fbpx
Wikipedia

2015–2016 SWIFT banking hack

January 01, 1970

In 2015 and 2016, a series of cyberattacks using the SWIFT banking network were reported, resulting in the successful theft of millions of dollars.[1][2] The attacks were perpetrated by a hacker group known as APT 38[3] whose tactics, techniques and procedure overlap with the infamous Lazarus Group who are believed to be behind the Sony attacks. Experts agree that APT 38 was formed following the March 2013 sanctions and the first known operations connected to this group occurred in February 2014. If the attribution to North Korea is accurate, it would be the first known incident of a state actor using cyberattacks to steal funds.

The attacks exploited vulnerabilities in the systems of member banks, allowing the attackers to gain control of the banks' legitimate SWIFT credentials. The thieves then used those credentials to send SWIFT funds transfer requests to other banks, which, trusting the messages to be legitimate, then sent the funds to accounts controlled by the attackers.[1]

First reports edit

The first public reports of these attacks came from thefts from Bangladesh central bank and a bank in Vietnam.

A $101 million theft from the Bangladesh central bank via its account at the New York Federal Reserve Bank was traced to cyber criminals exploiting software vulnerabilities in SWIFT's Alliance Access software, according to a New York Times report. It was not the first such attempt, the society acknowledged, and the security of the transfer system was undergoing new examination accordingly.[4][5]

Soon after the reports of the theft from the Bangladesh central bank, a second, apparently related, attack was reported to have occurred on a commercial bank in Vietnam.[1]

Both attacks involved malware written to both issue unauthorized SWIFT messages and to conceal that the messages had been sent. After the malware sent the SWIFT messages that stole the funds, it deleted the database record of the transfers then took further steps to prevent confirmation messages from revealing the theft. In the Bangladeshi case, the confirmation messages would have appeared on a paper report; the malware altered the paper reports when they were sent to the printer. In the second case, the bank used a PDF report; the malware altered the PDF viewer to hide the transfers.[1]

Furthermore, news agency Reuters reported on 20 May 2016 that there had already been a similar case in Ecuador in early 2015 when Banco del Austro funds were transferred to bank accounts in Hong Kong. Neither Banco del Austro nor Wells Fargo, who were asked to conduct the transactions, initially reported the movements to SWIFT as suspicious; implications that the actions actually were a theft only emerged during a BDA lawsuit filed against Wells Fargo.[2]

Expanded scope and suspicions of North Korea edit

After the initial two reports, two security firms reported that the attacks involved malware similar to that used in the 2014 Sony Pictures Entertainment hack and impacted as many at 12 banks in Southeast Asia.[6][7] Both attacks are attributed to a hacker group nicknamed Lazarus Group by researchers. Symantec has linked the group with North Korea.[8] If North Korea's involvement is true, it would be the first known incident of a state actor using cyberattacks to steal funds.[9][10]

Ramifications edit

International relations edit

If the attack did originate in North Korea, the thefts would have profound implications for international relations. It would be the first known instance of a state actor using cyber attacks to steal funds.[10]

The thefts may also have implications for the regime of international sanctions that aim to isolate North Korea's economy. The theft may represent a significant percentage of North Korea's current GDP.[10]

SWIFT system edit

Trust in the SWIFT system has been an important element in international banking for decades. Banks consider SWIFT messages trustworthy, and can thus follow the transmitted instructions immediately. In addition, the thefts themselves can threaten the solvency of the member banks.[6] "This is a big deal, and it gets to the heart of banking," said SWIFT's CEO, Gottfried Leibbrandt, who added, "Banks that are compromised like this can be put out of business."[6]

Following the attacks, SWIFT announced a new regime of mandatory controls required of all banks using the system.[11] SWIFT will inspect member banks for compliance, and inform regulators and other banks of noncompliance.

