Inside the $81M SWIFT Bank Heist, J.P. Morgan Chase Limits Access After More Hacks

in news •  8 years ago  (edited)

The global banking process is in a heap of trouble. Major U.S. banks are scrutinizing security of the SWIFT banking network following cyber attacks in Bangladesh and Vietnam involving fraudulent transfer requests, according to media reports on Tuesday. JPMorgan Chase & Co (JPM.N) has limited SWIFT access to some employees amid questions about the breaches at two Asian banks, The Wall Street Journal reported, citing people familiar with the matter. The hackers were after $1 Billion. By targeting the methods that member banks use to conduct transactions over the SWIFT network, the hackers have undermined a system that until now had been viewed as stalwart. SWIFT codes for at least seven international banks were written into malware used in an attack that Vietnam's Tien Phong Bank disclosed over the weekend, Bloomberg reported, citing a private report published by BAE Systems PLC (BAES.L).

The malware was configured to hide transaction messages involving those banks, Bloomberg reported. It said they included Industrial & Commercial Bank of China Ltd (601398.SS), Bank of Tokyo Mitsubishi UFJ Ltd [MTFGTU.UL], UniCredit SpA (CRDI.MI), Australia & New Zealand Banking Group Ltd (ANZ.AX), United Overseas Bank Ltd (UOBH.SI) of Singapore, South Korea’s Kookmin Bank [KOOKM.UL] and Japan’s Mizuho Bank Ltd [MZFGAE.UL].

INSIDE THE $81 MILLION BANGLADESH HEIST

When reports surfaced in February of a spectacular bank hack that sucked $81 million from accounts at Bangladesh Bank in just hours, news headlines snickered over a typo that prevented the hackers from stealing the full $1 billion they were after.

Last week the snickering stopped with new reports that the hackers struck a second bank, and possibly others—though authorities won’t say if those heists were equally successful. Bank hacks have traditionally focused on stealing the login credentials of bank account holders—either individuals or small businesses. Billions have been stolen successfully in this way. But the hacks in this case targeted the banks themselves and focused on subverting their SWIFT accounts, the international money transfer system that banks use to move billions of dollars daily between themselves.

As details continue to trickle out about how the heists unfolded, here’s a look at what we do and don’t know so far.

WHAT IS SWIFT?

SWIFT stands for the Society for Worldwide Interbank Financial Telecommunication and is a consortium that operates a trusted and closed computer network for communication between member banks around the world. The consortium, which dates back to the 1970s, is based in Belgium and is overseen by the National Bank of Belgium and a committee composed of representatives from the US Federal Reserve, the Bank of England, the European Central Bank, the Bank of Japan and other major banks. The SWIFT platform has some 11,000 users and processes about 25 million communications a day, most of them money transfer transactions. Financial institutions and brokerage houses that use SWIFT have codes that identify each institution as well as credentials that authenticate and verify transactions.

WHAT HAPPENED?

On February 4, unknown hackers used SWIFT credentials of Bangladesh Central Bank employees to send more than three dozen fraudulent money transfer requests to the Federal Reserve Bank of New York asking the bank to transfer millions of the Bangladesh Bank’s funds to bank accounts in the Philippines, Sri Lanka and other parts of Asia.

The hackers managed to get $81 million sent to Rizal Commercial Banking Corporation in the Philippines via four different transfer requests and an additional $20 million sent to Pan Asia Banking in a single request. But the Bangladesh Bank managed to halt $850 million in other transactions. The $81 million was deposited into four accounts at a Rizal branch in Manila on Feb. 4. These accounts had all been opened a year earlier in May 2015, but had been inactive with just $500 sitting in them until the stolen funds arrived in February this year, according to Reuters.

A printer “error” helped Bangladesh Bank discover the heist. The bank’s SWIFT system is configured to automatically print out a record each time a money transfer request goes through. The printer works 24 hours so that when workers arrive each morning, they check the tray for transfers that got confirmed overnight. But on the morning of Friday February 5, the director of the bank found the printer tray empty. When bank workers tried to print the reports manually, they couldn’t. The software on the terminal that connects to the SWIFT network indicated that a critical system file was missing or had been altered.

When they finally got the software working the next day and were able to restart the printer, dozens of suspicious transactions spit out. The Fed bank in New York had apparently sent queries to Bangladesh Bank questioning dozens of the transfer orders, but no one in Bangladesh had responded. Panic ensued as workers in Bangladesh scrambled to determine if any of the money transfers had gone through—their own records system showed that nothing had been debited to their account yet—and halt any orders that were still pending. They contacted SWIFT and New York Fed, but the attackers had timed their heist well; because it was the weekend in New York, no one there responded. It wasn’t until Monday that bank workers in Bangladesh finally learned that four of the transactions had gone through amounting to $101 million.

Bangladesh Bank managed to get Pan Asia Banking to cancel the $20 million that it had already received and reroute that money back to Bangladesh Bank’s New York Fed account. But the $81 million that went to Rizal Bank in the Philippines was gone. It had already been credited to multiple accounts—reportedly belonging to casinos in the Philippines—and all but $68,000 of it was withdrawn on February 5 and 9 before further withdrawals were halted. The manager of the Rizal Bank branch has been questioned about why she allowed the money to be withdrawn on the 9th, even after receiving a request that day from Bangladesh Bank to halt the money.

The hackers might have stolen much more if not for a typo in one of the money transfer requests that caught the eye of the Federal Reserve Bank in New York. The hackers apparently had indicated that at least one of the transfers should go to the Shalika Foundation, but they misspelled “foundation” as “fandation.”

HOW MANY BANKS WERE HIT?

At least two, possibly more. SWIFT sent out an alert to members last week indicating that a second bank in Asia had been targeted in a similar attack and that a “small number of recent cases of fraud” had occurred at customer firms. The alert did not identify the second bank in Asia, but Tien Phong Bank in Vietnam told Reuters over the weekend that in the fourth quarter of last year it encountered and stopped a similar SWIFT hack—amounting to about $1.1 million—before any funds could be taken.

A SWIFT spokesman told the Wall Street Journal that a “few” other incidents had occurred, but didn’t elaborate on whether there were successful heists at other banks or simply other attempts.

http://www.bloomberg.com/news/articles/2016-05-16/vietnam-bank-hacking-attempt-shows-weakness-of-swift-connection

http://www.reuters.com/article/us-cyber-heist-swift-banks-idUSKCN0Y82HW

https://www.wired.com/2016/05/insane-81m-bangladesh-bank-heist-heres-know/

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

This content is mostly copied!.
Get random chunks of text and copy them in Google and find the original source!