Slashdot Mirror

← Back to Stories (view on slashdot.org)

SWIFT Discloses More Cyber Thefts, Pressures Banks On Security (reuters.com)

Posted by msmash on from the security-breach dept.

Jim Finkle, reporting for Reuters:SWIFT, the global financial messaging system, on Tuesday disclosed new hacking attacks on its member banks as it pressured them to comply with security procedures instituted after February's high-profile $81 million heist at Bangladesh Bank. In a private letter to clients, SWIFT said that new cyber-theft attempts -- some of them successful -- have surfaced since June, when it last updated customers on a string of attacks discovered after the attack on the Bangladesh central bank. "Customers' environments have been compromised, and subsequent attempts (were) made to send fraudulent payment instructions," according to a copy of the letter reviewed by Reuters. "The threat is persistent, adaptive and sophisticated - and it is here to stay." The disclosure suggests that cyber thieves may have ramped up their efforts following the Bangladesh Bank heist, and that they specifically targeted banks with lax security procedures for SWIFT-enabled transfers. The Brussels-based firm, a member-owned cooperative, indicated in Tuesday's letter that some victims in the new attacks lost money, but did not say how much was taken or how many of the attempted hacks succeeded.

5 of 30 comments (clear)

  1. the... by fyngyrz · · Score: 2

    Wait, the VICTIMS lost money? Because the BANK'S security was compromised???

    WTF do you keep your money in a bank for if they're not making certain it's safe???

    JFC, time to go back to buried coffee cans. It's not like you can earn interest worth a shit anymore in a bank account anyway.

    --
    I've fallen off your lawn, and I can't get up.
    1. Re:the... by Anonymous Coward · · Score: 3, Informative

      As of 1 Oct. 2015, the liability for fraudulent use of an EMV enabled card in the U.S. falls to whichever of the merchant or the bank are the least EMV compliant, not the customer whose card was fraudulently used.

    2. Re:the... by guruevi · · Score: 4, Informative

      The "victims" here would be the banks. Swift is a consortium of banks that facilitates international (or at least EU) bank-to-bank transfers. It's basically the routing number banks use for international transfers. From what I remember from using it, the transfer itself does not contain account numbers. If the swift network is what is compromised, the hackers could initiate fraudulent no-origin transfers.

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
  2. Re:Not so SWIFT afterall by jellomizer · · Score: 2

    It is nice that you feel a cool and confidant as wherever you work hasn't been hacked yet.

    Security problem is across all sectors Government, Non-Profit, corporate...
    Why? Well IT Security is a relatively new problem. As we are hooking many systems together. However organizations are still not thinking in terms of IT Security. And also the Buzzword friendly "Agile/Nimble..." organization has no time for such security problems as Good IT people are Expensive, and this Security Work isn't directly affecting the bottom line.

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
  3. Two Bytes to $951M .. by khz6955 · · Score: 3, Interesting

    'The malware enumerates all processes, and if a process has the module liboradb.dll loaded in it, it will patch 2 bytes in its memory at a specific offset. The patch will replace 2 bytes 0x75 and 0x04 with the bytes 0x90 and 0x90.'