SWIFT officials have made repeated remarks that attacks on the system are expected to continue.[5][11] In September 2016, SWIFT announced that three additional banks had been attacked. In two of the cases, the hackers succeeded in sending fraudulent SWIFT orders, but the receiving banks found them to be suspicious and discovered the fraud. According to SWIFT officials, in the third case, a patch to the SWIFT software allowed the attacked bank to detect the hackers before messages were sent.[11]

See also edit

References edit

  1. ^ a b c d Corkery, Michael (May 12, 2016). "Once Again, Thieves Enter Swift Financial Network and Steal". New York Times. Retrieved May 13, 2016.
  2. ^ a b Bergin, Tom; Layne, Nathan (May 20, 2016). "Special Report: Cyber thieves exploit banks' faith in SWIFT transfer network". Reuters. Retrieved May 24, 2016.
  3. ^ Fireye. "APT 38:Un-Usual Suspects". Fireeye.com. Retrieved 2019-02-25.
  4. ^ Corkery, Michael (April 30, 2016). "Hackers' $81 Million Sneak Attack on World Banking". The New York Times. Retrieved May 1, 2016.
  5. ^ a b Mullen, Charles Riley and Jethro (2016-08-31). "SWIFT says that more banks are being hacked". CNNMoney. Retrieved 2017-01-02.
  6. ^ a b c Riley, Michael; Katz, Alan (May 26, 2016). "Swift Hack Probe Expands to Up to a Dozen Banks Beyond Bangladesh". Bloomberg. Retrieved May 28, 2016.
  7. ^ Bright, Peter (2016-05-27). "12 more banks now being investigated over Bangladeshi SWIFT heist". Ars Technica. Retrieved May 28, 2016.
  8. ^ Pagliery, Jose; Riley, Charles (May 27, 2016). "North Korea-linked 'Lazarus' hackers hit a fourth bank in Philippines". CNN Money. Retrieved May 29, 2016.
  9. ^ Shen, Lucinda (May 27, 2016). "North Korea Has Been Linked to the SWIFT Bank Hacks". Fortune. Retrieved May 28, 2016.
  10. ^ a b c "SWIFT Banking System Was Hacked at Least Three times This Summer". Fortune. September 26, 2016. Retrieved 2017-01-02.

