Hackers steal $6m from Russian bank via Swift
Hackers stole RUB 339.5 million ($6 million) from a Russian bank last year using Swift’s payments messaging system.
According to Reuters, which was the first to discover this, the Russian central bank disclosed the information on 16 February. Albeit, it was “buried at the bottom of a central bank report on digital thefts in the Russian banking sector”.
The central bank says it received information about “one successful attack on the work place of a Swift system operator” and “the volume of unsanctioned operations as a result of this attack amounted to RUB 339.5 million”.
Reuters says after the report’s publication, a central bank spokesman explained that hackers had taken control of a computer at a Russian bank and used the Swift system to transfer the money to their own accounts.
The spokesman declined to name the bank or provide further details. He quoted Artem Sychev, deputy head of the central bank’s security department, as saying this was “a common scheme”.
A spokeswoman for Swift told Reuters it does not comment on specific entities.
“When a case of potential fraud is reported to us, we offer our assistance to the affected user to help secure its environment,” adds the spokeswoman.
Swift says its own systems have never been compromised by hackers.
Horrible histories
All these cyberattacks are not uncommon. In December, hackers attempted to steal RUB 55 million ($975,000) from Russian state bank Globex using Swift’s system.
As reported in 2016, Bangladesh Bank said a total of $101 million was “wrongly transmitted”, of which $20 million went to a Sri Lankan bank. This involved sending a series of requests for the New York Federal Reserve to transfer large tranches of money from its account there.
The NY Fed said at the time: “The payment instructions in question were fully authenticated by the Swift messaging system in accordance with standard authentication protocols.”
Also in 2016, Symantec found evidence that the Odinaff group mounted attacks on Swift users, using malware to hide customers’ own records of Swift messages relating to fraudulent transactions.
That was bad news for Swift but its fight back against these attacks has been extensive and ongoing. It has spoken strongly on the subject and unveiled SwiftSmart modules to help its customers operate their Swift environment “securely and in-line with best practice”.
The modules were also a “critical part” of its Customer Security Programme launched in May 2016. That five-part plan was a result of various hacking incidents.
I was particularly struck by the comment in the article – The NY Fed said at the time: “The payment instructions in question were fully authenticated by the Swift messaging system in accordance with standard authentication protocols.”
What we do know is that the authentication process is a technical verification of the sender, but it doesn’t replace prudent banking practice. It is still incumbent on banks to verify that the banking side of the transaction is as correct as the technical. If a bank receives what seems to be a technically correct message; they MUST verify that from a banking perspective the transaction is correct.
It is too easy to hack a system these days, the only thing a bank can do is make sure that the transaction is ‘real’ from a banking perspective. Unfortunately, the faster that transactions are processed by banks, the more they are exposed to fraudulent activity.
Totally agree with you John. Anything which is slightly away or different from regular transaction pattern needs to be cross checked manuelly. One doesnt need Algorithm but common sense & presence of mind to stop such financial crimes.