Hackers Used SWIFT To Steal $6 Million From Russian Bank

In the latest revelation about the Society for Worldwide Interbank Telecommunication's vulnerability to hackers - who've stolen tens of millions of dollars from banks and central banks mostly by stealing the special private keys used to sign off on transactions - Russian authorities revealed that hackers had made off with about 340 million rubles ($6 million) during an attack carried out last year, according to Reuters.

While that's not the largest sum ever stolen by infiltrating SWIFT (indeed it pales in comparison to the more than $80 million stolen from the Bank of Bangladesh's reserve account at the New York Fed back in 2016) the news comes just days after Russian authorities said the country's banking system would be ready to abandon SWIFT if the US and European Union tried to cut off its banks.

In a report about the incident, the Russian authorities said hackers had gained control of a computer at a Russian bank and used SWIFT to transfer the money to their own accounts. Of course, the bureaucrats who run SWIFT from Brussels insist that the SWIFT system itself has never been infiltrated - and that the vulnerabilities exploited by hackers are solely the responsibility of the participating institutions. The irony here is that this is the same excuse advanced by bitcoin evangelists and others who wax about the "immutable" blockchain and its security features, only to overlook that hundreds of millions of dollars in cryptocurrencies have been stolen by hackers over the past few years.

SWIFT

To be sure, SWIFT officials have warned that hacking attacks are becoming "increasingly prominent" after the theft of the Bangladesh funds, which disappeared after landing in accounts based in the Philippines and then Macau.

The central bank revealed that it had learned of the theft from a "SWIFT systems operator" - presumably the bank where the hack originated - which had stumbled upon the unauthorized transactions. They then used the SWIFT system to transfer money to their own accounts. What happened next isn't entirely clear. The deputy head of the Central Bank of Russia's security department said only that the attack was a "common-sense scheme".

A SWIFT spokeswoman said the network offers its assistance during hacking incidents, though it's unclear how exactly they have helped: Once the funds have been transferred outside of the banking system, they're effectively irrecoverable. Indeed, during the Bangladesh heist - which took place over a long weekend, so as to take the money and run before their scheme is uncovered - $20 million of orders were stopped by the NY Fed's internal controls because of certain suspicious qualities of the requests. In that incident, the hackers had somehow gained access to the Central Bank of Bangladesh's private keys, which they used to authorize the transactions.

"When a case of potential fraud is reported to us, we offer our assistance to the affected user to help secure its environment," said the spokeswoman, Natasha de Teran.

This isn't the first attempt to infiltrate SWIFT via a Russian bank. Back in December, hackers tried to steal 55 million rubles (about $1 million) from Russian state-run bank Globex using the SWIFT system.

Meanwhile, in what appears to be a desperate attempt to save face, SWIFT has declined to disclose the number of attacks or identify any victims, but details on some cases have become public, including attacks on Taiwan’s Far Eastern International Bank and Nepal’s NIC Asia Bank.

Wait, tell us again about how insecure bitcoin is?

 

 

 

Comments

glenlloyd ThinkerNotEmoter Fri, 02/16/2018 - 12:53 Permalink

Electronic anything is vulnerable, either to hacking or to any number of non-hacking threats, like power outages from EMP or just loss of power from crappy electrical grid.

You might think your 'coins' are safe in a wallet but when you're standing in line during a power outage wanting some fuel for a car or a portable heater or anything I can guarantee you the seller is not going to care about some 'coins' that you can't even prove you have.

The media (and their political cronies) talk about how cash (of any kind) is the sphere of thieves, mobsters and drug dealers but when the rubber meets the road I'll take anything physical over digital. At least I know in the end I'll be able to use it should the need arise.

I recall once being screwed by a card issuer on a long holiday weekend when of course no one was in at customer service to fix the problem. My purchase pattern suddenly changed and every time I tried to use the card I had to call the card service center and speak to someone there. Their complaint was that they couldn't seem to contact me at home...well, morons, that's because it's a holiday and I'm gone!! Imagine if I had tried to use that card at a 24hr unstaffed fueling station? I would have been screwed in a major way. Since that time I have used a card only when it's beneficial for me to do so...screw that shit.

In reply to by ThinkerNotEmoter

Bunga Bunga Buckaroo Banzai Fri, 02/16/2018 - 15:07 Permalink

Bitcoin was never hacked, but exchanges. In contrast to the banking system, you can keep your funds in your own bank, disconnected from the Internet on a piece of paper, unreachable for hackers. Holding funds with a third party always involves much higher risks, unfortunately you can't avoid that with fiat unless you want to carry around and store large amounts of soon to be abolished paper notes.

In reply to by Buckaroo Banzai

Innerreptilian Fri, 02/16/2018 - 12:34 Permalink

There're news that pretty often don't quite sell well what they try to. The banking system is traceable enough to find the culprits in hours, and yet this remains open. Behind this kind of facts there's the real intention: new system, new laws....etc    Nothing new........there's nothing to see here, move along

TeethVillage88s Fri, 02/16/2018 - 12:45 Permalink

What other clearing & settling systems were used?  why focus on SWIFT?

- CME Clearing Europe
- EuroCCP
- Eurex Clearing
- ICE Clear Europe
- LCH
- LME Clear
- Nasdaq Clearing
- SIX x-clear
- CME Group Inc. (CME.O),
- Deutsche Boerse’s (DB1Gn.DE) Eurex,
- Intercontinental Exchange Inc (ICE.N),
- EBA CLEARING
- CORE(FR)
- STEP1 (small & Medium banks)
- STEP2
- TARGET2
- EURO1,
- SEPA services, Finland
- STET S.A.S.
- POPS (FI)
- Cede and Company
- DTCC
- Fedwire

 

Bemused Observer Fri, 02/16/2018 - 13:12 Permalink

Any system that is 'online' in any way is vulnerable. THAT much we have already determined. The system, as it has been designed, is inherently unsafe and unstable. It would be beyond stupid to continue to use it without major overhauls.

So guess what we'll do?