that some Bangladesh central bank officials deliberately exposed its computer systems and enabled the theft. He declined to identify those officials by name or say how many there were. The comments by Mohammad Shah Alam, head of the Forensic Training Institute of the Bangladesh police's criminal investigation department, are the first sign that investigators have got a firm lead in one of the world's biggest cyber heists. Arrests are likely soon, he said.
Bangladesh Bank spokesman Subhankar Saha declined to comment on Alam's comments. A New York Fed spokeswoman also declined comment.
INFORMATION SHARING
SWIFT's Gilderdale declined to provide further details about more recent attacks or to name victims or amounts stolen. Asked how many heists had been attempted, he said only that it was "a meaningful number of cases.”
“In all of these cases attackers are suspected of trying to replicate the modus operandi of the Bangladesh attackers,” he added.
The intrusions had been detected in a variety of ways, Gilderdale said. In some cases, clients' antivirus software had identified malware.
In others, a new feature on software SWIFT provides to clients alerted SWIFT directly of an attempted manipulation of a client's system. In one case, a financial regulator had notified SWIFT of an attempted attack.
Gilderdale said despite the new thefts, SWIFT believed the system was becoming more secure.
"In 80 percent of the cases that we are aware of and where we have completed investigations, a fraud has not actually ended up taking place,” he said.
"I personally am very pleased with the progress that we are making," he added.
Successful bank hackings were too rare to say whether an 80 percent success rate was good or bad, Ben Caudill, a cyber security consultant with Rhino Security Labs in Seattle, said.
SWIFT said in its letter to clients that the cyber threats were evolving.
"There are likely to be multiple groups of cyber attackers attempting to compromise customer environments," it said.
"There has been an evolution in the modus operandi, signifying that attackers are further adapting their methods," it added.
Gilderdale said it was impossible to say for sure whether the rate of attacks was increasing because previously SWIFT did not track or receive information from clients about incidents.
SWIFT said that in all cases, the infiltrations involved customers’ SWIFT interfaces and that its own central communications network had not been compromised.
The additional attacks SWIFT disclosed to Reuters do not include others that have already come to light since the Bangladesh Bank heist.
Thieves stole $250,000 from Bangladesh's Sonali bank in 2013. More than $12 million was stolen from Ecuador's Banco del Austro in 2015. Vietnam's Tien Phong Bank said in May that it foiled an attempt to steal money via SWIFT.
http://www.reuters.com/article/us-usa-cyber-swift-exclusive-idUSKBN1412NT
Today at 4:09 am by Rocky
» The Council of Ministers will suspend official working hours next Wednesday
Today at 4:07 am by Rocky
» An almost complete outage of water and electricity in western Anbar
Today at 4:06 am by Rocky
» Parliamentary expectations of extending the legislative term to approve the budget
Today at 4:00 am by Rocky
» Education: The cost of participating in the electronic school will amount to 200 thousand dinars
Today at 3:59 am by Rocky
» Al-Sudani arrives in Riyadh to participate in the World Economic Forum
Today at 3:58 am by Rocky
» A newspaper reveals a dark world that brings together bloggers and politicians
Today at 3:57 am by Rocky
» Al-Marsoumi: The bombing of the Kormor field undermined efforts to achieve self-sufficiency in gas
Today at 3:55 am by Rocky
» utube MM&C 4/24/24 Support - USA- Turkey - Timing- Currency Value - Tabled
Yesterday at 2:18 pm by Rocky
» utube MM&C 4/26/24 Iraqi Dinar - US Treasury Exchange Rates- Focus - Banking Partnerships - Rate C
Yesterday at 2:17 pm by Rocky
» Parliamentary efforts to transform Iraq into a global market for transferring Internet capacities
Yesterday at 2:07 pm by Rocky
» A parliamentary committee that enriches the political forces: Stop plundering Iraq’s wealth and work
Yesterday at 1:56 pm by Rocky
» Politician: Salem Al-Issawi is the most likely to assume the presidency of Parliament
Yesterday at 1:55 pm by Rocky
» The price of the dollar is close to 145 thousand dinars؛ how much is $100 worth of transactions؟
Yesterday at 11:57 am by wciappetta
» Al-Sudani: The world today is witnessing crises whose impact has been reflected in the global econo
Yesterday at 9:50 am by Rocky
» The Federal Court responds to an inquiry by Al-Sudani regarding the powers of the provincial council
Yesterday at 9:40 am by Rocky
» Among them are the Iraqis... a list of the most sought-after immigrants to America
Yesterday at 9:38 am by Rocky
» An expert talks about the "biggest barrier" and the positives of merging Iraqi and Arab banks
Yesterday at 9:29 am by Rocky
» The House of Representatives adjourns its session
Yesterday at 9:24 am by Rocky
» Parliamentary demands to expedite the legislation of the Eid al-Ghadir holiday law (documents)
Yesterday at 9:23 am by Rocky
» Parliament adds the paragraph “Electing the Speaker of the House of Representatives” to its agenda
Yesterday at 9:21 am by Rocky
» Alsumaria publishes the text of the law against prostitution and homosexuality
Yesterday at 9:20 am by Rocky
» A parliamentarian reveals the reason for the failure of the Speaker of Parliament to pass during tod
