Global Institutions May Be Susceptible To Hackers, SWIFT Remains Vulnerable

Tyler Durden's picture

The world of central banking relies on transferring vast amounts of information along controlled and secure messaging lines, around 2 million per day between roughly 7,000 institutions. The system of connections to and from central banks in Asia, Russia, China, Africa, and the Americas is known as SWIFT (The Society for Worldwide Interbank Financial Telecommunication). SWIFT provides a means for sending messages between the parties that have access to it. Each party is responsible for providing security measures before accessing the SWIFT network.

On March 7, 2016 Reuters reported the central bank for Bangladesh stated it discovered unauthorized withdrawals from its account at the Federal Reserve Bank of New York (FRBNY).  The amount of the unauthorized transfer has been reported to be USD $951 million.  The World Bank database shows Bangladesh holds just shy of USD $28 billion in foreign exchange reserves on its books, an amount that has tripled since 2011.

Around the middle of April reports appeared which  stated that roughly USD $81 million remained uncovered. It still remains uncovered as of this writing.  What also remains uncovered is the truth of what happened. We have yet to learn if someone hacked into the SWIFT system from outside the Bangladesh central bank headquarters or if the unauthorized transaction was executed as an "inside job". Sources speaking with Zero Hedge control cyber security operations for international companies have said it would appear the complexity of the steps necessary to execute a transaction across the SWIFT system would  require knowledge from someone who regularly interacts with the SWIFT system.

What's more, the SWIFT hack was not even the main objective of the group, they merely stumbled upon an entry point while monitoring the system for message flows.  Security in the cyber world is fragile, as evidenced by the uniqueness of the SWIFT system and the fact that entry to  the system was not the main purpose of the hackers.

Symantec said in a blog post that the SWIFT attack shared code and tools similar to those used to attack SONY's systems in  2014. When systems are compromised, entire rebuilds are necessary to ensure a vacuum-type environment going forward.  As the US Dept. of Homeland Security Chief said at a Council on Foreign Relations Q&A, we're paraphrasing, "we assume every system is compromised and we focus primarily on the offensive". What he likely means is that the best defense is a good offense, take out the other guys' system before he gets into yours.  This view could be damaging to FireEye should this topic find itself on the mainstream stage.

FireEye bills its product as one that can be installed on an existing system and secure that system, meaning that beyond a doubt the FireEye product is  able to clean and sanitize a system that was once open to be compromised, a defensive system. One may be well suited to  ponder: at what point is a system too complex for FireEye's product to just be installed and trusted? Mandiant, the InfoSec  arm of FireEye has been hired to investigate the Bangladesh hack and it will be interesting to see if the company pushes to  clean the current SWIFT system or agrees to go along with a completely new platform.

The SWIFT rebuild will likely require the insights of an outlet such as Hyper Ledger, run by longtime Zero Hedge CDS and commodity trading icorn, Blythe Masters.  Hyper Ledger works with a consortium of organizations and corporations tasked with developing systems to offer protection for messages sent between  the worlds central banks, which will be based on blockchain technology.  A rebuild is still likely 2 years away according to well placed Zero Hedge sources, which opens new concerns about the current integrity of the SWIFT platform and what problems may be lurking within it that we have yet to discover.  

One thing is certain: with "big bank" support behind both blockchain and Masters' startup, it is only a matter of time before SWIFT is phased out, most likely in some major "scandal" that discredits the way US Dollars have been transferred around the globe for decades.

The question that remains unanswered currently is:  Who still has access to the central banking SWIFT system and is capable, right now, of monitoring message flow between institutions?  Something to keep in mind as the EU experiment unravels.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Cognitive Dissonance's picture

The SWIFT rebuild will likely require the insights of an outlet such as Hyper Ledger, run by longtime Zero Hedge CDS and commodity trading icorn, Blythe Masters.

You just can't keep a bad penny contained. Or in this case an icorn.  :-)

Lonesome Crow's picture

Did Germany ever get its money back from the NY Fed?

 

I forget, was it sent by plane, ship, or submarine.

 

No other method across an ocean to deliver money.

CheapBastard's picture

I thought Hackers Anon was going to take down or re-educate some MSM for their lies.

 

What happened? Did I miss it?

Troy Ounce's picture

 

 

Quick, regulate the Internet. Abolish cash! Confiscate gold!

Socialism, we need the gov. to take control!

Imagine all the kiddie porn lovers and terrorists coming after you children?

 

knukles's picture

If it's even peripherally connected to the internet, you have no privacy.  Ownership's become an illusion.

Crash Overide's picture

Almost everything is hackable.

knukles's picture

Just so ya'll don't fell left out of anything, the University of Arizona is now offering a degree in Transgender Studies.
Honest troof.

http://lgbt.arizona.edu/

Troy Ounce's picture

 

 

You know what? They must go and fuck themselves!

Oh, wait!

Lonesome Crow's picture

You mean a digital blip of counterfeit won't transmit over analog fax machine?

JohninMK's picture

What about the possible Russian/Chinese system, avoiding US monitoring?

Kirk2NCC1701's picture

RIFT had a lot of ZH chat/hype in 2014, but went radio silent in 2015. No takers out of Russia, I guess.

It's amazing, dumb and maybe downright scandalous, that the BRICS do not have their own SWIFT.

