SWIFT Discloses More Cyber Thefts, Pressures Banks On Security (reuters.com) 30

Posted by msmash on Wednesday August 31, 2016 @12:20PM from the security-breach dept.

Jim Finkle, reporting for Reuters:SWIFT, the global financial messaging system, on Tuesday disclosed new hacking attacks on its member banks as it pressured them to comply with security procedures instituted after February's high-profile $81 million heist at Bangladesh Bank. In a private letter to clients, SWIFT said that new cyber-theft attempts -- some of them successful -- have surfaced since June, when it last updated customers on a string of attacks discovered after the attack on the Bangladesh central bank. "Customers' environments have been compromised, and subsequent attempts (were) made to send fraudulent payment instructions," according to a copy of the letter reviewed by Reuters. "The threat is persistent, adaptive and sophisticated - and it is here to stay." The disclosure suggests that cyber thieves may have ramped up their efforts following the Bangladesh Bank heist, and that they specifically targeted banks with lax security procedures for SWIFT-enabled transfers. The Brussels-based firm, a member-owned cooperative, indicated in Tuesday's letter that some victims in the new attacks lost money, but did not say how much was taken or how many of the attempted hacks succeeded.

SWIFT Discloses More Cyber Thefts, Pressures Banks On Security

This discussion has been archived. No new comments can be posted.

Load All Comments

Search 30 Comments Log In/Create an Account

Comments Filter:

the... (Score:3)

by fyngyrz ( 762201 ) writes: on Wednesday August 31, 2016 @12:26PM (#52803615) Homepage Journal

Wait, the VICTIMS lost money? Because the BANK'S security was compromised???
WTF do you keep your money in a bank for if they're not making certain it's safe???
JFC, time to go back to buried coffee cans. It's not like you can earn interest worth a shit anymore in a bank account anyway.

- - Re: (Score:3, Informative)
    
    by Anonymous Coward writes:
    
    As of 1 Oct. 2015, the liability for fraudulent use of an EMV enabled card in the U.S. falls to whichever of the merchant or the bank are the least EMV compliant, not the customer whose card was fraudulently used.
  - Re: (Score:2)
    
    by SuricouRaven ( 1897204 ) writes:
    
    C&P does have some exploitable vulnerabilities, certainly, but it's a lot better than magstripe. Any idiot with $20 worth of readily available commodity hardware can duplicate one of those in seconds. C&P fraud at least takes a level of organised crime and some equipment you have to know the right people to buy.
- Re:the... (Score:5, Informative)
  
  by guruevi ( 827432 ) writes: on Wednesday August 31, 2016 @01:17PM (#52803895)
  
  The "victims" here would be the banks. Swift is a consortium of banks that facilitates international (or at least EU) bank-to-bank transfers. It's basically the routing number banks use for international transfers. From what I remember from using it, the transfer itself does not contain account numbers. If the swift network is what is compromised, the hackers could initiate fraudulent no-origin transfers.
  
  - Re: (Score:1)
    
    by bn-7bc ( 909819 ) writes:
    
    SWIFT is global you are probably thinking of SEPA transfers (transfers within EU done in €)
- Re: (Score:2)
  
  by parkinglot777 ( 2563877 ) writes:
  
  Wait, the VICTIMS lost money? Because the BANK'S security was compromised???
  Read TFA again? Who is the "victim" here again? Swift's clients... Who are they? I am sure you are not Swift's client but may rather be Swift's client's client...
- victims [Re:the...] (Score:2)
  
  by XXongo ( 3986865 ) writes:
  
  Wait, the VICTIMS lost money?
  That's the definition of "victim", isn't it?
  If they were unaffected, they're not victims.
- Re: (Score:1)
  
  by slashrio ( 2584709 ) writes:
  
  There is a severe misconceptions showing in your post.
  As soon as the customer gives his money to the bank, it's not his money anymore.
  When the bank goes bankrupt the customer will be the last in line to receive 'his' money back.
  It's a loan you extend to the bank, you're not putting it there 'in storage'.
  - - Re: (Score:1)
      
      by slashrio ( 2584709 ) writes:
      
      That's not true. As a private person, since the Greece banking problems, the EU has adopted a new 'blue print' in which the customers will have to 'bail-in' the banks.
      In other words, they lose (part of) their money to the creditors of the bank.
      And you know what some prime minister once said about 'guarantees'? "Guarantees are for vacuum cleaners."
      Try for instance to imagine who is going to pay every 'customer' (=idiot who gave his money away) his 100.000 Euros when all banks have gone belly up... There i
- Re: (Score:3)
  
  by jellomizer ( 103300 ) writes:
  
  It is nice that you feel a cool and confidant as wherever you work hasn't been hacked yet.
  Security problem is across all sectors Government, Non-Profit, corporate...
  Why? Well IT Security is a relatively new problem. As we are hooking many systems together. However organizations are still not thinking in terms of IT Security. And also the Buzzword friendly "Agile/Nimble..." organization has no time for such security problems as Good IT people are Expensive, and this Security Work isn't directly affecting t
Let me get this straight... (Score:1)

by Anonymous Coward writes:

The bank here is not taking responsibility for the funds in the accounts for which it is responsible for securing? If infrastructure was compromised and it was not a user-issue (meaning that the account holder didn't enable access via having had malware or similar) then the bank should take responsibility as a good business practice.
She's getting brutal (Score:2)

by bluefoxlucid ( 723572 ) writes:

Looks like someone [twitter.com] has had enough with these banking breaches.
Banks Beg To Be Robbed (Score:2)

by Jim Sadler ( 3430529 ) writes:

If banks wanted security the first thing that should be allowed is long or complex passwords. Yet many banks have severe restrictions on what characters can be used in passwords as well as insisting upon short passwords. So just why would financial institutions not have software that allowed characters as well as long passwords to be used? Imagine trying to crack }}}}}}}philandbillwentupthehill4444times.
Two Bytes to $951M .. (Score:4, Interesting)

by khz6955 ( 4502517 ) writes: on Wednesday August 31, 2016 @08:59PM (#52806079)

'The malware enumerates all processes, and if a process has the module liboradb.dll loaded in it, it will patch 2 bytes in its memory [blogspot.co.uk] at a specific offset. The patch will replace 2 bytes 0x75 and 0x04 with the bytes 0x90 and 0x90.'

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

SWIFT Discloses More Cyber Thefts, Pressures Banks On Security (reuters.com) 30

SWIFT Discloses More Cyber Thefts, Pressures Banks On Security More Login

SWIFT Discloses More Cyber Thefts, Pressures Banks On Security

the... (Score:3)

Re: (Score:3, Informative)

Re: (Score:2)

Re:the... (Score:5, Informative)

Re: (Score:1)

Re: (Score:2)

victims [Re:the...] (Score:2)

Re: (Score:1)

Re: (Score:1)

Re: (Score:3)

Let me get this straight... (Score:1)

She's getting brutal (Score:2)

Banks Beg To Be Robbed (Score:2)

Two Bytes to $951M .. (Score:4, Interesting)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot