SWIFT cyber fraud AU$105.01 million from Bangladesh Bank account at New York Federal Reserve Bank – review and summary
Summary including background and comments by SWIFT, BAE, FireEye Mandiant and World Informatix
Background: In February 2016, instructions to steal US$951 Million from Bangladesh Bank, the central bank of Bangladesh, were issued via the SWIFT network. Five transactions issued by hackers, worth $101 million and withdrawn from a Bangladesh Bank account at the Federal Reserve Bank of New York, succeeded, with $20M traced to Sri Lanka and $81M to the Philippines. The Federal Reserve Bank of NY blocked the remaining 30 transactions, amounting to $850 million, at the request of Bangladesh Bank
SWIFT bank network prone to ‘cyber fraud’ incidents
– In light of the recent cyber-criminal attack on the Bangladesh Bank, SWIFT has acknowledged that the scheme involved altering its software on the bank’s computers to hide evidence of fraudulent transfers.
SWIFT, the global financial network that banks use to transfer billions of dollars every day, has warned its customers that it is aware of “a number of recent cyber incidents” where attackers had sent fraudulent messages over its system. The disclosure comes as law enforcement authorities in Bangladesh and elsewhere continued to investigate the February cyber theft of AU$105.01 million from a Bangladesh Bank account at the New York Federal Reserve Bank.
SWIFT issued that update to thwart malware that security researchers with British defence contractor BAE Systems said was probably used by hackers in the Bangladesh Bank heist. BAE’s evidence suggested that hackers manipulated SWIFT’s Alliance Access server software, which banks use to interface with SWIFT’s messaging platform, to cover their tracks. BAE said it could not explain how the fraudulent orders were created and pushed through the system. SWIFT provided some evidence about how that happened in its note to customers, saying that in most cases the modus operandi was similar. It said the attackers obtained valid credentials for operators authorised to create and approve SWIFT messages, then submitted fraudulent messages by impersonating those people. SWIFT told customers the security update must be installed by May 12.
SWIFT warns customers of multiple cyber fraud cases
FireEye, the internet security company whose Mandiant unit was hired by Bangladesh Bank to help investigate the heist, said the same group behind that hack had probably attacked other financial targets. “FireEye has observed activity in other financial services organizations that is likely by the same threat actor behind the cyber attack on the Bank of Bangladesh,” Vivek Chudgar, Mandiant’s senior director for the Asia Pacific said in a statement emailed to Reuters.
Rakesh Asthana, the World Informatix Cyber Security CEO, who is overseeing Bangladesh Bank’s probe into the hack, declined to discuss the other attacks that SWIFT referred to. He did, though, urge banks to conduct independent security assessments to make sure their networks are secure and prevent future attacks. “SWIFT builds on security practices established by the customer itself and therefore it is imperative that in the wake of this attack, customers using SWIFT Alliance Access must strengthen their cyber security posture,” Asthana said
