Finance messaging giant SWIFT plans new measures to help banks combat fraud, after a gang broke into Bangladesh's central bank in February and stole £57 million pounds—and were only caught because one of them made a typo in a £15 million transfer.
The banking communications network, which allows financial institutions across the world to send each other secure messages about their transactions, is introducing "Daily Validation Reports," which it bills as a mechanism to help customers detect unusual patterns in their message flows, and give them more of a chance "to identify possible fraud attempts and improving the likelihood they can cancel any fraudulent transfers."
The heist, which could have cost almost £700 million but for the typo—which spelled the name of a Sri Lankan NGO called the "Shalika Foundation" as the "Shalika Fandation"—which raised red flags at Deutsche Bank, who warned the Bangladeshis, allowing them to cancel most of the rest of the transactions. Worse still, the Shalika Foundation appears not even to exist, Reuters reported.
Security firm FireEye, investigating the hack, has been contacted by numerous other banks, including some in New Zealand and the Philippines. While most of the attempted transfers in the original heist were cancelled, some $81 million was sent to the Philippines and subsequently laundered through casinos. The SWIFT organization in a statement said that some of these reports may be false positives, and that banks should rigorously review their computing environments to look for hackers.
Symantec, meanwhile, has corroborated earlier claims from BAE Systems that the hackers that stole from the Bangladesh central bank are linked to the hackers that have attacked targets in the US and South Korea since 2009, and that hacked Sony Pictures in 2014. The FBI claimed that those hackers were North Korean. Symantec's rationale is the same as that of BAE; malware found at the bank, Sony, and other victims, all appears to share common code for securely deleting files to cover its tracks.
Technicians from the global payment network SWIFT left Bangladesh's Central Bank vulnerable to an attack that saw attackers steal $81 million, according to Bangladeshi police and bank officials speaking to Reuters.
In February, unknown hackers broke into the Bangladesh Bank and almost got away with just shy of $1 billion. In the event, their fraudulent transactions were cancelled after they managed to transfer $81 million when a typo raised concerns about one of the transactions. That money is still unrecovered. In April, we learned that preliminary investigations had revealed the use of cheap networking and a lack of firewalls, both contributing to the attack.
The new report sheds further light on the incident. The SWIFT organization is owned by 3,000 financial companies and operates a network for sending financial transactions between financial institutions. Technicians from the organization worked at the central bank last year when they were connecting the Bangladesh's real-time gross settlement (RTGS) system to the SWIFT network. Mohammad Shah Alam, leading the probe for the Bangladesh police, told Reuters that the technicians doing this work left "a lot of loopholes" that were not subsequently addressed.