Yesterday at 9:19 am by Rocky
» Al-Sudani: The government has launched many strategies and initiatives that will improve the reality
Yesterday at 8:42 am by Rocky
» International Business: Iraq has made progress in supporting businesses through investment and priva
Yesterday at 8:33 am by Rocky
» Association of Banks: Iraq is witnessing great development in the transition to electronic governmen
Yesterday at 8:25 am by Rocky
» The House of Representatives votes to add an item to its agenda (election of the Speaker of the Hous
Yesterday at 8:22 am by Rocky
» Parliamentary integrity: Combating corruption requires parliamentary legislation
Yesterday at 8:15 am by Rocky
» Al-Karaawi: America is trying to restrict Iraq
Yesterday at 8:13 am by Rocky
» The State of Law coalition moves to form the local government in Diyala
Yesterday at 8:12 am by Rocky
» The Sudanese and his battle against corruption.. Where is the fault with the government or with the
Yesterday at 8:11 am by Rocky
» Prime Minister's Advisor: We will see the dollar fall on the black market soon
Yesterday at 8:09 am by Rocky
» The Sunni blocs are resolute. The presidency of the Council is ours, away from Al-Halbousi
Yesterday at 8:08 am by Rocky
» Al-Sudani discusses with a workers’ organization his government’s steps in this field
Yesterday at 7:58 am by Rocky
» Parliament holds its session in the presence of 170 deputies
Yesterday at 7:57 am by Rocky
» In the presence of Nechirvan Barzani and Al-Sudani... the State Administration Coalition holds an “i
Yesterday at 7:55 am by Rocky
» The UAE company ADNOC resorts to Iraqi oil. Find out the reasons
Yesterday at 7:53 am by Rocky
» The Iraqi Parliament votes to add an item to elect a president to its agenda
Yesterday at 7:52 am by Rocky
» The Federal Court responds to an inquiry by Al-Sudani regarding the powers of the provincial council
Yesterday at 7:51 am by Rocky
» Al-Sudani: It is necessary to attract women to work as a productive energy that cannot be disrupted
Yesterday at 7:47 am by Rocky
» Zebari regarding targeting the Kormor field: a systematic attack on the economy of Kurdistan
Yesterday at 7:46 am by Rocky
» Saudi Arabia tops, and this is Iraq's rank... a list of major suppliers of crude oil to South Korea
Yesterday at 7:45 am by Rocky
» With a value of 125 million dollars.. Iraq is at the forefront of countries importing Iranian textil
Yesterday at 7:44 am by Rocky
» More than a billion dollars in sales from the Iraqi Central Bank within a week
Yesterday at 7:43 am by Rocky
» Al-Sudani stresses the need for the expertise of the International Labor Organization to legislate a
Yesterday at 7:29 am by Rocky
» Including the return of 21 wanted persons.. The Iraq Money Recovery Fund counts its achievements in
Yesterday at 7:27 am by Rocky
» The path to development is the criterion between true patriotism and political clowning.
Yesterday at 7:25 am by Rocky
» The file of the Presidency of Parliament is on the state administration table... this evening
Yesterday at 7:22 am by Rocky
» Director General of the International Labor Organization: Many challenges in the world of work and t
Yesterday at 7:20 am by Rocky
» Al-Sudani: The world is witnessing crises that reflect negatively on the Arab and international peop
Yesterday at 7:11 am by Rocky
» Prime Minister: Our government has provided great support for the success of the activities, program
Yesterday at 7:08 am by Rocky
» Al-Asadi: Iraq places the social protection file among its priorities
Yesterday at 7:07 am by Rocky
» Al-Sudani: Iraq is one of the first countries in the region to join the International Labor Organiza
Yesterday at 7:05 am by Rocky
» In the presence of Al-Sudani and Barzani, the State Administration Coalition holds an “important” me
Yesterday at 7:03 am by Rocky
» Appreciating the presence of Al-Sudani... Director General of the Arab Labor Organization: Here from
Yesterday at 5:29 am by Rocky
» Prime Minister: Our government has provided great support for the success of the activities, program
Yesterday at 5:28 am by Rocky
» Al-Sudani: The world is witnessing crises that reflect negatively on the Arab and international peop
Yesterday at 5:24 am by Rocky
» The Parliamentary Development Institute organizes a workshop on the political role of the representa
Yesterday at 5:22 am by Rocky
» With Arab and international participation. Tomorrow will be the start of the Fourth Baghdad Internat
Yesterday at 5:21 am by Rocky
» OPEC Secretary General: The end of oil is not on the horizon
Yesterday at 5:19 am by Rocky
» Closing a number of unlicensed offices and companies south of Baghdad
Yesterday at 5:16 am by Rocky
» Repercussions of the bombing...intensive government movements to resume work in the “Kormor” field
Yesterday at 5:15 am by Rocky
» In the presence of Al-Sudani...the opening of the Arab Labor Conference in its 50th session in Baghd
Yesterday at 5:14 am by Rocky
» Al-Sudani: We are working on drawing future visions regarding the “green and digital” economic secto
Yesterday at 5:13 am by Rocky
» Barzani after the Kormor attack: We are ready to coordinate with Baghdad to put an end to these atta
Yesterday at 5:10 am by Rocky
» Al-Sudani directs the formation of an investigative committee into the circumstances of the Kormo fi
Yesterday at 5:08 am by Rocky
» Bismayah is confused about the new electronic portal.. What about the landlord and the subcontracts?
