Russian Report Reveals £4.2m Stolen In Attack On SWIFT

Tom Jowitt is a leading British tech freelance and long standing contributor to TechWeek Europe

Criminals made off with a tidy sum of money after a fraudulent wire-transfer request on SWIFT

The banking industry has been targetted again, after a report from the Russian central bank revealed a successful attack on the SWIFT international payments messaging system.

The unknown hackers are said to have stolen 339.5 million rubles (£4.2 million) last year in a fraudulent wire-transfer request.

It comes after SWIFT warned the banking industry again last November of the evolving threat of online criminals and hackers.

Russian Theft

The disclosure of the successful attack was buried at the bottom of a central bank report on digital thefts at Russian banks, Reuters reported.

The central bank reportedly said in its report that it had been sent information about “one successful attack on the work place of a SWIFT system operator.”

“The volume of unsanctioned operations as a result of this attack amounted to 339.5 million rubles,” the bank reportedly said.

A spokeswoman for SWIFT was reported as saying that the company does not comment on specific entities.

”When a case of potential fraud is reported to us, we offer our assistance to the affected user to help secure its environment,” the spokeswoman is quoted as saying.

A central bank spokesman meanwhile apparently quoted Artem Sychev, deputy head of the regulator’s security department, as saying the hackers had withdrawn the money and this was “a common scheme, when they take control of a computer.”

It comes after hackers also tried to steal 55 million rubles from Russian state bank Globex using the SWIFT system in December.

Bangladesh Bank

SWIFT was at the centre of a series of unwelcome headlines after online thieves came close to stealing nearly a billion dollars from the account belonging to the Central Bank of Bangladesh in early 2016.

In the end, the thieves only managed to steal $81 million (£63m) by initiating fraudulent SWIFT transfer messages from within the bank’s own systems.

Following that attack, SWIFT (Society for Worldwide Interbank Financial Telecommunication) joined forces with BAE Systems in July 2016 to bolster its cyber security expertise.

For its part, SWIFT has been consistently warned the banking industry about the ongoing and persistent attacks against the sector.

And Brussels-based SWIFT has always insisted attacks have not compromised its network, but rather seem to have been carried out by attackers who obtained valid credentials from financial institutions and used these to impersonate authorised individuals.

The Bank of England has previously ordered all British banks to carry out a security review of systems connected to SWIFT.

Do you know all about security in 2017? Try our quiz!