Once again, hackers have gotten access to the largest system of the world for transferring funds amongst banks. According to the network’s operator, this breach is an indication of a wide-ranging effort to compromise the financial system. A cooperative responsible for operating the international messaging system between banks, The Society for Worldwide Interbank Financial Telecommunication said that a commercial bank had been targeted by the attack and hackers had been able to send Swift messages using the valid codes of the bank. This was after the February theft when $81 million had been stolen from a Bangladeshi account in New York’s Federal Reserve Bank.
Startling evidence had been provided by the Bangladesh case, which showcase the financial system’s vulnerabilities even though it was perceived as highly secure. Swift said in the notice that its own system hadn’t been breached in both cases, but the fund-transfer system had been accessed by hackers by using the credentials of the customers and they had covered their tracks through malicious software. A notice was issued by Swift to banks and it said that forensic experts had determined evidence showing that the customer incident reported earlier was not a single occurrence, but believed to be a part of the wider campaign of targeting banks.
A Swift spokeswoman had said that there had been a ‘few’ additional incidents, but didn’t name any other institutions involved. Customers were recently notified by Belgium-based Swift about a couple of cases of fraud at various customer firms. Swift said that the new evidence that had been obtained was sophisticated malware, which had been unearthed by third-party forensic experts. A person with knowledge of the matter said that this attack had happened before the Bangladesh theft. It was also said that the malware used for attacking the central bank of Bangladesh earlier had been different.
In February, thieves had tried to drain nearly $1 billion from the Bangladesh bank account in the New York Federal Reserve. Most of the fraudulent payment orders had been halted, but the thieves had succeeded in getting away with $81 million, which couldn’t be traced as yet. There were two things in common in the two sets of malware that had been used in these attacks. The Swift notice said that the customers’ system had been exploited by the attackers before they sent messages over the Swift platform. Secondly, the attackers had covered their tracks with the help of the malware, which made it more difficult to identify the fraud.
Swift identified a newer one, which targets a computer software that reads files in PDF. The malware is able to read the report of payment confirmations of the customers in the PDF reports and then manipulate them. Once this is done, it is also able to get rid of any traces of fraudulent instructions. It had been reported earlier this week that the FBI suspected insider involvement in the attack on the Bangladesh bank. Similarly, Swift had emphasized the risk of malicious insiders in the notice it has issued to banks.