Hackers have again gained access to the world’s largest system for transferring funds among banks, a breach the network’s operator said indicates a wide-ranging effort to penetrate the financial system.
The Society for Worldwide Interbank Financial Telecommunication, a cooperative that runs the international messaging system between banks, said the attack targeted a commercial bank and managed to send Swift messages using the bank’s valid codes. It followed the theft in February of $81 million from Bangladesh’s account at the Federal Reserve Bank of New York.
The Bangladesh case provided startling evidence of the vulnerability of parts of the financial system that had been thought highly secure.
The notice by Swift said in both cases its own system wasn’t breached but that hackers accessed the fund-transfer system using the customers’ credentials and malicious software to cover their tracks.
“Forensic experts believe this new discovery evidences that the malware used in the earlier reported customer incident was not a single occurrence, but part of a wider and highly adaptive campaign targeting banks,” Swift said in a notice to banks reviewed by The Wall Street Journal but set to go out Friday.
A spokeswoman for Swift said there were a “few” additional incidents but declined to identify the other institutions involved. The Belgium-based Swift recently notified customers about a “small number of recent cases of fraud at customer firms,” it said in the notice.
The new evidence in question, Swift said, was sophisticated malware that was found by third-party forensic experts, who brought their findings to the messaging company. The attack happened before the Bangladesh theft, a person familiar with the matter said.
That malware was different than that used earlier to attack Bangladesh’s central bank, it added. In February, thieves attempted to siphon nearly $1 billion out of the Bangladesh bank’s account at the New York Fed.
The bulk of the fraudulent payment orders were stopped, but the thieves made off with $81 million that still hasn’t been traced.
The two sets of malware used in the attacks had two things in common, the Swift notice said. One, the attackers exploited the customer’s systems before messages were sent over Swift’s platform. Secondly, the malware helped the attackers cover their tracks, making it more difficult to identify the fraud.
The newer one identified by Swift attacks a type of computer software for reading files in a “portable document format,” or PDF. The malware is able to read customers’ PDF reports of payment confirmations, manipulate them and then remove traces of any fraudulent instructions, Swift said.
The Wall Street Journal reported this week that the Federal Bureau of Investigation suspected insiders may have helped the attack on Bangladesh Bank, citing people familiar with the matter. Swift similarly emphasized the risk of malicious insiders in its note to banks.
Swift, a member-owned industry cooperative, handles the bulk of world-wide cross-border payment instructions between banks. On average, the company handles 25 million messages each day.
Banks and brokerages relay information to each other through its trusted computer network, confirming the identities of senders and recipients, amounts being transferred, account numbers and intermediary banks.
The breaches raise the prospect that the system isn’t fully secure.
In the case involving Bangladesh Bank, attackers issued 35 fraudulent instructions attempting to divert funds to accounts in the Philippines and Sri Lanka.
At a conference in Miami this month, New York Fed Executive Vice President Richard Dzina said the bank acted on properly authenticated message instructions.
News of the second breach was reported earlier Thursday by the New York Times.
No comments: