SWIFT Hacked: Global Bank Transfer System Infected with Malware

The SWIFT (Society for Worldwide Interbank Financial Telecommunications) messaging platform used by 11,000 banks in more than 200 nations has been blamed for a breach that cost the Bangladesh Bank $81 million; cost the head of said bank to lose his job; and may yet lead to a civil suit against the US Federal Reserve.

SWIFT is a Brussels-based, member-owned (3,000 in total) cooperative that provides international codes to facilitate payments between banks globally. Hackers used malware hidden in the servers housed at the Bangladesh Bank to access the information needed to fake a legitimate bank transfer. The thieves used the data to transfer $81 million from the US Federal Reserve Bank of New York to banks and then casinos in the Philippines, from where the thieves had access to their loot.

BAE Systems research suggests that the malware was designed to delete any trace of a breach. It was the hackers inability to spell that lead to their heist being uncovered. The spelling of 'foundation' as 'fandation' lead to the phone call from Deutsche Bank that brought an abrupt halt to a robbery that could have netted the cybercrooks $1 billion, instead of the $81 million.

The malware has been identified as evtdiag.exe, a program designed to make slight changes to the SWIFT’s Access Alliance software installed at the Bangladesh Bank. The malware was carefully constructed for the purposes of attacking the Bangladesh Bank, allowing for database editing and message intercepting.

SWIFT have been criticized by the head of the Forensic Training Institute of Bangladesh’s police criminal investigation department, Mr Alam, who claimed that SWIFT failed to advise Bangladesh Bank prior to the heist. The bank itself has been criticized for its failure to implement even the most basic of security necessities such as a firewall and using cheap ($10), second-hand switches for its local servers. It is felt that better quality hardware and industry standard software would have made the breach more difficult.

SWIFT have promised to release a software update on the 25/4/16 along with a reminder to banking institutions to scrutinize their security procedures.

So far the Bangladesh Bank is the only institution that appears to have been affected by the malware, there are fears that many more may have been victimized and simply elected to refrain from going public with their bad news.

This incident may be a reminder that banks and other trusted institutions remain behind the times in their thinking regarding security - physical security remains the priority with cybersecurity sadly neglected.