Home
Exclusive: SWIFT discloses more cyber thefts, pressures banks on security
The SWIFT logo is pictured in this photo illustration taken April 26, 2016. REUTERS/Carlo Allegri/Illustration/File Photo
By Jim Finkle
SWIFT, the global financial messaging system, on Tuesday disclosed new hacking attacks on its member banks as it pressured them to comply with security procedures instituted after February's high-profile $81 million heist at Bangladesh Bank.
In a private letter to clients, SWIFT said that new cyber-theft attempts - some of them successful - have surfaced since June, when it last updated customers on a string of attacks discovered after the attack on the Bangladesh central bank.
"Customers’ environments have been compromised, and subsequent attempts (were) made to send fraudulent payment instructions," according to a copy of the letter reviewed by Reuters. "The threat is persistent, adaptive and sophisticated - and it is here to stay."
The disclosure suggests that cyber thieves may have ramped up their efforts following the Bangladesh Bank heist, and that they specifically targeted banks with lax security procedures for SWIFT-enabled transfers.
The Brussels-based firm, a member-owned cooperative, indicated in Tuesday's letter that some victims in the new attacks lost money, but did not say how much was taken or how many of the attempted hacks succeeded. It did not identify specific victims, but said the banks varied in size and geography and used different methods for accessing SWIFT.
A SWIFT spokeswoman declined to elaborate on the recently uncovered incidents or the security issues detailed in the letter, saying the firm does not discuss affairs of specific customers.
All the victims shared one thing in common: Weaknesses in local security that attackers exploited to compromise local networks and send fraudulent messages requesting money transfers, according to the letter.
Accounts of the attack on Bangladesh Bank suggest that weak security procedures there made it easier to hack into computers used to send SWIFT messages requesting large money transfers. The bank lacked a firewall and used second-hand, $10 electronic switches to network those computers, according to the Bangladesh police.
SWIFT has repeatedly pushed banks to implement new security measures rolled out after the Bangladesh heist, including stronger systems for authenticating users and updates to its software for sending and receiving messages. But it has been difficult for SWIFT to force banks to comply because the nonprofit cooperative lacks regulatory authority over its members.
SWIFT told banks Tuesday that it might report them to regulators and banking partners if they failed to meet a November 19 deadline for installing the latest version of its software, which includes new security features designed to thwart the type of attacks described in its letter.
The security features include technology for verifying credentials of people accessing a bank's SWIFT system; stronger rules for password management; and better tools for identifying attempts to hack the software.
(For a graphic on how hackers made off with millions, click tmsnrt.rs/29WrMai)
SWIFT is trying coerce members into prioritizing cyber-security by threatening to share confidential information about security lapses that banks want to keep private, said Shane Shook, an independent security consultant who advises central banks.
"That type of information sharing is something that no bank likes to see happen without their direct approval and involvement, because it can affect market confidence," Shook said.
SWIFT disclosed the new hacks after reports of previous incidents prompted regulators in Europe and the United States to urge banks to bolster cyber-security.
Other cases involving fraudulent transfer requests include the theft of more than $12 million from Ecuador's Banco del Austro and a failed attempt later in 2015 to steal money from Vietnam's Tien Phong Bank.
The attacks have prompted regulators globally to press banks to bolster defenses.
The Bank of England in April ordered UK firms to detail actions to secure computers connected to the SWIFT system, while the European Banking Authority in May said domestic authorities should stress test banks for cyber risks.
The Federal Reserve and other U.S. agencies told banks in June to review protections against fraudulent money transfers.
Six U.S. senators on Monday urged the G20 nations to agree when they meet at a summit this weekend on a “coordinated strategy to combat cyber-crime at critical financial institutions.”
http://uk.reuters.com/article/us-cyber-heist-swift-idUKKCN11600C
The SWIFT logo is pictured in this photo illustration taken April 26, 2016. REUTERS/Carlo Allegri/Illustration/File Photo
By Jim Finkle
SWIFT, the global financial messaging system, on Tuesday disclosed new hacking attacks on its member banks as it pressured them to comply with security procedures instituted after February's high-profile $81 million heist at Bangladesh Bank.
In a private letter to clients, SWIFT said that new cyber-theft attempts - some of them successful - have surfaced since June, when it last updated customers on a string of attacks discovered after the attack on the Bangladesh central bank.
"Customers’ environments have been compromised, and subsequent attempts (were) made to send fraudulent payment instructions," according to a copy of the letter reviewed by Reuters. "The threat is persistent, adaptive and sophisticated - and it is here to stay."
The disclosure suggests that cyber thieves may have ramped up their efforts following the Bangladesh Bank heist, and that they specifically targeted banks with lax security procedures for SWIFT-enabled transfers.
The Brussels-based firm, a member-owned cooperative, indicated in Tuesday's letter that some victims in the new attacks lost money, but did not say how much was taken or how many of the attempted hacks succeeded. It did not identify specific victims, but said the banks varied in size and geography and used different methods for accessing SWIFT.
