logo
logo
logo
logo
Daniel Martin 2016-08-31

Criminals have hacked an unspecified number of new banks, using the SWIFT messaging system already implicated in one of the most lucrative breaches in history.

Reuters reports SWIFT has sent notices to banks around the world warning of breaches and asking the financial institutions to lift their security game.

Hackers of unknown origin stole some US$81 million from Bangladesh Bank and nearly scored almost US$1 billion save for the presence of a typo which raised suspicion, preventing two transactions of US$850 million and US$870 million.

The attack was well timed, with warning messages from SWIFT regarding the large monetary transfers being not noticed during a long weekend, and then buried among a pile of low-priority messages.

Researchers at BAE analysed the malware used in the attacks and found it was injected into the bank's SWIFT terminal via a vulnerable switch and from there altered transfer reports and printed reports to cover thier tracks.

The flaws were the fault of Bangladesh Bank and its second-hand networking gear, according to SWIFT, and not the latter's infrastructure.

collect
0
Matt Ouellette 2016-08-18
img

Because the hackers gonna hack, hack, hack

You'd think, with the amount of money the SWIFT inter-bank payment system transfers every day, that the group would be strong on security.

Not so, says a former head of the organization.

The SWIFT organization has been trying to up its security game after a string of high-profile hacking attacks that siphoned off millions from the system.

But Leonard Schrank, CEO of SWIFT from 1992 to 2007, admitted that the organization has been snoozing on security for too long.

"The board took their eye off the ball," Schrank told Reuters.

collect
0
Jason Kowalski 2017-04-13
img

We're told the fresh defenses will make it easier for banks to track movements of money.

The payment controls are part of SWIFT's Customer Security Programme, a set of mandatory IT and physical security protections that member banks must put in place in order to use SWIFT.

SWIFT hopes the beefed-up security will help banks scan transfers between accounts and more easily spot fraudulent activity.

In particular, SWIFT says, the new service will be pitched for smaller banks and credit unions that have yet to employ sophisticated fraud detection tools.

"The new payment controls service is a direct response to our community's request for additional services to complement and strengthen existing fraud controls," said chairman Yawar Shah.

Used by banks around the world, the SWIFT system allows banks to handle data transfers for money transactions.

collect
0
Christopher Driskell 2017-11-30
img

Hackers are using increasingly sophisticated tools and techniques for attacks against banks, SWIFT warns

The banking industry has been warned of the evolving threat of online criminals and hackers.

The warning from SWIFT, the international bank transfer system, came after online thieves came close to stealing nearly a billion dollars from the account belonging to the Central Bank of Bangladesh in early 2016.

In the end, the thieves only managed to steal $81 million (£63m) by initiating fraudulent SWIFT transfer messages from within the bank’s own systems.

Following that attack, SWIFT (Society for Worldwide Interbank Financial Telecommunication) joined forces with BAE Systems in July 2016 to bolster its cyber security expertise.

And now in a new report co-written with BAE Systems’s cyber security division, it shed light on some new techniques being used by the hackers.

collect
0
Janet Gaines 2016-07-11

MoreThe Swift bank logo is pictured in this photo illustration taken April 26, 2016.

To match Exclusive CYBER-HEIST/BANGLADESH REUTERS/Carlo Allegri/File Photo

LONDON Reuters - SWIFT, a messaging system used by banks across the world, announced further steps on Monday to bolster its defenses against hackers, after criminals sent fraudulent payment instructions across its network.

The Society for Worldwide Interbank Financial Telecommunication said it has hired two outside cyber security firms, BAE Systems and Fox-IT2, to reinforce in-house expertise, and has set up a team to share cyber defense "best practice" among its customers.

In February, thieves hacked into the Bangladesh central bank's interface with SWIFT's network, which is a pipeline for transferring funds and the backbone of international finance.

They sent payment instructions to the Federal Reserve Bank of New York, telling it to transfer $951 million from Bank Bangladesh's account to accounts in the Philippines.

collect
0
Harold Roscoe 2018-02-16
img

Criminals made off with a tidy sum of money after a fraudulent wire-transfer request on SWIFT

The banking industry has been targetted again, after a report from the Russian central bank revealed a successful attack on the SWIFT international payments messaging system.