Yesterday at 5:07 am by Rocky
» Kurdistan Government: Loss of 2,500 megawatts of electricity due to targeting the Kormor field
Yesterday at 5:06 am by Rocky
» Crisis in Kurdistan: 12-hour daily power outage and complaints of “confusion”
Yesterday at 5:05 am by Rocky
» The Supreme Anti-Corruption Commission demands Nineveh for the contracts concluded by “Najm Al-Jubou
Yesterday at 5:04 am by Rocky
» Al-Khanjar, Al-Samarrai, and Abu Mazen are hosted by Shaalan Al-Karim to discuss accelerating the se
Yesterday at 5:03 am by Rocky
» Iraq asks the countries of the world to respond to its requests to extradite wanted persons: We have
Yesterday at 5:02 am by Rocky
» “It is coming soon.” The Sudanese advisor sets the date for the referral of the Baghdad metro and th
Yesterday at 5:01 am by Rocky
» Al-Mubarqa: Iraq reserves its full right to respond to the Australian behavior
Yesterday at 5:00 am by Rocky
» Dollar exchange rates on Iraqi stock exchanges... recorded a decline, and this is the list
Yesterday at 4:58 am by Rocky
» Mr. Al-Sadr supports the position of American university students
Yesterday at 4:56 am by Rocky
» Iraqis are ranked 7th in the Arab world on the list of those most seeking immigration to America. He
Yesterday at 4:55 am by Rocky
» Soon.. 3 new hospitals will open in Baghdad
Yesterday at 4:52 am by Rocky
» Sponsored by Al-Sudani...the opening of the Arab Labor Conference in its fiftieth session in Baghdad
Yesterday at 4:51 am by Rocky
» Al-Shammari chairs a meeting at the controlling headquarters to review the results of the security o
Yesterday at 4:49 am by Rocky
» Arab Labor Organization: We commend Iraq's interest in the Arab Labor Conference
Yesterday at 4:48 am by Rocky
» Al-Sudani: The development road project will provide many job opportunities
Yesterday at 4:47 am by Rocky
» Sudanese advisor criticizes Kuwaiti analyzes regarding the development road project
Fri 26 Apr 2024, 2:21 pm by Rocky
» Al-Mandalawi stresses the need to strengthen economic and trade cooperation between Iraq and Poland
Fri 26 Apr 2024, 2:04 pm by Rocky
» Power maneuvers: America provides defensive weapons to Kurdistan in exchange for withholding from Ba
Fri 26 Apr 2024, 10:26 am by Rocky
» Kuwait is drilling an oil well near Umm Qasr, towards Iraqi territory
Fri 26 Apr 2024, 10:24 am by Rocky
» In the document... the first Iraqi ministry identifies the obstacles to changing the new official wo
Fri 26 Apr 2024, 10:22 am by Rocky
» Italian Institute: Iraq is stuck in its own crises, including Baghdad’s efforts to undermine the “au
Fri 26 Apr 2024, 10:21 am by Rocky
» The head of the Integrity Commission announces the holding of an international Interpol conference i
Fri 26 Apr 2024, 10:18 am by Rocky
» Planning: Iraqi companies are not efficient in conducting the population census
Fri 26 Apr 2024, 10:14 am by Rocky
» MM&C 4/25/24 National Bank of Iraq goes live with Temenos core banking and payments
Fri 26 Apr 2024, 8:06 am by Rocky
» A banking official indicates a "danger" to Iraq by depriving more than half of its banks of dollars
Fri 26 Apr 2024, 7:55 am by Rocky
» With the participation of the Association of Private Banks, investment opportunities are on the tabl
Fri 26 Apr 2024, 7:45 am by Rocky
» Within a month... an Iranian border crossing recorded a noticeable increase in exports of goods to I
Fri 26 Apr 2024, 7:44 am by Rocky
» The Association of Private Banks appreciates the efforts of the government and the Central Bank to c
Fri 26 Apr 2024, 7:43 am by Rocky
» Al-Maliki's coalition presents a third candidate for the position of governor of Diyala
Fri 26 Apr 2024, 6:57 am by Rocky
» Arab gathering: The Kirkuk problem is getting complicated and the Sudanese must intervene
Fri 26 Apr 2024, 6:56 am by Rocky
» Next week.. a Kurdish delegation will visit Baghdad to meet with the Minister of Finance
Fri 26 Apr 2024, 6:54 am by Rocky
» Under the pretext of salaries... Al-Party refrains from handing over port revenues to Baghdad
Fri 26 Apr 2024, 6:53 am by Rocky