Bangladeshi hack a warning for banks

  • 21/03/2016
Bank (iStock)
Bank (iStock)

The SWIFT messaging system will ask banks to make sure they follow recommended security practices following a cyber-attack on Bangladesh's central bank that yielded US$81 million (NZ$119 million).

The Brussels-based Society for Worldwide Interbank Financial Telecommunications (SWIFT), a co-operative owned by about 3000 global financial institutions, will issue a written warning asking banks to review internal security, a spokeswoman told Reuters.

SWIFT staff will also begin calling banks to highlight the importance of reviewing security measures after the attack in Bangladesh.

"Our priority at this time is to encourage customers to review and, where necessary, to reinforce their local operating environments," the spokeswoman said.

Unknown hackers breached the computer systems of Bangladesh Bank and in early February attempted to steal US$951 million (NZ$1.4 billion) from its account at the Federal Reserve Bank of New York, which it uses for international settlements.

Some attempted transfers were blocked, but US$81 million was transferred to accounts in the Philippines in one of the largest cyber heists in history.

SWIFT has so far said little about the attack, except that it was related to "an internal operational issue" at Bangladesh Bank and there was no compromise in its core messaging system.

SWIFT prepared a summary of previously issued recommendations for implementing security measures to thwart hackers, which advises members to pay close attention to best practices, the spokeswoman said.

A confidential interim report on the investigation, which forensics experts submitted to the bank on Wednesday, says attackers took control of the bank's network, stole credentials for sending SWIFT messages and used "sophisticated" malicious software to attack the computers it uses to process and authorise transactions.

Investigators say in the report they believe the attackers have targeted other financial institutions.

The report was prepared by FireEye Inc and World Informatix, which were hired by Bangladesh's central bank to investigate the massive theft.

The investigators do not identify other victims or name the hackers, but say forensic evidence suggests they are also behind other recent cyber-attacks on financial institutions.

Reuters