The unknown hackers are said to have stolen 339.5 million rubles (£4.2 million) last year in a fraudulent wire-transfer request.

It comes after SWIFT warned the banking industry again last November of the evolving threat of online criminals and hackers.

The disclosure of the successful attack was buried at the bottom of a central bank report on digital thefts at Russian banks, Reuters reported.

The central bank reportedly said in its report that it had been sent information about “one successful attack on the work place of a SWIFT system operator.”

collect
0
Daniel Murdock 2016-05-23
img

What we are seeing from the smaller international or more regional type of banks is a situation where they don t know what to do to secure their systems against these threats, Douglas Gourlay, CEO of application-security firm Skyport Systems, told eWEEK.

The tool was custom-made for this job, and shows a significant level of knowledge of SWIFT Alliance Access software as well as good malware coding skills, BAE Systems researcher Sergei Shevchenko stated in his report on the analysis.

The theft has led to a great deal of finger-pointing, while at the same time bringing together the Bangladesh central bank, the Federal Reserve Bank of New York and the SWIFT Alliance in a joint investigation.

The SWIFT Alliance refuted the arguments, stressing that none of the issues were caused by its systems, but by the insecurity of the Bangladesh Bank s infrastructure.

Finally, financial institutions should focus on securing their logging services, as attackers will naturally attempt to corrupt or erase the logs to hide their tracks.

Summing up the issues, SEC Chair Mary Jo White told attendees at the Reuters Financial Regulation Summit in Washington, D.C., that cyber-security has become the biggest problem facing the world s financial system.

collect
0
Melvin Bailey 2017-04-13
img

Security upgrades continue at SWIFT as it seeks to assist the banking sector to identify suspicious payments

SWIFT, the Society for Worldwide Interbank Financial Telecommunication, is continuing its efforts to tighten security within the banking community with the introduction of a newtool to spot fraudulent messages that could result in suspicious payments.

It comes after a torrid year in 2016 for Brussels-based SWIFT, and in December it previously disclosed attacks on three banks via the network but said none had been successful.

SWIFT of course was thrust into the security limelight in February 2016, when hackers stole $81 million (£64m) from Bangladesh’s central bank by initiating fraudulent SWIFT transfers from within the bank’s own systems.

SWIFT always insisted the attacks didn’t involve any compromise of the network itself, and said that the attackers had obtained valid credentials from financial institutions and used those to impersonate authorised individuals.

That attack was thought to be one of the largest bank robberies in history, and prompted the Bank of England to order British banks to carry out a security review of systems connected to SWIFT.

collect
0
Calvin Muchow 2016-05-24
img

Gottfried Leibbrandt gave a keynote on Tuesday at a financial services conference in Brussels and promised the organization would work harder to ensure that incidents like last month's theft of $81m from Bangladesh's central bank were not possible in future.

Hackers had managed to gain access to Bangladesh Bank's central keys and use them through the SWIFT international money system to divert funds.

Leibbrandt outlined those parts as:

Drastically improve information sharing among the global financial community.

Or, in other words, do what the organization should have done as part of its job several years ago.

If he imagines that the kind of people that are breaking into a central bank, grabbing authorization keys, using SWIFT networks against it even to the extent of adjusting printed reports to hide fraudulent transfers, and then moving the money to accounts that can't be got at are "men in hoodies," he continues to massively underestimate the modern cybercriminal.

As the saying goes: 'a crisis is a terrible thing to waste'; so let's use this crisis as an industry to come out stronger, better and even more secure."

collect
0
Jerry Miller 2018-08-08

If you’re totally stumped on a page of Where’s Waldo and ready to file a missing persons report, you’re in luck.

Now there’s a robot called There’s Waldo that’ll find him for you, complete with a silicone hand that points him out.

Built by creative agency Redpepper, There’s Waldo zeroes in and finds Waldo with a sniper-like accuracy.

The metal robotic arm is a Raspberry Pi-controlled uArm Swift Pro which is equipped with a Vision Camera Kit that allows for facial recognition.

The camera takes a photo of the page, which then uses OpenCV to find the possible Waldo faces in the photo.

The faces are then sent to be analyzed by Google’s AutoML Vision service, which has been trained on photos of Waldo.

collect
0
Blaine Pilgrim 2016-05-31
img

International payments clearing-house SWIFT wants extra hands to keep its stable doors closed.

