SWIFT has confirmed another breach to its system in a statement issued to SWIFT’s customers on May 13th, 2016. The attack was executed using malware that mirrored the first hit to the network that resulted in the theft of $81 million USD being stolen from Bangladesh’s central bank.
Another Bank is Breached
This time around, the attack was made on a commercial bank that was unnamed by SWIFT, and the malware that was used focused on the PDF reader used by customers to download bank statements. According to the report issued by SWIFT, the malware acts as a PDF reader that mimics the network’s legitimate software.
Once installed on an infected local machine, the Trojan PDF reader gains an icon and file description that matches legitimate software. When opening PDF files containing local reports of customer specific SWIFT confirmation messages, the Trojan will manipulate the PDF reports to remove traces of the fraudulent instructions.
Although it remains unclear whether money was stolen with this recent hit, SWIFT did provide a more detailed analysis of the methods of attack for this incident and the first one in Bangladesh.
The attackers begin by compromising the bank’s environment. First, attackers obtain valid operator credentials that have the authority to create, approve and submit SWIFT messages from customers’ back-offices or from their local interfaces to the SWIFT network. Second, they submit fraudulent messages by impersonating the operators from whom they stole the credentials. Finally, the attackers hide evidence by removing some of the traces of the fraudulent messages.
SWIFT Attacks are a ‘Targeted Campaign’
With the second breach, SWIFT now believes that both attacks were part of an ongoing hacking campaign against banks that are being perpetuated through their payment network. Their belief is founded on the fact that the second attack was executed similarly to the first one, indicating that the attack was not “a single occurrence, but part of a wider and high adaptive campaign targeting banks.”
To make matters worse, the targeted campaign has been considered a likely product of someone within their own ranks.
The attackers clearly exhibit a deep and sophisticated knowledge of specific operational controls within the targeted banks — knowledge that may have been gained from malicious insiders or cyber attacks, or a combination of both.
SWIFT is certain that only someone with insider knowledge of their security procedures and business practices would have been able to hack their system without leaving a trace. According to SWIFT, basic system monitoring at the banks should have stopped the attack at the server endpoint and alerted system analysts in real-time.
The Risk of Trusting Centralized Institutions
Likely the most important thing to get from all of this is that trusting people and institutions come with a certain risk. A risk that at one time might have been worth taking because of the value of the service they provide (i.e. banks and convenient money storage). However, with the advent of decentralized money and payment networks like Bitcoin, there really is no reason to have to choose between protecting your savings and carrying around physical money.
With Bitcoin, there is no honeypot database for hackers to attack, and there is no reason to have to trust anyone with your money other than yourself. When the control of your money is dispersed, that means knowledge about your money is dispersed too. The beauty of dispersed knowledge in Bitcoin is that the knowledge of Bitcoin private keys rests solely with the owners. And although — with some investigative effort and negligence on the part of a Bitcoin user — people can come to link a public address with an identity, its default nature is still more private than trusting a bank.
What do you think of SWIFT being hacked twice, and do you think Bitcoin is the answer to the failures of centralized payment networks? Let us know in the comments below!
Images Courtesy of Contrepoints.org, Wikipedia, Shutterstock