SWIFT Discloses More Successful Bank Heists

A “meaningful” number of attacks on banks have been carried out using the SWIFT network over the past year, with some resulting in lost funds, the organsation has acknowledged.

SWIFT, the Society for Worldwide Interbank Financial Telecommunication, based outside of Brussels, had previously disclosed attacks on three banks via the network but said none had been successful.

In its latest comments, however, the group divulged that a significant number of additional incidents have occurred since February, with about 20 percent succeeding.

‘Meaningful’ number of cases

In February hackers stole $81 million (£64m) from Bangladesh’s central bank by initiating fraudulent SWIFT transfers from within the bank’s own systems.

The incidents since then all involve techniques similar to the Bangladesh hack, with none involving any breach of the network’s own core systems, according to SWIFT customer security programme head Stephen Gilderdale.

He declined to specify the number of incidents, telling Reuters only that it was “a meaningful number of cases”.

In about four-fifths of the cases in which SWIFT had completed investigations no fraud had taken place, with one-fifth of the cases involving successful fraud, he said, declining to indicate the amounts involved.

The network doesn’t receive or keep track of fraud reports from clients, Gilderdale said the organisation was making “progress” on security.

Fraud detection

In some of the cases clients’ computer security systems had identified malware on their networks, while in others a new SWIFT feature alerted the organisation to attempted manipulation, according to Gilderdale. In one case a financial regulator notified SWIFT of an attempted hack, he said.

His comments follow a letter sent from SWIFT to bank clients on 2 November that warned attacks were becoming more sophisticated and were likely to continue.

In a new development, hackers have begun using remote-access software intended for support technicians to access bank systems and implant malware, according to the letter, excerpts of which were published by Reuters on Monday.

“We unfortunately continue to see cases in which some of our customers’ environments are being compromised” using techniques similar to the Bangladesh attack, the letter said.

“The threat is very persistent, adaptive and sophisticated – and it is here to stay,” it added, noting that there are likely to be “multiple groups” of attackers.

Like Gilderdale’s comments, the letter indicates SWIFT’s continued vulnerability to hackers looking to manipulate it to carry out fraud.

The Bangladesh hack indicated that the banks’ own systems are the weakest link in the network, with hackers able to implant malicious code that transmitted fraudulent transfer messages and then attempted to conceal the orders from bank staff.

The theft spurred regulators around the world, and SWIFT itself, to tighten bank computer security requirements.

Do you know all about security in 2016? Try our quiz!