January 01, 1970
2015, 2016, swift, banking, hack, 2015, 2016, series, cyberattacks, using, swift, banking, network, were, reported, resulting, successful, theft, millions, dollars, attacks, were, perpetrated, hacker, group, known, whose, tactics, techniques, procedure, overla. In 2015 and 2016 a series of cyberattacks using the SWIFT banking network were reported resulting in the successful theft of millions of dollars 1 2 The attacks were perpetrated by a hacker group known as APT 38 3 whose tactics techniques and procedure overlap with the infamous Lazarus Group who are believed to be behind the Sony attacks Experts agree that APT 38 was formed following the March 2013 sanctions and the first known operations connected to this group occurred in February 2014 If the attribution to North Korea is accurate it would be the first known incident of a state actor using cyberattacks to steal funds The attacks exploited vulnerabilities in the systems of member banks allowing the attackers to gain control of the banks legitimate SWIFT credentials The thieves then used those credentials to send SWIFT funds transfer requests to other banks which trusting the messages to be legitimate then sent the funds to accounts controlled by the attackers 1 Contents 1 First reports 2 Expanded scope and suspicions of North Korea 3 Ramifications 3 1 International relations 3 2 SWIFT system 4 See also 5 ReferencesFirst reports editThe first public reports of these attacks came from thefts from Bangladesh central bank and a bank in Vietnam A 101 million theft from the Bangladesh central bank via its account at the New York Federal Reserve Bank was traced to cyber criminals exploiting software vulnerabilities in SWIFT s Alliance Access software according to a New York Times report It was not the first such attempt the society acknowledged and the security of the transfer system was undergoing new examination accordingly 4 5 Soon after the reports of the theft from the Bangladesh central bank a second apparently related attack was reported to have occurred on a commercial bank in Vietnam 1 Both attacks involved malware written to both issue unauthorized SWIFT messages and to conceal that the messages had been sent After the malware sent the SWIFT messages that stole the funds it deleted the database record of the transfers then took further steps to prevent confirmation messages from revealing the theft In the Bangladeshi case the confirmation messages would have appeared on a paper report the malware altered the paper reports when they were sent to the printer In the second case the bank used a PDF report the malware altered the PDF viewer to hide the transfers 1 Furthermore news agency Reuters reported on 20 May 2016 that there had already been a similar case in Ecuador in early 2015 when Banco del Austro funds were transferred to bank accounts in Hong Kong Neither Banco del Austro nor Wells Fargo who were asked to conduct the transactions initially reported the movements to SWIFT as suspicious implications that the actions actually were a theft only emerged during a BDA lawsuit filed against Wells Fargo 2 Expanded scope and suspicions of North Korea editAfter the initial two reports two security firms reported that the attacks involved malware similar to that used in the 2014 Sony Pictures Entertainment hack and impacted as many at 12 banks in Southeast Asia 6 7 Both attacks are attributed to a hacker group nicknamed Lazarus Group by researchers Symantec has linked the group with North Korea 8 If North Korea s involvement is true it would be the first known incident of a state actor using cyberattacks to steal funds 9 10 Ramifications editInternational relations edit If the attack did originate in North Korea the thefts would have profound implications for international relations It would be the first known instance of a state actor using cyber attacks to steal funds 10 The thefts may also have implications for the regime of international sanctions that aim to isolate North Korea s economy The theft may represent a significant percentage of North Korea s current GDP 10 SWIFT system edit Trust in the SWIFT system has been an important element in international banking for decades Banks consider SWIFT messages trustworthy and can thus follow the transmitted instructions immediately In addition the thefts themselves can threaten the solvency of the member banks 6 This is a big deal and it gets to the heart of banking said SWIFT s CEO Gottfried Leibbrandt who added Banks that are compromised like this can be put out of business 6 Following the attacks SWIFT announced a new regime of mandatory controls required of all banks using the system 11 SWIFT will inspect member banks for compliance and inform regulators and other banks of noncompliance SWIFT officials have made repeated remarks that attacks on the system are expected to continue 5 11 In September 2016 SWIFT announced that three additional banks had been attacked In two of the cases the hackers succeeded in sending fraudulent SWIFT orders but the receiving banks found them to be suspicious and discovered the fraud According to SWIFT officials in the third case a patch to the SWIFT software allowed the attacked bank to detect the hackers before messages were sent 11 See also edit nbsp Banks portal Illicit activities of North KoreaReferences edit a b c d Corkery Michael May 12 2016 Once Again Thieves Enter Swift Financial Network and Steal New York Times Retrieved May 13 2016 a b Bergin Tom Layne Nathan May 20 2016 Special Report Cyber thieves exploit banks faith in SWIFT transfer network Reuters Retrieved May 24 2016 Fireye APT 38 Un Usual Suspects Fireeye com Retrieved 2019 02 25 Corkery Michael April 30 2016 Hackers 81 Million Sneak Attack on World Banking The New York Times Retrieved May 1 2016 a b Mullen Charles Riley and Jethro 2016 08 31 SWIFT says that more banks are being hacked CNNMoney Retrieved 2017 01 02 a b c Riley Michael Katz Alan May 26 2016 Swift Hack Probe Expands to Up to a Dozen Banks Beyond Bangladesh Bloomberg Retrieved May 28 2016 Bright Peter 2016 05 27 12 more banks now being investigated over Bangladeshi SWIFT heist Ars Technica Retrieved May 28 2016 Pagliery Jose Riley Charles May 27 2016 North Korea linked Lazarus hackers hit a fourth bank in Philippines CNN Money Retrieved May 29 2016 Shen Lucinda May 27 2016 North Korea Has Been Linked to the SWIFT Bank Hacks Fortune Retrieved May 28 2016 a b c Perlroth Nicole Corkery Michael May 26 2016 North Korea Linked to Digital Attacks on Global Banks New York Times Retrieved May 28 2016 a b c SWIFT Banking System Was Hacked at Least Three times This Summer Fortune September 26 2016 Retrieved 2017 01 02 Retrieved from https en wikipedia org w index php title 2015 2016 SWIFT banking hack amp oldid 1219153313, wikipedia, wiki, book, books, library,

article

, read, download, free, free download, mp3, video, mp4, 3gp, jpg, jpeg, gif, png, picture, music, song, movie, book, game, games.