Bangladesh heist hackers compromised SWIFT software – report
The fraudsters who stole $81 million from the central bank of Bangladesh allegedly hacked into SWIFT software, Reuters reports, quoting British defense contractor BAE Systems. BAE warns the criminals could strike again.
BAE researchers told Reuters they detected the malware the cybercriminals used to manipulate SWIFT software, known as Alliance Access.
"I can't think of a case where we have seen a criminal go to the level of effort to customize it for the environment they were operating in. I guess it was the realization that the potential payoff made that effort worthwhile," Adrian Nish, BAE's head of threat intelligence said.
The SWIFT #malware attack against Bangladesh Bank. Source: BAE Systems Applied Intelligence. pic.twitter.com/2o98hi8Utk
— Mathew J Schwartz (@euroinfosec) April 25, 2016
Nish added that even though the malware was written exclusively to attack the Bangladesh Central Bank, cybercriminals may use the same pattern in the future.
Investigators of the case have said the hackers used stolen credentials from Bangladesh Bank computers to log into the SWIFT system. The new research shows the SWIFT software was allegedly compromised to hide the tracks of fraudulent transfers.
SWIFT confirmed to Reuters that it knew about the malware targeting its client software. According to spokeswoman Natasha Deteran, SWIFT plans to release a software update on Monday to block the malware, and will send a special warning to financial institutions.
Deteran added that "the malware has no impact on SWIFT’s network or core messaging services."
Central Bank of Bangladesh blames faulty printer for delay in discovering hackers stole $100mn https://t.co/EylRGvAC1j
— RT (@RT_com) March 20, 2016
In February, the hackers attempted to steal $951 million from the Bangladesh central bank's account at the US Federal Reserve Bank of New York. While the majority of payments were blocked, they managed to get access to $81 million, traced to the Philippines.
The requests for money transfers looked real to the Fed. They appeared to be coming from a Bangladesh server, and the criminals used the correct bank codes to authenticate the transfers.
SWIFT’s messaging services are used by about 11,000 financial institutions in more than 200 countries. In 2014, it processed 25.6 billion financial messages.