In a job ad that inexplicably fails to mention the hundreds of millions of dollars missing, in a variety of currencies because of astonishingly-lax security, it seeks an information security trainee.

As previously documented, SWIFT's slackery aided and abetted a US$81 million heist from the Bangladesh central bank, another $12 million from Ecuador's Banco del Austro, and attacks in the Philippines and Vietnam.

SWIFT's response has been criticised for, among other things, only offering a guarantee that the network would expand its use of two-factor authentication, rather than demanding it of all banks.

The infosec specialist SWIFT is currently seeking in the US will be in an entry-level role: a bachelor of computer science with more than no experience at all, with work experience in PHP, Perl or Python; MySQL and Unix knowledge.

Knowledge of intrusion detection and vulnerability assessment capabilities is an asset , the job ad says.

collect
0
Lawrence Bowman 2016-08-31
img

In a private letter to clients, SWIFT was quoted by Reuters as saying that new cyber-theft attempts some successful have surfaced since June.

Customers environments have been compromised, and subsequent attempts were made to send fraudulent payment instructions, according to a copy of the letter reviewed by Reuters.

The global financial messaging system has reportedly warned its member banks of ongoing hacking attacks in recent months and told partners it expects them to deliver an operational baseline of appropriate security measures.

SWIFT joined forces with BAE Systems in July to bolster its cyber security expertise.

But it seems at though SWIFT has detected a spike in attacks against the network since the online thieves came close to stealing nearly a billion dollars from the account belonging to the Central Bank of Bangladesh earlier this year.

Those attackers managed to exploit weak local security procedures to pocket at least $81 million £57m from its account located at the Federal Reserve Bank of New York.

collect
0
Rafael Beltrami 2016-09-20
img

But the reports will arrive up to a day after the payments were made, leaving criminals with a window of opportunity

SWIFT is using its knowledge base to track information about security breaches in its customers' operating environments.

Swift is introducing a new reporting system to help banks identify fraudulent payments made over its financial transfer network -- but the reports will arrive up to a day too late to stop them.

Over the last year, cybercriminals have hacked systems at a number of banks, using their credentials to issue fraudulent payment instructions over the Swift network.

Swift's network wasn't comprimised, but because genuine credentials were used on authorized bank terminals, no alarms were raised until some time after the transfers were made, leaving victims struggling to recover their funds from the destination accounts.

From December, Swift will send banks a Daily Validation Report, summarizing activity across currencies, countries and counterparts destination banks , and also highlighting large or unusual payments and new combinations of payment parties.

collect
0
Mark Moore 2017-10-13

Hackers continue to target the SWIFT bank messaging system, though security controls instituted after last year's $81 million heist at Bangladesh's central bank have helped thwart many of those attempts, a senior SWIFT official told Reuters.

From the report: "Attempts continue," said Stephen Gilderdale, head of SWIFT's Customer Security Programme, in a phone interview.

"That is what we expected.

We didn't expect the adversaries to suddenly disappear."

SWIFT spokeswoman Natasha de Teran told Reuters that the attackers had attempted to hack into computers that banks use to access the organization's proprietary network, then create fraudulent messages to send over the SWIFT system.

"We have no indication that our network and core messaging services have been compromised," she said.

collect
0
David Gilmore 2017-04-14
img

A shadowy hacking group, which says it stole files from the U.S. National Security Agency, released documents and hacking tools that allegedly describe a U.S. effort to compromise users of the major international money-transfer system.

The documents, released Friday by a group that calls itself Shadow Brokers, includes PowerPoint slides and other documents that describe an alleged effort by the NSA to target two “service bureaus” connected to the Society for Worldwide Interbank Financial Telecommunication, or Swift.

collect
0
Terry Fulmer 2018-08-29

Acer is introducing a new version of its Swift 7 laptop at IFA in Berlin today.

While Acer launched a new Swift 7 earlier this year at CES, this latest model is less than 10mm thick and includes an edge-to-edge display.

The display is now 92 percent screen-to-body ratio, and overall the laptop weighs less than 2.2 pounds.

Acer is shipping this new Swift 7 with an 8th generation Intel Core i7 processor, but the company has not yet revealed other specifications, pricing, or a release date.

