World Economy

SWIFT Hack Probe Expands

SWIFT Hack Probe ExpandsSWIFT Hack Probe Expands

Investigators are examining possible computer breaches at as many as 12 banks linked to SWIFT’s global payments network that have irregularities similar to those in the theft of $81 million from the Bangladesh central bank, according to a person familiar with the probe.

FireEye, the security firm hired by the Bangladesh bank, has been contacted by the other banks, most of which are in Southeast Asia, because of signs that hackers may have breached their networks, the person said. They include banks in the Philippines and New Zealand but not in Western Europe or the United States. There is no indication of whether money was taken, Bloomberg reported.

The expansion of the investigation four months after the discovery of the Bangladesh attack, the biggest known cyber-heist in history, suggests a broad and serious campaign to breach the international financial system.

FireEye declined to comment on the report.

“The emergence of new possible instances of compromise is not entirely surprising given that banks should now be undertaking rigorous reviews of their environments,” SWIFT said in a written statement. “Many may turn out to be false positives and or have nothing to do with SWIFT messages, but it is a key that these reviews take place and banks’ environments are secured.”

  More Breaches

The Brussels-based interbank cooperative, whose full name is the Society for Worldwide Interbank Financial Telecommunication, has warned that there may have been more breaches than the three already publicly identified, including those in Vietnam and Ecuador.

SWIFT has come under increasing pressure from its bank customers to ratchet up its security measures in order to prevent future cyber robberies.

Symantec, the Mountain View-based security company, said Thursday that it had independent evidence that a Philippine bank was attacked by the same group of hackers involved in the Bangladesh breach. The company said it reached that conclusion after examining hacking tools used in the two attacks.

Similar to research released this month by defense contractor BAE Systems, Symantec said in its blog post that the tools suggest a link between those attacks and the breach of Sony Pictures’ network in 2014, which US officials blame on North Korea.

  Big Deal

Hackers may have targeted even more banks, SWIFT’s CEO, Gottfried Leibbrandt, said this week in a speech outlining plans to improve network and client defenses. He didn’t provide any details about which banks may have been targeted or whether their defenses had been breached.

“This is a big deal, and it gets to the heart of banking,” he said in the speech, adding: “Banks that are compromised like this can be put out of business.”

In the Bangladesh case, the Federal Reserve Bank of New York was tricked by fake SWIFT messages into wiring money it held for the impoverished country to hacker-controlled accounts in the Philippines. The Fed’s systems halted an additional $850 million the attackers tried to have transferred.

Hackers also stole $12 million from an Ecuadorean bank in January 2015, according to a lawsuit by Banco del Austro against Wells Fargo, its US correspondent bank. They also tried to move about $1.2 million in an attack late last year on a Vietnamese lender that was foiled, the lender told its regulators.

Banks in the UK and the US are now pushing for discussions with SWIFT about how it should help member banks better secure their systems, according to people familiar with the separate talks.