Second Hacker Group Targets SWIFT Users, Symantec Warns

A second hacking group has sought to rob banks using fraudulent SWIFT messages, cyber security firm Symantec said on Tuesday. The group is said to be using the same approach that resulted in $81 million in the high-profile February attack on Bangladesh's central bank. From a Reuters report: Symantec said that a group dubbed Odinaff has infected 10 to 20 Symantec customers with malware that can be used to hide fraudulent transfer requests made over SWIFT, the messaging system that is a lynchpin of the global financial system. Symantec's research provided new insight into ongoing hacking that has previously been disclosed by SWIFT. SWIFT Chief Executive Gottfried Leibbrandt last month told customers about three hacks and warned that cyber attacks on banks are poised to rise. SWIFT and Symantec have not identified specific victims beyond Bangladesh Bank. Symantec said that most Odinaff attacks occurred in the United States, Hong Kong, Australia, the United Kingdom and Ukraine.

So Symantec customer are not protected...

[JcMorin]

So if I read properly, even Symantec customers are not protected against hack...

Re:So Symantec customer are not protected...

You must be new here.

Re:So Symantec customer are not protected...

[Humbubba]

Examples of Symantec's Reputation at Slashdot to reinforce your point: "Google Found Disastrous Symantec and Norton Vulnerabilities That Are 'As Bad As It Gets' " https://it.slashdot.org/story/...; "Symantec Antivirus Products Vulnerable To Horrid Overflow Bug" https://it.slashdot.org/story/...; "Antivirus Software Is 'Increasingly Useless' and May Make Your Computer Less Safe" https://it.slashdot.org/story/...; Adding a cherry on top, that at the time (1st quater of 2014) Symantec's senior vice president Brian Dye said anti-virus is dead. http://www.techtimes.com/artic....

Unsurprising this ....

[ColdWetDog]

That nefarious persons, politicians and the occasional hacker will go after large sums of money that are poorly protected from theft and diversion.

Raise the moat!

Hacker group targets SWIFT users?

But I was told Macs did not have viruses!

Re:Hacker group targets SWIFT users?

You were never told that.

Re:Hacker group targets SWIFT users?

[fbobraga]

No? Maybe not officially, but a seller on an Apple Store said me that once (GENIUS! No, wait)...

"Closed Network Syndrome" strikes again

[ErichTheRed]

This is the same thing that happens with networks like SCADA systems, supposedly "air gapped" networks, etc. Even if there is no physical access to the network, it can totally be defeated by a USB key. I'm sure SWIFT has tons of security in place to protect the actual transaction, but lots of these systems that I've seen over the years have relied on the fact that they're typically isolated...which means very little these days. Because the networks are isolated, it becomes more of a pain to apply patches and updates, and network owners are less likely to bother because of this. And in the case of the SCADA stuff or a vertical-market company that doesn't really have much competition, there's little incentive for the device manufacturer or network owner to do any maintenance or write secure code in the first place.

It's kind of sad, but any networked system these days has to assume that anyone accessing it, whether inside or outside the company perimeter, is attacking it. Too many companies assume that if a machine is plugged into the "inside" network, it's safe. Changing access policies is a hard sell though, so places keep doing it and keep getting compromised.

Re:"Closed Network Syndrome" strikes again

[Bob+the+Super+Hamste]

To be fair not all SCADA systems are as unprotected as you would imply but they are not the fortress for security one would hope. In North America there is the NERC CIP standards that need to be followed for grid operators which are a good start and should be approachable for most /. readers. The nice thing is that NERC has teeth and fines can be huge (I believe up to $1,000,000 per violation per day of non compliance) The NERC CIP standards go a whole lot farther than the other major standard that is mentioned often in these discussion which is PCI DSS which seems to be written more for managers who like check boxes. Another consideration is the Cybersecurity Procurement Language for Energy Delivery Systems which is being picked up by a number of organizations as a set of requirements. Then there is always the reasonable and prudent CIS Benchmarks for the OSes and software you are running. I do think that a lot of SWIFT operators think that something like PCI DSS is good enough but it isn't.

A year or two back. . .

[Salgak1]

. . . . . I interviewed with SWIFT. Nothing discussed was particularly cutting-edge, from the details I gathered (which probably aren't complete), the major feature was a interconnected set of VPNs. I mentioned dual-key cryptography and was met with a lot of blank looks. Which implies either they weren't using it, or they have a rather substantial collection of really good poker players. . .

Re:A year or two back. . .

[jellomizer]

Old style security.
Back in the good old days, where you just needed to protect your outside connection and leave your intranet wide open.
Or how about the gooder older days if you system was hooked up to a modem, high security was asking for a password to login.

Re:A year or two back. . .

By Old Style . . you mean CLASSIC security. =)

Anti-virus doesn't work- the solution is freedom

If you want to setup secure systems and not be as vulnerable to this crap we need to open up the systems to outside scrutiny and have mechanisms in place to patch vulnerabilities expeditiously and securely. Every bank I've ever gone into seems to be running Microsoft Windows. Is it really any wonder that these systems are vulnerable and being attacked? Between government and corporate incompetence in software, hardware, and security it's no wonder this problems popping up. It is more amazing we're just now seeing it.

What we need to do to secure our systems is to reduce the bloat and build off long-term open standards. Right now that is extremely difficult to do. A start is based around EOMA68, but that's only going to go so far and is not in and of itself a secure solution. A lot of software has to be ported to the cards and housings compliant with EOMA68. EOMA68 is merely a long term interoperability standard so that you can design a computer in the form of a card and upgrade that card without replacing the rest of the hardware. It's a standard of standards (all general purpose buses). The first computer cards are based off completely free software where we have 100% of the code under free software licenses. Now we need to reduce the bloat, audit this code in its entirety, clean it up, utilize open development models, and go from there to be reasonably confident that we can be secure in the systems we utilize. We must get away from Intel/AMD whom refuse to cooperate and we are reasonably sure have included backdoors in critical components (Example: Intel Management Engine).

Got questions for a SWIFT Admin? Ask them.

Professional SWIFT Admin for a large company here. Ask me anything ;-) (until sleeping time - within the next hour or so).

Hacker Group Targets WINDOWS Users

[khz6955]

The article neglected to mention that the SWIFT hack only works on an Oracle database running on top of Microsoft Windows and consisted of replacing two bytes in a running process.