NEWS
NEWS
NEWS
Hackers stole $81m from Bangladesh Bank by exploiting SWIFT software
The security flaws that lead to an audacious heist of Bangladesh’s Central Bank have been found to be in software used globally to facilitate transfers between banks.
Bangladesh Bank had $81 million stolen from them in February (the figure was first thought to be $100 million), and at the time they claimed that the funds had been stolen from their foreign exchange account at the Federal Reserve Bank of New York.
An investigation by BAE systems instead found that after hackers had entered the banks systems, which had no firewall and were using a second-hand $10 network, they managed to hack the software of the Society for Worldwide Interbank Financial Telecommunication, more commonly known as SWIFT.
According to Reuters, hackers manipulated the Alliance Access server software which banks use to interface with SWIFT’s messaging platform, to gain access to the funds, and then cover their tracks.
Alliance reads and writes SWIFT messages to files on the filesystem, and records transactional information in an Oracle database; once inside, the hackers designed malware that removed integrity checks within the software and then watched transaction files waiting for payment orders and confirmations for specific terms.
Once a message meeting the criteria was found, the malware would then do a number of things, including increasing the amounts of payment orders, modifying confirmation messages from the SWIFT network itself, and then altering communications to show the original, correct transactions and deleting the actual transaction from the Alliance database.
Response
SWIFT confirmed the breach and said that they were issuing a software update “to assist customers in enhancing their security and to spot inconsistencies in their local database records,” and that “the malware has [had] no impact on SWIFT’s network or core messaging services.”
The organization also issued a warning to all of its 11,000 plus members about the potential problem.
In the end, it was pure luck that Bangladesh Bank had not been taken for far more money as the hackers had been attempting to steal $951 million but came undone when a typo in the name of a transfer drew the attention of bank employees.
The overall investigation continues.
Image credit: vladus/Flickr/CC by 2.0
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
