back to article Crims pull another SWIFT-ie, Indian bank stung for nearly US$2m

A year after the SWIFT international bank transfer system enhanced its security, another breach has emerged: an Indian bank has confirmed that criminals gained access to its systems and made transfers totalling US$1.8 million. The Kumbakonam-based City Union Bank issued a statement [PDF] on Sunday February 18, in response to …

  1. Mark 85 Silver badge

    City Union Bank added that its SWIFT system is back in operation with “adequate enhanced security”.

    So PR fluff as obviously their systems aren't "adequate", "enhanced", or "secure". I think PR types should be taken out and stood up against the wall for shoveling this BS.

  2. bolac

    You cannot really enhance the security of a shitty system by just adding some scanners. That's a ridiculous marketing lie that the snakeoil industry planted into the head of Microsoft Windows and Office users for decades.

    1. Voland's right hand Silver badge

      There is little choice besides scanners

      The system itself has very little data to distinguish between a fraudulent small-to-medium transaction from a compromised bank and a valid one. The recipient bank may have some data (we assume that the source is compromised so it does not have a say). F.e an account opened yesterday which is getting 10m and is transferring out 10m immediately after that is an outright candidate for blocking under money laundry reqs. The transfer system - not so much.

      1. bolac

        Re: There is little choice besides scanners

        But even that is a stupid approach. If the data is not there, then that makes it even more stupid. It does not really help reliably, but it is a hassle for everyone else, for example people who want to park money into a newly opened bank account.

        Some people being too stupid to protect their access credentials does not justify to make the life of innocent people more annoying even to the slightest extent.

  3. Walter Bishop Silver badge

    Another breach of SWIFT security?

    "A year after the SWIFT international bank transfer system enhanced its security"

    It wasn't SWIFT that was hacked but the Windows 'computer' it was running on top of. The hack consisted of overwriting two bytes in memory to disable a process.

    "second-hand security kit used at Bangladesh Bank let attackers into the international funds transfer system"

    Curious as I can recall it was a compromised word documents in email attachments that let the attackers in. And the enhanced security consisted of an Oracle database printing out the transactions on paper. Such auditing msgs being suppressed to enable successful execution of the fraud.

  4. Pen-y-gors Silver badge

    $2 million?

    That's a rounding error! How about from a few days ago

    "Indian bank hit by $1.8bn fraud case"

    Now that's <bold>real</bold> fraud!

  5. Mahhn

    Here comes the Block Age.

    In 3 years when international banks have moved to blockchain logging for transactions it will be much harder to get money out of the banking system anonymously. Would-be hackers best set up your fake name banking accounts now if you can, there will be no anonymous withdrawals in short time.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019