[LINK] SWIFT's security standards lack audit processes

Roger Clarke Roger.Clarke at xamax.com.au
Mon Mar 21 14:11:58 AEDT 2016 

[Even [some? many>] banks can't be relied upon to implement security effectively.

[The first part has been previously reported, but the second bit is what's interesting.]


Bangladesh asks FBI for help investigating central bank heist
SWIFT warns banks to follow security best practice.
21 March 2016
itNews, but reprinted from somewhere without attribution
http://www.itnews.com.au/news/bangladesh-asks-fbi-for-help-investigating-central-bank-heist-417210

Bangladesh has formally sought assistance from the US FBI to track down the cyber crooks who stole US$81 million (A$107 million) from its central bank's US account.

Unknown hackers breached the computer systems of Bangladesh Bank in early February and attempted to steal US$951 million from its account at the Federal Reserve Bank of New York, which it uses for international settlements.

Some attempted transfers were blocked, but US$81 million was transferred to accounts in the Philippines in one of the largest cyber heists in history.

The central bank governor resigned last week as details emerged in the Philippines that US$30 million of the money was delivered in cash to a casino junket operator in Manila, while the rest went to two casinos.

"We sought the FBI's assistance when a group of FBI met with me for investigating the central bank heist last month," Bangladesh Interior Minister Asaduzzaman Khan said.

An US embassy official in Dhaka said Washington stood ready to assist the government of Bangladesh in its investigation.

A senior police official involved in the investigation said an FBI team was expected to visit the Criminal Investigation Department (CID) of police in Dhaka on Sunday. The CID was also coordinating with Interpol to track down the perpetrators.

"We are trying to find out what type of security there was, what safety measures were taken, and how the thieves penetrated the firewall," he said.

SWIFT steps in

The SWIFT messaging system group plans to ask banks to make sure they are following recommended security practices following the attack.

Brussels-based SWIFT, a cooperative owned by some 3000 global financial institutions, will issue a written advisory today asking banks to review internal security.

SWIFT staff will also begin calling banks to highlight the importance of reviewing security measures after the attack in Bangladesh.

"Our priority at this time is to encourage customers to review and, where necessary, to reinforce their local operating environments," a spokeswoman said.
SWIFT has so far said little about the attack, except that it was related to "an internal operational issue" at Bangladesh Bank and that there was no compromise in its core messaging system.

SWIFT has prepared a summary of previously issued recommendations for implementing security measures to thwart hackers, which advises members to pay close attention to best practices.

While SWIFT can advise members to follow certain minimum security standards, there is no organisation with regulatory oversight of how central banks and other financial institutions secure their networks, according to independent security consultant Shane Shook.

That means security is not uniform among central banks, making some more vulnerable to cyber attacks, said Shook, who has helped investigate some of the biggest financial breaches.

A confidential interim report on the investigation, which forensics experts submitted to the bank last week, said attackers took control of the bank's network, stole credentials for sending SWIFT messages and used "sophisticated" malicious software to attack the computers it uses to process and authorise transactions.

Investigators said they expect to continue their investigation for another two weeks and believe the attackers have targeted other financial institutions.

The report was prepared by FireEye and World Informatix, which were hired by Bangladesh's central bank to investigate the massive theft.

The investigators did not identify other victims or name the hackers, but said forensic evidence suggested they were also behind other recent cyber attacks on financial institutions.

"FireEye has observed these same suspected FIN threat actors within other customer networks in the financial industry, where these threat actors appear to be financially motivated, and well organised," according to an interim report sent to the bank last week.

Representatives of Bangladesh Bank and FireEye declined to comment on the confidential report and their probe into the Feb. 4 heist.

World Informatix CEO Rakesh Asthana said he could not discuss the investigation, but that he expected Bangladesh Bank to issue a statement today.


-- 
Roger Clarke                                 http://www.rogerclarke.com/
			            
Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 6916                        http://about.me/roger.clarke
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in the Faculty of Law            University of N.S.W.
Visiting Professor in Computer Science    Australian National University

More information about the Link mailing list