NEWS
NEWS
NEWS
Hackers stole $81m from Bangladesh Bank by exploiting SWIFT software
The security flaws that lead to an audacious heist of Bangladesh’s Central Bank have been found to be in software used globally to facilitate transfers between banks.
Bangladesh Bank had $81 million stolen from them in February (the figure was first thought to be $100 million), and at the time they claimed that the funds had been stolen from their foreign exchange account at the Federal Reserve Bank of New York.
An investigation by BAE systems instead found that after hackers had entered the banks systems, which had no firewall and were using a second-hand $10 network, they managed to hack the software of the Society for Worldwide Interbank Financial Telecommunication, more commonly known as SWIFT.
According to Reuters, hackers manipulated the Alliance Access server software which banks use to interface with SWIFT’s messaging platform, to gain access to the funds, and then cover their tracks.
Alliance reads and writes SWIFT messages to files on the filesystem, and records transactional information in an Oracle database; once inside, the hackers designed malware that removed integrity checks within the software and then watched transaction files waiting for payment orders and confirmations for specific terms.
Once a message meeting the criteria was found, the malware would then do a number of things, including increasing the amounts of payment orders, modifying confirmation messages from the SWIFT network itself, and then altering communications to show the original, correct transactions and deleting the actual transaction from the Alliance database.
Response
SWIFT confirmed the breach and said that they were issuing a software update “to assist customers in enhancing their security and to spot inconsistencies in their local database records,” and that “the malware has [had] no impact on SWIFT’s network or core messaging services.”
The organization also issued a warning to all of its 11,000 plus members about the potential problem.
In the end, it was pure luck that Bangladesh Bank had not been taken for far more money as the hackers had been attempting to steal $951 million but came undone when a typo in the name of a transfer drew the attention of bank employees.
The overall investigation continues.
Image credit: vladus/Flickr/CC by 2.0
Since you’re here …
… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.