A SWIFT spokeswoman declined to elaborate on the recently uncovered incidents or the security issues detailed in the letter, saying the firm does not discuss affairs of specific customers.
All the victims shared one thing in common: Weaknesses in local security that attackers exploited to compromise local networks and send fraudulent messages requesting money transfers, according to the letter.
Accounts of the attack on Bangladesh Bank suggest that weak security procedures there made it easier to hack into computers used to send SWIFT messages requesting large money transfers. The bank lacked a firewall and used second-hand, $10 electronic switches to network those computers, according to the Bangladesh police.
SWIFT has repeatedly pushed banks to implement new security measures rolled out after the Bangladesh heist, including stronger systems for authenticating users and updates to its software for sending and receiving messages. But it has been difficult for SWIFT to force banks to comply because the nonprofit cooperative lacks regulatory authority over its members.
SWIFT told banks Tuesday that it might report them to regulators and banking partners if they failed to meet a November 19 deadline for installing the latest version of its software, which includes new security features designed to thwart the type of attacks described in its letter.
The security features include technology for verifying credentials of people accessing a bank's SWIFT system; stronger rules for password management; and better tools for identifying attempts to hack the software.
(For a graphic on how hackers made off with millions, click tmsnrt.rs/29WrMai)
SWIFT is trying coerce members into prioritizing cyber-security by threatening to share confidential information about security lapses that banks want to keep private, said Shane Shook, an independent security consultant who advises central banks.
"That type of information sharing is something that no bank likes to see happen without their direct approval and involvement, because it can affect market confidence," Shook said.
SWIFT disclosed the new hacks after reports of previous incidents prompted regulators in Europe and the United States to urge banks to bolster cyber-security.
Other cases involving fraudulent transfer requests include the theft of more than $12 million from Ecuador's Banco del Austro and a failed attempt later in 2015 to steal money from Vietnam's Tien Phong Bank.
The attacks have prompted regulators globally to press banks to bolster defenses.
The Bank of England in April ordered UK firms to detail actions to secure computers connected to the SWIFT system, while the European Banking Authority in May said domestic authorities should stress test banks for cyber risks.
The Federal Reserve and other U.S. agencies told banks in June to review protections against fraudulent money transfers.
Six U.S. senators on Monday urged the G20 nations to agree when they meet at a summit this weekend on a “coordinated strategy to combat cyber-crime at critical financial institutions.”
http://uk.reuters.com/article/us-cyber-heist-swift-idUKKCN11600C
» Al-Sudani: The government has placed at the top of its priorities the increase in the production cap
» The central bank refuses to open a window for selling dollars to citizens
» Minister of Industry: The ministry has 102,000 employees, and we need a maximum of 50,000 employees
» An American report reveals two trends within the framework for dealing with Kurdistan's oil after th
» American Institute: Washington will lose from the region's oil shutdown, and it must take these step
» The Communications Commission is carrying out surveys along the border strip with Syria
» Al-Araji and the head of the Military Industrialization Authority stress the importance of opening I
» Al-Khazraji: Iraq's continued import of oil derivatives is surprising
» Central Bank: We expect an increase in the amounts of foreign transfers in the coming days
» From 5 points... Disclosure of the details of an agreement between Baghdad and Erbil regarding the r
» Central Bank: Opening a window to sell dollars to citizens violates international regulations and no
» Disclosure of the contents of (initial agreement) between Baghdad and Erbil regarding oil sales
» Basra.. Dismantling a network to transfer foreign workers to Iraq
» Al-Araji stresses the importance of opening Iraqi production lines to manufacture weapons
» Al-Halbousi is accused of bargaining and extortion for refusing to present the budget
» Parliamentary Finance sets the official date for putting the budget on the dialogue table
» The conditions for federalism are present.. Kurdistan's oil setback changes the rules of negotiation
» Internal collapse and implicit messages.. Behind the scenes of Al-Halbousi's long vacation request
» Al-Halbousi's struggle with sovereignty delays the interests of 40 million citizens
» Al-Fath: The budget will be approved after the Eid holiday and under these conditions
» According to a Kurdish media network: Erbil and Baghdad agree on a new mechanism for selling the oil
» Rasheed Bank: The premiums withheld from retirees will be returned
» Planning: 2023 is the year of implementing service, infrastructure and vital projects in accordance
» Al-Bayati: Al-Sudani is continuing with his government program despite some American pressure
» Prime Minister: We have placed raising the production capacity of existing refineries at the top of
» Sudanese advisor determines the reason for preventing dollar smuggling abroad
» A specialist reveals the fate of dollar prices within a month
» Iraq is not perfect: an American call to support the Iraqis through 3 steps
» Rasheed Bank acknowledges the error and returns the installments deducted from the salaries of retir
» Al-Sudani's advisor identifies the reasons for the decline in the parallel price of the dollar in th
