25 April, AtoZForex, Lagos – The hack investigation into the account of the Central Bank of Bangladesh, resulting in a $81 million heist, is still ongoing. However, some interesting discoveries have been made. The hack was traced to malware which altered the code of the SWIFT security system. In order to hide the traces of fraudulent payments from customers’ local database applications. The attackers tried to steal an aggregate of $951 million from the Bangladesh central bank’s account at the Federal Reserve Bank of New York in February. However, most of the transfer attempt was thwarted, with only $81 million routed to accounts in the Philippines and diverted to casinos by the Bangladesh Bank hackers.
BAE systems research report
The discovery was publicized by security researchers at British defense contractor BAE Systems. According to the report from BAE, it shows that the Bangladesh Bank hackers went to a great length to pull this off and cover their tracks. BAE said the SWIFT software on the bank computers was probably compromised in order to erase records of illicit transfers. Hence, being able to prevent early detection. Adrian Nish, BAE’s head of threat intelligence, said he had never seen such an elaborate scheme from criminal hackers before:
“I can’t think of a case where we have seen a criminal go to the level of effort to customize it for the environment they were operating in. I guess it was the realization that the potential payoff made that effort worthwhile.”
SWIFT denies malware impact of Bangladesh Bank hackers
Although confirming that its security system was actually hacked, particularly the Alliance Access server software. The Society for Worldwide Interbank Financial Telecommunication (SWIFT) has however defended itself. As SWIFT clarified that the attack was only made possible due to the Bangladesh Bank hackers were able to successfully identify and exploit weaknesses in their local security. The cooperative owned by 3,000 financial institutions, also confirmed that it had created a software update to thwart the malware. Also emphasizing to financial institutions to properly scrutinize their security procedures.
As confirmed by Bangladesh police investigators last week, the bank’s local computer security measures were seriously deficient, with the system lacking even basic precautions such as firewalls. While also adopting used, $10 switches in its local networks. This made it very vulnerable. However, in an interview with Reuters, police investigators insist that both the bank and SWIFT should take the blame for the attack by the Bangladesh Bank hackers.
Think we missed something? Let us know down in the comments section.