While it might be something of an exaggeration to say that Bangladesh left its central bank’s “global banking computer” open to the public, emerging evidence indicates there is probably a lot more it could have done to secure it.
Sitting on the eighth floor of a 31-story building in Dhaka, the machine connects to the SWIFT messaging system that even IT guys can’t get into without supervised access, according to former Bangladeshi central bank officials.
But, on Feb. 4, security may have left the terminal on and, by so doing, made it possible for more than $100 million to be siphoned out.
“We are working with experts, as well as SWIFT and other partners, to strengthen our security,” a banking official noted, offering no comment as to whether or not the terminal had been left unsecured.
The Society for Worldwide Interbank Financial Telecommunication (SWIFT) was set up as a cooperative system between banks in the 1970s that today connects more than 11,000 financial institutions. SWIFT is the behind the vast majority of worldwide cross-border payments, which means literally millions of transfer messages are processed each day.
SWIFT’s motto? “Failure is not an option.”
Well, apparently, those options are broader than initially thought, and the fact that hackers could gain access to the SWIFT network and make $100 million go up in smoke has raised worldwide alarm bells.
SWIFT notes its network wasn’t breached, which is accurate — the access was at the Bangladeshi central bank level. According to FireEye — the Silicon Valley security firm auditing the theft — it seems some sneaky malware was covertly installed, then hung out for a few days before going after the SWIFT terminal. By using keystroke software, thieves were able to steal operating codes, which allowed them to “process and authorize SWIFT transactions,” FireEye’s report said.
“The security breach of the SWIFT environment is part of a much larger breach that is currently under investigation,” the report said. FireEye investigators have warned Bangladeshi officials that at least 32 computers at the central bank may have been breached by hackers leading up to the attack on Feb. 5.
SWIFT said Monday (March 21) it would ask customers to review their internal security in light of the Bangladesh Bank breach.
“Our priority at this time is to investigate the interim findings and to encourage customers to review and, where necessary, to reinforce their local operating environments,” SWIFT spokeswoman Natasha de Teran said.