We’ve reached out to Acer for full details, and we’ll update you accordingly.

collect
0
Daniel Martin 2016-08-31

Criminals have hacked an unspecified number of new banks, using the SWIFT messaging system already implicated in one of the most lucrative breaches in history.

Reuters reports SWIFT has sent notices to banks around the world warning of breaches and asking the financial institutions to lift their security game.

Hackers of unknown origin stole some US$81 million from Bangladesh Bank and nearly scored almost US$1 billion save for the presence of a typo which raised suspicion, preventing two transactions of US$850 million and US$870 million.

The attack was well timed, with warning messages from SWIFT regarding the large monetary transfers being not noticed during a long weekend, and then buried among a pile of low-priority messages.

Researchers at BAE analysed the malware used in the attacks and found it was injected into the bank's SWIFT terminal via a vulnerable switch and from there altered transfer reports and printed reports to cover thier tracks.

The flaws were the fault of Bangladesh Bank and its second-hand networking gear, according to SWIFT, and not the latter's infrastructure.

Jason Kowalski 2017-04-13
img

We're told the fresh defenses will make it easier for banks to track movements of money.

The payment controls are part of SWIFT's Customer Security Programme, a set of mandatory IT and physical security protections that member banks must put in place in order to use SWIFT.

SWIFT hopes the beefed-up security will help banks scan transfers between accounts and more easily spot fraudulent activity.

In particular, SWIFT says, the new service will be pitched for smaller banks and credit unions that have yet to employ sophisticated fraud detection tools.

"The new payment controls service is a direct response to our community's request for additional services to complement and strengthen existing fraud controls," said chairman Yawar Shah.

Used by banks around the world, the SWIFT system allows banks to handle data transfers for money transactions.

Janet Gaines 2016-07-11

MoreThe Swift bank logo is pictured in this photo illustration taken April 26, 2016.

To match Exclusive CYBER-HEIST/BANGLADESH REUTERS/Carlo Allegri/File Photo

LONDON Reuters - SWIFT, a messaging system used by banks across the world, announced further steps on Monday to bolster its defenses against hackers, after criminals sent fraudulent payment instructions across its network.

The Society for Worldwide Interbank Financial Telecommunication said it has hired two outside cyber security firms, BAE Systems and Fox-IT2, to reinforce in-house expertise, and has set up a team to share cyber defense "best practice" among its customers.

In February, thieves hacked into the Bangladesh central bank's interface with SWIFT's network, which is a pipeline for transferring funds and the backbone of international finance.

They sent payment instructions to the Federal Reserve Bank of New York, telling it to transfer $951 million from Bank Bangladesh's account to accounts in the Philippines.

Daniel Murdock 2016-05-23
img

What we are seeing from the smaller international or more regional type of banks is a situation where they don t know what to do to secure their systems against these threats, Douglas Gourlay, CEO of application-security firm Skyport Systems, told eWEEK.

The tool was custom-made for this job, and shows a significant level of knowledge of SWIFT Alliance Access software as well as good malware coding skills, BAE Systems researcher Sergei Shevchenko stated in his report on the analysis.

The theft has led to a great deal of finger-pointing, while at the same time bringing together the Bangladesh central bank, the Federal Reserve Bank of New York and the SWIFT Alliance in a joint investigation.

The SWIFT Alliance refuted the arguments, stressing that none of the issues were caused by its systems, but by the insecurity of the Bangladesh Bank s infrastructure.

Finally, financial institutions should focus on securing their logging services, as attackers will naturally attempt to corrupt or erase the logs to hide their tracks.

Summing up the issues, SEC Chair Mary Jo White told attendees at the Reuters Financial Regulation Summit in Washington, D.C., that cyber-security has become the biggest problem facing the world s financial system.

Calvin Muchow 2016-05-24
img

Gottfried Leibbrandt gave a keynote on Tuesday at a financial services conference in Brussels and promised the organization would work harder to ensure that incidents like last month's theft of $81m from Bangladesh's central bank were not possible in future.

Hackers had managed to gain access to Bangladesh Bank's central keys and use them through the SWIFT international money system to divert funds.

Leibbrandt outlined those parts as:

Drastically improve information sharing among the global financial community.