» Samir Al-Nusairi, Advisor to the Association of Private Banks: Economic reform begins with banking r
» Gulf Keystone Petroleum decided to reduce production in the fields of Kurdistan
» Kurdistan owes $6 billion to oil companies
» Parliamentary Finance reveals a new development in the salary scale
» OPEC: Russia displaced Iraq from the first place in exporting oil to India
» Iraqi gas.. a glimmer of hope after years of neglect and squandering of wealth
» OPEC production declined due to the Kurdistan Region's oil outages
» Al-Sudani: We plan to raise the production capacity of the existing refineries, which is at the top
» Foreign report: The Kurdistan government is facing a setback after stopping the flow of oil from the
» "One of them hides the truth." An expert calls on the government to clarify the truth about the inte
» Central bank sales approaching 900 million dollars in a week
» The Municipal Revenue Act faces 12 lawsuits before the Federal Supreme Court
» Nuri al-Maliki threatens the Baath Party and its remnants of a decisive confrontation
» Parliamentary integrity reveals the contents of the Sudanese agreement with a number of countries
» The budget loses 18 trillion dinars after reducing the price of the dollar
» Detection of printing a cash denomination worth 20,000 dinars
» Sudanese advisor: Iraq loses 12 billion annually
» A special fund for the maintenance of roads and bridges projects
» Electricity: We are taking steps to transform into the smart grid
» Parliamentary calls for amendments to investment laws
» Parliamentary oil: raising the prices of derivatives in the 2023 budget is unfair to citizens
» Mazhar Saleh: Gas flaring losses are estimated at $12 billion annually
» Industry: We have the potential to compete with solid international industries
» Experts: Implementation challenges hinder private sector development strategies
» Laws of "political benefit" vote until "dawn"... and the poor's budget is "abandoned"
» Deputy: The budget is locked up in the inclusion of the Presidency of the House of Representatives,
» Iranian Ambassador: We never thought of invading the region while American planes in Iraq were spyin
» Parliamentary fear of the "dangerousness" of the oil price.. Many details in the budget need to be a
» Al-Sudani: We are working to support and complete the complementary production units under construct
» A "tragedy" strikes the retirees who borrowed... Al-Rasheed deducts the entire salary of Nissan
» Increased closure of the region's oil fields and expectations of exporting 400,000 barrels next week
» The Kurdistan government is "unable" to pay huge installments to foreign companies, and Baghdad refu
» Weekly gains for Basra crude by more than 3%
» Dollar prices recorded a noticeable decline in the local markets
» Manual and electronic... Will the scenario of the 2021 elections be repeated?
» They intentionally harmed the funds and interests of their department.. Arresting employees in south
» Minister of Planning on paying off Iraq's debts: Only 15% has been paid
» Will the water situation improve in Iraq after joining the United Nations Water Convention?
» The General Company for Engineering Inspection and Qualification is carrying out a balancing process
» The prime minister's advisor determines the annual cost of flaring gas and predicts a zero-sum date
» Parliamentary Integrity: The Prime Minister agreed with several countries to cooperate in returning
» The Middle East is a "bright spot" in the global IPO market
» Agriculture determines the priorities for granting advances to farmers and confirms its connection t
» Basra crude closes with a weekly gain of more than 3%
» Emaar is moving to establish a special fund for the maintenance of roads and bridges and is preparin
» Al-Sudani: We have placed raising the production capacity of existing refineries at the top of the g
» Agriculture: Baghdad leads the Iraqi provinces in the number of buffaloes
» Sudanese advisor: Government measures prevented dollar smuggling abroad
» The Ministry of Water Resources announces the success of the water management policy adopted by the
» Al-Sudani's advisor: Losses from gas flaring and importing it are estimated at $12 billion annually
» Alsumaria publishes the agenda of the House of Representatives session for next Sunday
» Talabani and Khazali are discussing addressing the problems between Erbil and Baghdad
» Al-Sudani: We are working to raise the production capacity of refineries.. We are trying to dispense
» Kurdistan Region loses 330 megawatts of electricity due to the cessation of oil production
» Electricity: Citizens will pay wages through electronic payment tools
» The Iraqi Center for Radiation Protection confirms that America used uranium during the invasion of
» Water Resources announces the full realization of the 'weaning flag'
» Sources: Iraq is living in an atmosphere of anticipation, and the Sudanese is seeking to contain the
» The Central Bank announces "liberating the dollar from restrictions": the difference between the off
» The government receives a study on building a nuclear reactor
» The Payments Department of the Central Bank prepares a book to reduce the limits of prepaid cards to
» The dollar is heading to record the second quarterly loss in a row
» Parliament decision: Parliamentary Finance will receive the budget early next week and approve it wi
» Half-year" .. the deficit and oil swing the budget and the government speeds up the parliament
» The Minister of Labor calls on Parliament to expedite the vote on the retirement and social security
» The Border Ports Authority announces the completion of the sonar network link between the Munthiriya
» Government orientation to activate mass transit
» Minister of Electricity: There is no going back on dealing with taxation and holding accountable the