Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Security

SWIFT Discloses More Cyber Thefts, Pressures Banks On Security (reuters.com) 30

Jim Finkle, reporting for Reuters:SWIFT, the global financial messaging system, on Tuesday disclosed new hacking attacks on its member banks as it pressured them to comply with security procedures instituted after February's high-profile $81 million heist at Bangladesh Bank. In a private letter to clients, SWIFT said that new cyber-theft attempts -- some of them successful -- have surfaced since June, when it last updated customers on a string of attacks discovered after the attack on the Bangladesh central bank. "Customers' environments have been compromised, and subsequent attempts (were) made to send fraudulent payment instructions," according to a copy of the letter reviewed by Reuters. "The threat is persistent, adaptive and sophisticated - and it is here to stay." The disclosure suggests that cyber thieves may have ramped up their efforts following the Bangladesh Bank heist, and that they specifically targeted banks with lax security procedures for SWIFT-enabled transfers. The Brussels-based firm, a member-owned cooperative, indicated in Tuesday's letter that some victims in the new attacks lost money, but did not say how much was taken or how many of the attempted hacks succeeded.
This discussion has been archived. No new comments can be posted.

SWIFT Discloses More Cyber Thefts, Pressures Banks On Security

Comments Filter:
  • by fyngyrz ( 762201 ) on Wednesday August 31, 2016 @01:26PM (#52803615) Homepage Journal

    Wait, the VICTIMS lost money? Because the BANK'S security was compromised???

    WTF do you keep your money in a bank for if they're not making certain it's safe???

    JFC, time to go back to buried coffee cans. It's not like you can earn interest worth a shit anymore in a bank account anyway.

    • Re:the... (Score:5, Informative)

      by guruevi ( 827432 ) <evi&evcircuits,com> on Wednesday August 31, 2016 @02:17PM (#52803895) Homepage

      The "victims" here would be the banks. Swift is a consortium of banks that facilitates international (or at least EU) bank-to-bank transfers. It's basically the routing number banks use for international transfers. From what I remember from using it, the transfer itself does not contain account numbers. If the swift network is what is compromised, the hackers could initiate fraudulent no-origin transfers.

      • by bn-7bc ( 909819 )
        SWIFT is global you are probably thinking of SEPA transfers (transfers within EU done in €)
    • Wait, the VICTIMS lost money? Because the BANK'S security was compromised???

      Read TFA again? Who is the "victim" here again? Swift's clients... Who are they? I am sure you are not Swift's client but may rather be Swift's client's client...

    • Wait, the VICTIMS lost money?

      That's the definition of "victim", isn't it?

      If they were unaffected, they're not victims.

    • There is a severe misconceptions showing in your post.
      As soon as the customer gives his money to the bank, it's not his money anymore.
      When the bank goes bankrupt the customer will be the last in line to receive 'his' money back.
      It's a loan you extend to the bank, you're not putting it there 'in storage'.
  • by Anonymous Coward

    The bank here is not taking responsibility for the funds in the accounts for which it is responsible for securing? If infrastructure was compromised and it was not a user-issue (meaning that the account holder didn't enable access via having had malware or similar) then the bank should take responsibility as a good business practice.

  • Looks like someone [twitter.com] has had enough with these banking breaches.

  • If banks wanted security the first thing that should be allowed is long or complex passwords. Yet many banks have severe restrictions on what characters can be used in passwords as well as insisting upon short passwords. So just why would financial institutions not have software that allowed characters as well as long passwords to be used? Imagine trying to crack }}}}}}}philandbillwentupthehill4444times.
  • by khz6955 ( 4502517 ) on Wednesday August 31, 2016 @09:59PM (#52806079)
    'The malware enumerates all processes, and if a process has the module liboradb.dll loaded in it, it will patch 2 bytes in its memory [blogspot.co.uk] at a specific offset. The patch will replace 2 bytes 0x75 and 0x04 with the bytes 0x90 and 0x90.'

news: gotcha

Working...