Menu
Bangladeshi police accuse SWIFT technicians of leaving central bank vulnerable to hack

Bangladeshi police accuse SWIFT technicians of leaving central bank vulnerable to hack

The Bangladeshi central bank was left more vulnerable to cyberattack after connection to the SWIFT financial network, Reuters reports

Technicians from the SWIFT global financial network connecting it to Bangladesh's central bank made it easier for hackers to attack the bank, Bangladeshi police and a bank official have told Reuters.

The technicians worked on Bangladesh's Real-time Gross Settlement (RTGS) system, used to transfer money among Bangladeshi banks, three months before hackers attempted to steal US$951 million from the central bank. The work opened up "a lot of loopholes" in bank computer systems, said the head of the criminal investigation department leading the investigation.

Bangladeshi police want to interview the SWIFT technicians to find out whether their actions were intentional or negligent, Mohammad Shah Alam told Reuters.

Police and bank officials told the news agency that a number of actions last October left the bank more vulnerable after the RTGS system was set up and connected to the SWIFT network, which provides messaging services to around 11,000 financial institutions worldwide.

SWIFT staff declined to speak to Reuters about the allegations, and did not immediately respond to requests from IDG News Service for comment.

The technicians did not follow usual security procedures, Bangladeshi bank and police officials told Reuters, leaving the bank's SWIFT messaging system remotely accessible, protected only via a simple password and no firewall.

Instead of building an isolated network for the RTGS system and linking that to the SWIFT network, the technicians connected both systems to a network linking 5,000 central bank computers to the open Internet, police officials told the news agency.

In addition, no firewall was placed between the RTGS and SWIFT networks to prevent the exchange of malicious traffic, and the switch used to connect the networks was not a modern, managed model but an old, unused one found at the bank, the agency reported.

The room containing SWIFT networking equipment at the bank was kept locked for security reasons, but the technicians installed a wireless connection, making it accessible from other offices there, securing it with only a simple password and leaving it connected after they left, the officials said.

Finally, a computer was connected to the SWIFT systems without following the usual procedure of disabling its USB port, making it possible for malware to be introduced from a thumb drive, police told the agency.

That port was still accessible when the theft was discovered in February, said the report, citing a bank official.

Hackers appear to have installed custom malware to interfere with the SWIFT messaging system. 

During the theft, fraudulent SWIFT messages were sent to the U.S. Federal Reserve Bank in New York seeking to transfer $951 million from Bangladesh Bank's account there to accounts elsewhere. Most of those transfers failed but around $81 million was sent to a bank in the Philippines, much of which remains unrecovered.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

Educating from the epicentre - Why distributors are the pulse checkers of the channel

Educating from the epicentre - Why distributors are the pulse checkers of the channel

​As the channel changes and industry voices deepen, the need for clarity and insight heightens. Market misconceptions talk of an “under pressure” distribution space, with competitors in that fateful “race for relevance” across New Zealand. Amidst the cliched assumptions however, distribution is once again showing its strength, as a force to be listened to, rather than questioned. Traditionally, the role was born out of a need for vendors and resellers to find one another, acting as a bridge between the testing lab and the marketplace. Yet despite new technologies and business approaches shaking the channel to its very core, distributors remain tied to the epicentre - providing the voice of reason amidst a seismic industry shift. In looking across both sides of the vendor and partner fences, the middle concept of the three-tier chain remains centrally placed to understand the metrics of two differing worlds, as the continual pulse checkers of the local channel. This exclusive Reseller News Roundtable, in association with Dicker Data and rhipe, examined the pivotal role of distribution in understanding the health of the channel, educating from the epicentre as the market transforms at a rapid rate.

Educating from the epicentre - Why distributors are the pulse checkers of the channel
Kiwi channel reunites as After Hours kicks off 2017

Kiwi channel reunites as After Hours kicks off 2017

After Hours made a welcome return to the channel social calendar last night, with a bumper crowd of distributors, vendors and resellers descending on The Jefferson in Auckland to kickstart 2017. Photos by Maria Stefina.

Kiwi channel reunites as After Hours kicks off 2017
Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow Electronics introduced Tenable Network Security to local resellers in Sydney last week, officially launching the distributor's latest security partnership across Australia and New Zealand. Representing the first direct distribution agreement locally for Tenable specifically, the deal sees Arrow deliver security solutions directly to mid-market and enterprise channel partners on both sides of the Tasman.

Arrow exclusively introduces Tenable Network Security to A/NZ channel
Show Comments