1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Better SWIFT software design would have thwarted Bangladesh Bank cyber heist

Discussion in 'Network World' started by RSS, Apr 25, 2016.

  1. RSS

    RSS New Member Member

    In February, attackers tried to steal $951 million using the SWIFT bank transfer system by submitting transfer requests from the Central Bank of Bangladesh to the Federal Reserve Bank of New York. Before the cyber heist was detected, attackers got away with $81 million by routing and laundering the funds through a bank account in the Philippines. Most of the transfers were thwarted for an unexplained reason.

    Reuters reported the details of the cyber heist based on an interview with defense contractor and security researcher BAE Systems. It wasn’t clear if BAE Systems worked independently, for SWIFT or for the Bangladesh Bank. The report exposes that the SWIFT software has the same design flaws as the Target point-of-sale (POS) system. Both imprudently relied on the assumption of an impenetrable perimeter for security. The fault appears to be SWIFT’s—if BAE is correct in its report that “the malware registers itself as a service and operates within an environment running SWIFT’s Alliance software suite, powered by an Oracle Database.”

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page