BY Richard Summerfield
The Bangladeshi banking hack, which saw $81m stolen by cyber criminals in February, has caused the Society for Worldwide Interbank Financial Telecommunication (SWIFT) to issue a statement announcing the creation of a new five point security plan which will be released this week.
SWIFT’s secure messaging service is, in many ways, the glue that binds much of the global international banking system together. It allows banks to communicate with one another, sending payment instructions back and forth. However, the service acted as the backdoor for criminals to carry out the Bangladeshi theft. Via a number of coordinated cyber attacks, criminals broke into the messaging service, hijacked the system and redirected payments for their own ends.
Worryingly for both SWIFT and the global financial system, the Bangladeshi hack is not an isolated incident. In Ecudaor in 2015, a similar attack saw cyber thieves take more than $12m. An attack on Vietnam’s Tien Phong Bank, which was unsuccessful, has also recently come to light. It appears that these three publicised attacks may just be the tip of the iceberg.
Gottfried Leibbrandt, SWIFT’s chief executive, told an audience at the European Financial Services Conference in Brussels that “The Bangladesh fraud is not an isolated incident: we are aware of at least two, but possibly more, other cases where fraudsters used the same modus operandi, albeit without the spectacular amounts. The banks were compromised, credentials to payment generation systems were obtained to send fraudulent payments and the statements/confirmations from their counterparties were obfuscated."
In response to the hack, SWIFT will introduce certification requirements for vendors that help some banks connect to the network and use pattern recognition to identify suspicious behaviour.
In light of the reported – and unreported - cases SWIFT has called on the wider banking sector to do more to counteract cyber theft. It reiterated that while the company has a key role to play, it is not a regulator. "SWIFT is not all-powerful, we are not a regulator and we are not a policeman," said Mr Leibbrandt.
SWIFT’s response to these hacks may help shape the future of global banking.