New Attack Reported on Global Bank Network
Thieves have again found their way into what was thought to be the most secure financial messaging system in the world and stolen money from a bank. The crime appears to be part of a broad computer attack on global banking.
New details about a second attack involving the system, Swift — used by thousands of banks and companies to move money around the world — are emerging as investigators try to solve an $81 million heist from the central bank of Bangladesh in February.
The second attack involves a commercial bank that Swift declined to identify. But in a letter Swift plans to share with its users on Friday, the messaging network warned that the two attacks had numerous similarities and were probably part of a “wider and highly adaptive campaign targeting banks.”
The unusual warning from Swift — a copy of which was reviewed by The New York Times — shows how serious the financial industry is treating these attacks. Swift said the thieves, possibly acting with help from bank employees, got their hands on network credentials, initiated fraudulent transfers, and installed malware on bank computers to disguise their actions.
“The attackers clearly exhibit a deep and sophisticated knowledge of specific operation controls within the targeted banks — knowledge that may have been gained from malicious insiders or cyberattacks, or a combination of both,” Swift said in its warning, which is expected to be posted on a secure part of its website Friday morning.
The security problems are not necessarily with the messaging network but with security controls at Swift’s bank customers. Criminals have found ways to exploit loopholes in bank security to gain computer access and dispatch fraudulent Swift messages.