In what is becoming a grimly regular occurrence, SWIFT has confirmed further hacks to its member banks, with even more customer cash stolen.
SWIFT: Threat ‘Persistent, Adaptive, Sophisticated’
The news, shared by SWIFT in a memo this week, follows several hacks this year, resulting in stolen funds. The first — and most high-profile — attack involved Bangladesh Bank in February, with losses totaling $81 million USD.
“Customers’ environments have been compromised, and subsequent attempts made to send fraudulent payment instructions,” Reuters quoted the memo as stating. “The threat is persistent, adaptive and sophisticated — and it is here to stay.”
The Bangladesh incident received considerable publicity, but SWIFT, which coordinates payment settlement worldwide, declined to publish specific information on the subsequent attacks.
Likewise, the names of banks involved this time around remain secret. However, security issues at certain member banks are assumed to be the cause.
Members Threatened with Data Exposure
SWIFT announced in February it would require banks to upgrade their security apparatus in line with updates it would be releasing. Banks have apparently been slow on the uptake, with the organization unable to legally enforce cooperation.
Hence threats of revealing offending banks’ security shortcomings, said SWIFT in its memo. Banks with inadequate security will be outed “if they failed to meet a November 19 deadline for installing the latest version of its software,” Reuters reported.
“That type of information sharing is something that no bank likes to see happen without their direct approval and involvement, because it can affect market confidence,” security advisor Shane Shook additionally commented on SWIFT’s policy.
In May, a second significant breach of security occurred at a hitherto-unnamed “commercial bank,” which resulted in suspicions of a coordinated effort to undermine SWIFT’s network.
This was reiterated in June, when hackers stole $10 million from a Ukrainian institution.
As an example, Bangladesh Bank reportedly operated without even a firewall, allowing hackers to use items such as Trojans that altered transaction records to remove traces of fraudulent activity.
While security advocates have long warned against trusting centralized third-parties to secure wealth, it is with increasing alarm that the financial community watches the ease with which legacy finance can be compromised.
“We could say that if the immediate security around Swift is not in order we could cut you off, you shouldn’t be on the network,” SWIFT CEO Gottfried Liebbrandt told the Financial Times in May following the Ukrainian scandal.
Should banks that fail to implement modern security standards have their security flaws revealed to the public? Let us know in the comments below!
Images courtesy of Shutterstock, Wikimedia Commons.