A News Bulletin Overview of the SWIFT Related Hacks 6

By now most people are aware of the reports of a second third SWIFT related hack. I was reading about the various reactions to the hacks and it is pretty alarming stuff. The Vietnam hack involves a SWIFT Service Bureau which for many corporates is a scary prospect, because many of them are also using SWIFT service bureaus to manage their connections to the SWIFT network. This is the world we’re in right now, and I’m pretty certain these types of attacks will increase. How SWIFT, corporates and financial institutions deal with the threat is the bigger question. For now, lets take a step back and take a look at the emerging news stories that reveal the key details:

SWIFT Security:

Firstly, a quick word on SWIFT and security. Clearly, security is a big deal for SWIFT, they pride and distinguish themselves from other connectivity solutions based on world class security and reliability – and there is a perception that the end to end SWIFT solution is 100% secure. Dare i say it there is complacency, and the recent events highlight the fact that the solution is only as strong as its weakest link:

  • SWIFT‘s tag line is “The global provider of secure financial messaging services”
  • SWIFT talk a lot about their “uncompromising approach to information security”
  • When it comes to security, the SWIFT motto is “Failure is Not An Option” (FNAO)
  • Many financial institutions have at some point or other been subjected to some kind of cyber attack, data breach and/or fraudulent payments
  • The SWIFT network that connects banks and corporates is therefore a target and will be vulnerable, as are the institutions that use the SWIFT network

Known Hacks Involving the SWIFT Network:

In the order that they have been revealed:

  • February 2016 – Bangladesh Bank (Bangladesh)
    • Attempted heist value: $951 million
    • Successfully transferred amount: $81 million
  • December 2015 – TP Bank (Vietnam)
    • Attempted heist value: $1.1 million
    • Successfully transferred amount: 0
  • January 2015 – Banco Del Austro / BDA (Ecuador)
    • Attempted heist: $12 million
    • Successfully transferred amount: $9 million

SWIFT Related Hacks – Breaking News Stories:

There are of course lots of articles covering the attacks. The following are the key stories that broke the news along with some what i found interesting insights:

June-2016:

  • 25-Jun-2016: Kviv Post – Hackers steal $10 million from a Ukrainian bank through SWIFT loophole
  • 3-Jun-2016: FT – Swift threat to suspend vulnerable members
  • 3-Jun-2016: Reuters – SWIFT CEO fights to restore faith in bank messaging system

May-2016:

  • 27-May-2016: Reuters – Cyber firms say Bangladesh hackers have attacked other Asian banks
  • 26-May-2016 – Symantec – SWIFT attackers’ malware linked to more financial attacks
  • 24-May-2016: Reuters – SWIFT to unveil new security plan after hackers’ heists
  • 20-May-2016: Reuters – Special Report: Cyber thieves exploit banks’ faith in SWIFT transfer network
  • 20-May-2016: Wall Street Journal – Alarmed Swift Urges Banks to Report Hacking Attempts
  • 19-May-2016: Wall Street Journal – Now It’s Three: Ecuador Bank Hacked via Swift
  • 19-May-2016: Reuters – Exclusive – UK banks ordered to review cyber security after SWIFT heist
  • 19-May-2016: Reuters – Top Democratic senator probes SWIFT, NY Fed about Bangladesh heist
  • 19-May-2016: Reuters – Bangladesh Bank official’s computer was hacked to carry out $81 million heist: diplomat
  • 18-May-2016: Reuters – U.S. banks scrutinize SWIFT security after hacks: reports
  • 17-May-2016: Reuters – Slovenian bank was recipient named in failed Vietnam cyber-heist
  • 17-May-2016: The Wall Street Journal – J.P. Morgan Reduced Some Employees’ Access to Swift System in Recent Weeks
  • 15-May-2016: Reuters – Vietnam bank says interrupted cyber heist using SWIFT messaging
  • 14-May-2016: Seeking Alpha – Swift Is Hacked Again. The Bitcoin/Blockchain Fat Lady Sings.
  • 14-May-2016: Reuters – Bangladesh Bank heist similar to Sony hack; second bank hit by malware
  • 13-May-2016: BAE Systems – CYBER HEIST ATTRIBUTION
  • 13-May-2016: SkyPort Systems – FIVE NECESSARY IMPROVEMENTS TO THE SWIFT (NOT TAYLOR SWIFT) SECURITY MODEL
  • 9-May-2016: Reuters – Exclusive – Technicians from SWIFT left Bangladesh Bank exposed to hackers – police
  • 12-May-2016: New York Times – Once again, thieves enter SWIFT financial network and steal

April-2016:

  • 26-Apr-2016: Bloomberg – Swift Hack Is a Story of Globalization and Poverty
  • 26-Apr-2016: Reuters – Exclusive: SWIFT warns customers of multiple cyber fraud cases
  • 25-Apr-2016: BAE Systems – Two Bytes to $951
  • 25-Apr-2016: Reuters – Bangladesh Bank hackers compromised SWIFT software, warning issued
Thanks for stopping by – Take a look around…!!

SWIFT Press Releases:

Since the stories broke, SWIFT have issued a number of SWIFT security statements:

August-2016:

  • 16-Aug-2016: Joint Statement: Federal Reserve Bank of New York, Bangladesh Bank and SWIFT
  • 16-Aug-2016: SWIFT launches security tools campaign

July-2016:

  • 25-Jul-2016: Cyber security in the financial industry – Managing the Rise in cyber crime
  • 11-Jul-2016: SWIFT engages expert cyber security firms and establishes dedicated Customer Security Intelligence team
  • 7-Jul-2016: Cyber security in the financial industry

June-2016:

May-2016:

April-2016:

 

6 thoughts on “A News Bulletin Overview of the SWIFT Related Hacks

  1. Pingback: 10 Things I Learnt from the SWIFT CEO About Cyber Security

  2. Pingback: The Top Payments News Stories in May, 2016

  3. Pingback: List of MT940 Transaction Type Identification Codes

  4. Pingback: 7 Ripple Reasons Why the SWIFT GPII Ain't Good Enough

  5. Pingback: Is Your SWIFT Service Bureau On The List? If not, WHY Not?

  6. Pingback: The SWIFT Customer Security Programme EXPLAINED!

Leave a Reply

  

  

  

This site uses Akismet to reduce spam. Learn how your comment data is processed.