Or, in other words, do what the organization should have done as part of its job several years ago.

If he imagines that the kind of people that are breaking into a central bank, grabbing authorization keys, using SWIFT networks against it even to the extent of adjusting printed reports to hide fraudulent transfers, and then moving the money to accounts that can't be got at are "men in hoodies," he continues to massively underestimate the modern cybercriminal.

As the saying goes: 'a crisis is a terrible thing to waste'; so let's use this crisis as an industry to come out stronger, better and even more secure."

Blaine Pilgrim 2016-05-31
img

International payments clearing-house SWIFT wants extra hands to keep its stable doors closed.

In a job ad that inexplicably fails to mention the hundreds of millions of dollars missing, in a variety of currencies because of astonishingly-lax security, it seeks an information security trainee.

As previously documented, SWIFT's slackery aided and abetted a US$81 million heist from the Bangladesh central bank, another $12 million from Ecuador's Banco del Austro, and attacks in the Philippines and Vietnam.

SWIFT's response has been criticised for, among other things, only offering a guarantee that the network would expand its use of two-factor authentication, rather than demanding it of all banks.

The infosec specialist SWIFT is currently seeking in the US will be in an entry-level role: a bachelor of computer science with more than no experience at all, with work experience in PHP, Perl or Python; MySQL and Unix knowledge.

Knowledge of intrusion detection and vulnerability assessment capabilities is an asset , the job ad says.

Rafael Beltrami 2016-09-20
img

But the reports will arrive up to a day after the payments were made, leaving criminals with a window of opportunity

SWIFT is using its knowledge base to track information about security breaches in its customers' operating environments.

Swift is introducing a new reporting system to help banks identify fraudulent payments made over its financial transfer network -- but the reports will arrive up to a day too late to stop them.

Over the last year, cybercriminals have hacked systems at a number of banks, using their credentials to issue fraudulent payment instructions over the Swift network.

Swift's network wasn't comprimised, but because genuine credentials were used on authorized bank terminals, no alarms were raised until some time after the transfers were made, leaving victims struggling to recover their funds from the destination accounts.

From December, Swift will send banks a Daily Validation Report, summarizing activity across currencies, countries and counterparts destination banks , and also highlighting large or unusual payments and new combinations of payment parties.

David Gilmore 2017-04-14
img

A shadowy hacking group, which says it stole files from the U.S. National Security Agency, released documents and hacking tools that allegedly describe a U.S. effort to compromise users of the major international money-transfer system.

The documents, released Friday by a group that calls itself Shadow Brokers, includes PowerPoint slides and other documents that describe an alleged effort by the NSA to target two “service bureaus” connected to the Society for Worldwide Interbank Financial Telecommunication, or Swift.

Matt Ouellette 2016-08-18
img

Because the hackers gonna hack, hack, hack

You'd think, with the amount of money the SWIFT inter-bank payment system transfers every day, that the group would be strong on security.

Not so, says a former head of the organization.

The SWIFT organization has been trying to up its security game after a string of high-profile hacking attacks that siphoned off millions from the system.

But Leonard Schrank, CEO of SWIFT from 1992 to 2007, admitted that the organization has been snoozing on security for too long.

"The board took their eye off the ball," Schrank told Reuters.

Christopher Driskell 2017-11-30
img

Hackers are using increasingly sophisticated tools and techniques for attacks against banks, SWIFT warns

The banking industry has been warned of the evolving threat of online criminals and hackers.

The warning from SWIFT, the international bank transfer system, came after online thieves came close to stealing nearly a billion dollars from the account belonging to the Central Bank of Bangladesh in early 2016.

In the end, the thieves only managed to steal $81 million (£63m) by initiating fraudulent SWIFT transfer messages from within the bank’s own systems.

Following that attack, SWIFT (Society for Worldwide Interbank Financial Telecommunication) joined forces with BAE Systems in July 2016 to bolster its cyber security expertise.

And now in a new report co-written with BAE Systems’s cyber security division, it shed light on some new techniques being used by the hackers.

Harold Roscoe 2018-02-16
img

Criminals made off with a tidy sum of money after a fraudulent wire-transfer request on SWIFT

The banking industry has been targetted again, after a report from the Russian central bank revealed a successful attack on the SWIFT international payments messaging system.

