Global bank network exploited again

By Michael Corkery

New York Times

Thieves have again found their way into what was thought to be the most secure financial messaging system in the world and stolen money from a bank. The crime appears to be part of a broad online attack on global banking.

New details about a second attack involving SWIFT — the messaging system used by thousands of banks and companies to move money around the world — are emerging as investigators are still trying to solve the $81 million heist from the central bank of Bangladesh in February. In that robbery, the attackers were able to compel the Federal Reserve Bank of New York to move money to accounts in the Philippines.

The second attack involves a commercial bank, which SWIFT declined to identify. But in a letter SWIFT plans to share with its users on Friday, the messaging network warned that the two attacks bore numerous similarities and were very likely part of a “wider and highly adaptive campaign targeting banks.’’

The unusual warning from SWIFT, a copy of which was reviewed by The New York Times, shows how serious the financial industry regards these attacks to be. Some banking experts say they may be impossible to solve or trace. SWIFT said the thieves somehow got their hands on legitimate network credentials, initiated the fraudulent transfers and installed malware on bank computers to disguise their movements.

“The attackers clearly exhibit a deep and sophisticated knowledge of specific operation controls within the targeted banks — knowledge that may have been gained from malicious insiders or cyberattacks, or a combination of both,’’ SWIFT said in its warning, which is expected to be posted on a secure part of its website on Friday.

Security experts who have studied the attacks said the thieves probably were lurking inside the bank systems for months before they were detected.

In its warning, SWIFT pointed to another worrying situation: that the gang of thieves may have been able to recruit bank employees to hand over credentials and other key details.

In both cases, the core messaging system of SWIFT was not breached; rather, the criminals attacked the banks’ connections to the SWIFT network. Each bank is responsible for maintaining the security of its connection to SWIFT. Digital criminals have found ways to exploit loopholes in bank security to obtain login credentials and dispatch fraudulent SWIFT messages.

The attacks have been a major headache for the ubiquitous and publicity-shy SWIFT, an acronym for the Society for Worldwide Interbank Financial Telecommunication. Based in Belgium, Swift is partly owned and overseen by the world’s biggest banks.