2015–16 SWIFT banking hack
In 2015 and 2016, a series of cyberattacks using the SWIFT banking network were reported, resulting in the successful theft of millions of dollars.[1][2] The attacks were perpetrated by a hacker group nicknamed Lazarus by researchers. The group, which is also responsible for the 2014 Sony Pictures Entertainment hack, has been linked to North Korea. If North Korea's involvement is true, it would be the first known incident of a state actor using cyberattacks to steal funds.
The attacks exploited vulnerabilities in the systems of member banks, allowing the attackers to gain control of the banks' legitimate SWIFT credentials. The thieves then used those credentials to send SWIFT funds transfer requests to other banks, which, trusting the messages to be legitimate, then sent the funds to accounts controlled by the attackers.[1]
First reports
The first public reports of these attacks came from thefts from Bangladesh central bank and a bank in Vietnam.
An $81 million theft from the Bangladesh central bank via its account at the New York Federal Reserve Bank was traced to hacker penetration of SWIFT's Alliance Access software, according to a New York Times report. It was not the first such attempt, the society acknowledged, and the security of the transfer system was undergoing new examination accordingly.[3]
Soon after the reports of the theft from the Bangladesh central bank, a second, apparently related, attack was reported to have occurred on a commercial bank in Vietnam.[1]
Both attacks involved malware written to both issue unauthorized SWIFT messages and to conceal that the messages had been sent. After the malware sent the SWIFT messages that stole the funds, it deleted the database record of the transfers then took further steps to prevent confirmation messages from revealing the theft. In the Bangladeshi case, the confirmation messages would have appeared on a paper report; the malware altered the paper reports when they were sent to the printer. In the second case, the bank used a PDF report; the malware altered the PDF viewer to hide the transfers.[1]
Furthermore, news agency Reuters reported on 20 May 2016 that there had already been a similar case in Ecuador in early 2015 when Banco del Austro funds were transferred to bank accounts in Hong Kong. Neither Banco del Austro nor Wells Fargo, who were asked to conduct the transactions, initially reported the movements to SWIFT as suspicious; implications that the actions actually were a theft only emerged during a BDA lawsuit filed against Wells Fargo.[2]
Expanded scope and suspicions of North Korea
After the initial two reports, two security firms reported that the attacks involved malware similar to that used in the 2014 Sony Pictures Entertainment hack and impacted as many at 12 banks in Southeast Asia.[4][5] Both attacks are attributed to a hacker group nicknamed Lazarus by researchers. Symantec has linked the group with North Korea.[6] If North Korea's involvement is true, it would be the first known incident of a state actor using cyberattacks to steal funds.[7][8]
Ramifications
If the attack did originate in North Korea, the thefts would have profound implications for international relations. It would be the first known instance of a state actor using cyber attacks to steal funds.[8]
The thefts may also have implications for the regime of international sanctions that aim to isolate North Korea's economy. The theft may represent a significant percentage of North Korea's current GDP.[8]
Moreover, trust in the SWIFT system has an important element in international banking for decades. Banks consider SWIFT messages trustworthy, and can thus follow the transmitted instructions immediately. In addition, the thefts themselves can threaten the solvency of the member banks.[4]
"This is a big deal, and it gets to the heart of banking," said SWIFT's CEO, Gottfried Leibbrandt, who added, "Banks that are compromised like this can be put out of business."[4]
See also
References
- 1 2 3 4 Corkery, Michael (May 12, 2016). "Once Again, Thieves Enter Swift Financial Network and Steal". New York Times. Retrieved May 13, 2016.
- 1 2 Bergin, Tom; Layne, Nathan (May 20, 2016). "Special Report: Cyber thieves exploit banks' faith in SWIFT transfer network". Reuters. Retrieved May 24, 2016.
- ↑ Corkery, Michael (April 30, 2016). "Hackers' $81 Million Sneak Attack on World Banking". The New York Times. Retrieved May 1, 2016.
- 1 2 3 Riley, Michael; Katz, Alan (May 26, 2016). "Swift Hack Probe Expands to Up to a Dozen Banks Beyond Bangladesh". Bloomberg. Retrieved May 28, 2016.
- ↑ Bright, Peter. "12 more banks now being investigated over Bangladeshi SWIFT heist". Ars Technica. Retrieved May 28, 2016.
- ↑ Pagliery, Jose; Riley, Charles (May 27, 2016). "North Korea-linked 'Lazarus' hackers hit a fourth bank in Philippines". CNN Money. Retrieved May 29, 2016.
- ↑ Shen, Lucinda (May 27, 2016). "North Korea Has Been Linked to the SWIFT Bank Hacks". Fortune. Retrieved May 28, 2016.
- 1 2 3 Perlroth, Nicole; Corkery, Michael (May 26, 2016). "North Korea Linked to Digital Attacks on Global Banks". New York Times. Retrieved May 28, 2016.