Bangladesh Bank hackers compromised SWIFT software, warning issued
By Jim Finkle
(Reuters) - The attackers who stole $81 million from the Bangladesh central bank probably hacked into software from the SWIFT financial platform that is at the heart of the global financial system, said security researchers at British defense contractor BAE Systems.
SWIFT, a cooperative owned by 3,000 financial institutions, confirmed to Reuters that it was aware of malware targeting its client software. Its spokeswoman Natasha Deteran said SWIFT on Monday released a software update to thwart the malware, along with a special warning for financial institutions to scrutinize their security procedures.
The developments coming to light the unprecedented cyber-heist suggest that a lynchpin of the global financial system could be more vulnerable than previously understood because of weaknesses that enabled attackers to modify a SWIFT software program installed on bank servers.
The new evidence suggests that hackers manipulated the Alliance Access server software, which banks use to interface with SWIFT's messaging platform, in a bid to cover up fraudulent transfers that had been previously ordered.
The findings from BAE and SWIFT do not explain how the fraudulent orders were created and pushed through the system. That remains a key mystery in ongoing probes into the heist.
Deteran told Reuters on Sunday that SWIFT was issuing the software update “to assist customers in enhancing their security and to spot inconsistencies in their local database records." She said "the malware has no impact on SWIFT’s network or core messaging services."
The software update and warning from Brussels-based SWIFT,or the Society for Worldwide Interbank Financial Telecommunication, come after researchers at BAE (BAES.L: Quote), which has a large cyber-security business, told Reuters they believe they discovered malware that the Bangladesh Bank attackers used to manipulate SWIFT client software known as Alliance Access.
BAE published its findings on Monday in a blog post on malware that it said thieves used to cover their tracks and delay discovery of the heist. Continued...