HRH of Aquitaine's picture
HRH of Aquitaine (not verified) Kirk2NCC1701 Jun 25, 2016 7:49 PM

Yes they do. CIPS.

Kirk2NCC1701's picture

Excellent. We don't hear much about it, so who's using it?

Can Joe Public use it to wire money globally?

Duc888's picture

 

 

I do not believe so, it's for banking muckity-muck types...strictly inter banking stuff.

tonyw's picture

nope, it is not the intention that Joe Public can use it.

the SWIFT co-operative is owned by 7,000 financial institutions and access is limited to those institutions plus huge corporations.

Access from the SWIFT network to the banks is very tightly controlled, it is up to the banks to control access to their SWIFT interface internally. If a bank allows access to its systems from the internet which nearly all do and those systems have weaknesses then all other systems may be attacked.


Kirk2NCC1701's picture

Searched for CIPS, and found it way down the list of results, that was linked to a Wiki page.

Having read said page, it is clear that CIPS is a crippled version of SWIFT, and is a Non-Threat.

SWIFT is the clear King of global funds transfer, via the kabal of private banksters: BIS, the Central Bank of Central Bankers.

IOW... The Champ remains a champ until he gets knocked on his a$$. Not anytime soon, so I'm hedging accordingly.

Duc888's picture

 

 

  160 countries (BRICS+) will be walking away from SWIFT and moving to CIPS very shortly.  The world has grown weary of Uncle Sham.

HRH of Aquitaine's picture
HRH of Aquitaine (not verified) Duc888 Jun 26, 2016 2:35 AM

Indeed. The long-term planning on the part of the Chinese is not accidental. Anyone not aware of those plans is going to be blindsided.

HRH of Aquitaine's picture
HRH of Aquitaine (not verified) JohninMK Jun 25, 2016 7:48 PM

CIPS.

skbull44's picture

Another great reason to ban physical cash...

adanata's picture

 

My bank made a data entry mistake and it took me two frustrating days to straighten it out.

Cannot wait to go 'all digital'... what insanity to turn our lives and assets over to a computer 'bank' because it IS our lives we're talking about.

 

Coldfire's picture

Yeah, perhaps SWIFT should run their bulletin board on something more powerful than the Commodore 64 they run it on now.

UncleChopChop's picture

And yet... people give very little thought to the prospect that all VOTING systems are MASSIVELY compromised.

i am shocked and thrilled that Brexit-Leave won.. but I am also highly confident that it only won because the TRUE results were NOT 52% to 48%, but probably closer to 80% to 20%, which all the individual hacks to steal the vote were insufficient to overcome.

I think it's the same thing in the U.S. 

Does anyone really know that many Hillary supporters? Besides some vocal people and the smiling multi-ethnic faces in her photo-ops, it strikes me as a real possiblity her supporters are far smaller than the 'numbers' or 'polls' either do, or will show.

It's gotten to the point that we cannot *really* trust a voting result unless the 'secret ballot' element of it is changed for one entirely transparent.

Mrs. ChopChop suggested everyone getting into stadiums and doing massive 'Yay/Nay' sessions! 

JamaicaJim's picture

Dunk the hand....

 

Have skin dye (temporary hand dunks)....AND PAPER BALLOTS WITH RECEIPTS...

Not so fucking hard. Eliminates some voter fraud...and along with PROPER FUCKING I. GOD DAMNED D.......subverts the machine-a vote-a for whomeva...(a la Trump.........nooooooooooooo...you "voted" for Cuntlary....

The "hanging chad" horseshit of the Buuuuuuuuuuuuuuuuuuuuuush shitpile...gave us/foisted on us all....the Diebold switcho/chango/el bullshito....

Cryoprase the Troll's picture

The people of the Netherlands are fully aware of the risks associated with electronic voting machines.  They were taken out of service in 2006 after a commission concluded that the machines, their security,  and the vote count were insufficiently open to external audit.  No system is perfect.  See hanging chads in Florida,  and the distortions caused by counting  "delegates"  at primary conventions.

ConnectingTheDots's picture

Excellent point chopchop. As long as we have electronic voting machines, no one (except perhaps the hackers) know what the REAL results are.

"It's not the people who vote that count. It's the people who count the votes." Joseph Stalin

Bluntly Put's picture

Around the middle of April reports appeared which  stated that roughly USD $81 million remained uncovered.

The best way to rob a bank is to own one.

NoWayJose's picture

Global institutions may be susceptible...

Global institutions ARE susceptible... Fixed it!

lasvegaspersona's picture

So an 'icorn'..is what?.. a wart like lesion on the foot or a symbol of our current position in the universe of monetary screw-ups..

Kirk2NCC1701's picture

If you want to xfer money globally, and do it cheap, there are a number of companies that provide the service at low prices.

The only one I have experience with, is XOOM, which works like a charm.  Sad to discover just now though, that this Dutch company was so successful, that it got bought by PayPal.

SgtShaftoe's picture

www.schneier.com/blog

Read it.  It's good for your brain

VyseLegendaire's picture

Welcome back to center stage Blythe, you've earned it. 

Kina's picture

Put it in Hillarys basement

Victor999's picture

Not to worry.  Russia and China are fixing this.

Herdee's picture

Did the NSA just forget to monitor the activities at SWIFT?Kinda doubt it.

FredFlintstone's picture

An "icorn" of commodity trading. Soon to become a classic.