NEWS
NEWS
NEWS
Hackers stole $81m from Bangladesh Bank by exploiting SWIFT software
The security flaws that lead to an audacious heist of Bangladesh’s Central Bank have been found to be in software used globally to facilitate transfers between banks.
Bangladesh Bank had $81 million stolen from them in February (the figure was first thought to be $100 million), and at the time they claimed that the funds had been stolen from their foreign exchange account at the Federal Reserve Bank of New York.
An investigation by BAE systems instead found that after hackers had entered the banks systems, which had no firewall and were using a second-hand $10 network, they managed to hack the software of the Society for Worldwide Interbank Financial Telecommunication, more commonly known as SWIFT.
According to Reuters, hackers manipulated the Alliance Access server software which banks use to interface with SWIFT’s messaging platform, to gain access to the funds, and then cover their tracks.
Alliance reads and writes SWIFT messages to files on the filesystem, and records transactional information in an Oracle database; once inside, the hackers designed malware that removed integrity checks within the software and then watched transaction files waiting for payment orders and confirmations for specific terms.
Once a message meeting the criteria was found, the malware would then do a number of things, including increasing the amounts of payment orders, modifying confirmation messages from the SWIFT network itself, and then altering communications to show the original, correct transactions and deleting the actual transaction from the Alliance database.
Response
SWIFT confirmed the breach and said that they were issuing a software update “to assist customers in enhancing their security and to spot inconsistencies in their local database records,” and that “the malware has [had] no impact on SWIFT’s network or core messaging services.”
The organization also issued a warning to all of its 11,000 plus members about the potential problem.
In the end, it was pure luck that Bangladesh Bank had not been taken for far more money as the hackers had been attempting to steal $951 million but came undone when a typo in the name of a transfer drew the attention of bank employees.
The overall investigation continues.
Image credit: vladus/Flickr/CC by 2.0
A message from John Furrier, co-founder of SiliconANGLE:
Support our open free content by sharing and engaging with our content and community.
Join theCUBE Alumni Trust Network
Where Technology Leaders Connect, Share Intelligence & Create Opportunities
11.4k+
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.
SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
