More banks plundered through SWIFT attacks Criminals have hacked an unspecified number of new banks, using the SWIFT messaging system already implicated in one of the most lucrative breaches in history. Reuters reports SWIFT has sent notices to banks around the world warning of breaches and asking the financial institutions to lift their security game. Hackers of …
And we're supposed to believe that all banks have low-security, 3rd-party routers with default passwords connected directly to the Internet that are responsible for all this.
Well grab the popcorn because if some brilliant hackers have finally found a way to milk the millions in serial attacks, then saying "it ain't us" won't do for long.
Security is a journey, and part of that journey is going to be SWIFT upping its game to not accept transfers from insufficiently-secured banks. Have encrypted keys that are regularly changed and so on and so forth. Do something.
Because right now money leak this is starting to look like the Las Vegas Lottery counter - always climbing.
It seems to be a two-party game... SWIFT blames the banks and won't step up and say something like "find another sucker to do this" and the banks... well, they're banks and since it's other people's money, don't seem to care. The blame game hasn't really started yet and won't until governments have to start bailing out the banks. Once sufficient blame has been tossed about and bail outs in place, all will return to normal* once more.
*Normal being profit and a "let's save money by not spending on security".
Oh come on, the only problem with re-using 2nd hand gear is that you have to know how to sanitize it. Firmware rewrites and config resets are available for all kit - blaming it on recycled kit suspiciously looks like the likes of Cisco have bunged the journalists a few quid.
Of course, it won't do mentioning that the SWIFT protocol itself is from the age of parchment and really could do with an upgrade, because that would mean that banks would actually have to spend some real money! After all, they only do the bare minimum on security (just enough to offset liability)..
One of the issues with SWIFT about 15 years ago was the insistence by the US that details of all money transfers via SWIFT be immediately provided to the US intelligence services. So there should be a trail to follow, and generally with the theft of amounts of these magnitudes these usually a few bodies too. So where's the money ending up? The NSA probably has a pretty good idea but has been remarkably silent so far...
So who's out there looking nice and healthy, building weapons, infrastructure, armies etc while simultaneously being under embargoes, sanctions etc that should have the effect of limiting economic development - and apparently with the talent to pull this sort of operation off?
One of the issues with SWIFT about 15 years ago was the insistence by the US that details of all money transfers via SWIFT be immediately provided to the US intelligence services.
You're right, that is something the EU has to chase as well. Details of all US SWIFT transactions should be made available to the assembled EU intelligence services. After all, we all have to fight terrorism together now, don't we?
(yeah, I know. They're not very good at the whole sharing and reciprocity thing)
In the same vein as the FBI et al having access to Apple's encryption, SWIFT has been broken into and slurped continuously for years; https://en.wikipedia.org/wiki/Society_for_Worldwide_Interbank_Financial_Telecommunication#U.S._government_involvement
If the Yanks can get in so can others.
Are you claiming that they used SWIFT as a vector to access the banks internal systems or was it in fact the other way round. As in they first implemented an email phishing attack against the banks internal systems and then used that to facilitate transactions against the SWIFT system. The original hack also being used to suppress warning messages (printouts from an Oracle database) about the financial transactions. The crooks would also need access to the destination bank in order to transfer the funds out of the banking system.
Are you claiming that they used SWIFT as a vector to access the banks internal systems or was it in fact the other way round
No, it's more an object lesson why what FBI's Comey wants is such a bad idea - as the US has access to all SWIFT transactions, are we sure that access is one way only? I wouldn't put it past them to use their access for other purposes that in their weird and warped mind could be considered for the benefit of good ol' US of A.
Let's not forget that the dividing line between legal and criminal is sometimes merely semantics.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
