Re: Co-op concerns
"For instance, do you know what customer-side SWIFT terminal used to look like until very recently? ... not hardened, used for mail, web browsing, office docs and, er, seven/eight/nine figure transactions."
It gets worse.
Last week's El Reg article $10m of Bangladeshi SWIFT heist ended up in Filipino Casino
takes us back to April's Meet the malware that screwed a Bangladeshi bank out of $81m,
which in turn leads to BAE Systems Threat Research Blog: Two bytes to $951m,
where we see that all the data files are in the Administrator directory tree.
Oops. Right there in public view, and the BAE report didn't even highlight that as a problem.
Apparently the Bangladeshi systems merited their own secure room, so perhaps weren't subject to malware from general surfing / mail / Office nasties, but really, running something like SWIFT from the Admin account?