The unknown hackers are said to have stolen 339.5 million rubles (£4.2 million) last year in a fraudulent wire-transfer request.

It comes after SWIFT warned the banking industry again last November of the evolving threat of online criminals and hackers.

The disclosure of the successful attack was buried at the bottom of a central bank report on digital thefts at Russian banks, Reuters reported.

The central bank reportedly said in its report that it had been sent information about “one successful attack on the work place of a SWIFT system operator.”

Melvin Bailey 2017-04-13
img

Security upgrades continue at SWIFT as it seeks to assist the banking sector to identify suspicious payments

SWIFT, the Society for Worldwide Interbank Financial Telecommunication, is continuing its efforts to tighten security within the banking community with the introduction of a newtool to spot fraudulent messages that could result in suspicious payments.

It comes after a torrid year in 2016 for Brussels-based SWIFT, and in December it previously disclosed attacks on three banks via the network but said none had been successful.

SWIFT of course was thrust into the security limelight in February 2016, when hackers stole $81 million (£64m) from Bangladesh’s central bank by initiating fraudulent SWIFT transfers from within the bank’s own systems.

SWIFT always insisted the attacks didn’t involve any compromise of the network itself, and said that the attackers had obtained valid credentials from financial institutions and used those to impersonate authorised individuals.

That attack was thought to be one of the largest bank robberies in history, and prompted the Bank of England to order British banks to carry out a security review of systems connected to SWIFT.

Jerry Miller 2018-08-08

If you’re totally stumped on a page of Where’s Waldo and ready to file a missing persons report, you’re in luck.

Now there’s a robot called There’s Waldo that’ll find him for you, complete with a silicone hand that points him out.

Built by creative agency Redpepper, There’s Waldo zeroes in and finds Waldo with a sniper-like accuracy.

The metal robotic arm is a Raspberry Pi-controlled uArm Swift Pro which is equipped with a Vision Camera Kit that allows for facial recognition.

The camera takes a photo of the page, which then uses OpenCV to find the possible Waldo faces in the photo.

The faces are then sent to be analyzed by Google’s AutoML Vision service, which has been trained on photos of Waldo.

Lawrence Bowman 2016-08-31
img

In a private letter to clients, SWIFT was quoted by Reuters as saying that new cyber-theft attempts some successful have surfaced since June.

Customers environments have been compromised, and subsequent attempts were made to send fraudulent payment instructions, according to a copy of the letter reviewed by Reuters.

The global financial messaging system has reportedly warned its member banks of ongoing hacking attacks in recent months and told partners it expects them to deliver an operational baseline of appropriate security measures.

SWIFT joined forces with BAE Systems in July to bolster its cyber security expertise.

But it seems at though SWIFT has detected a spike in attacks against the network since the online thieves came close to stealing nearly a billion dollars from the account belonging to the Central Bank of Bangladesh earlier this year.

Those attackers managed to exploit weak local security procedures to pocket at least $81 million £57m from its account located at the Federal Reserve Bank of New York.

Mark Moore 2017-10-13

Hackers continue to target the SWIFT bank messaging system, though security controls instituted after last year's $81 million heist at Bangladesh's central bank have helped thwart many of those attempts, a senior SWIFT official told Reuters.

From the report: "Attempts continue," said Stephen Gilderdale, head of SWIFT's Customer Security Programme, in a phone interview.

"That is what we expected.

We didn't expect the adversaries to suddenly disappear."

SWIFT spokeswoman Natasha de Teran told Reuters that the attackers had attempted to hack into computers that banks use to access the organization's proprietary network, then create fraudulent messages to send over the SWIFT system.

"We have no indication that our network and core messaging services have been compromised," she said.

Terry Fulmer 2018-08-29

Acer is introducing a new version of its Swift 7 laptop at IFA in Berlin today.

While Acer launched a new Swift 7 earlier this year at CES, this latest model is less than 10mm thick and includes an edge-to-edge display.

The display is now 92 percent screen-to-body ratio, and overall the laptop weighs less than 2.2 pounds.

Acer is shipping this new Swift 7 with an 8th generation Intel Core i7 processor, but the company has not yet revealed other specifications, pricing, or a release date.

We’ve reached out to Acer for full details, and we’ll update you accordingly.