Banks have been warned by US regulators about possible cyber attacks associated with the inter-bank messaging system. The warning comes two weeks after the FBI sent a caution to US banks following Bangladesh’s central bank hacking.
The Federal Bureau of Investigations message warned of “malicious cyber attacks” which had already affected foreign banks.
Hackers made away with £56m ($81m) from Bangladesh’s account in February, with the New York Federal Reserve Bank. On the day of the hack in February, New York Fed at first rejected over thirty requests to transfer money to various international accounts, according to a Bangladesh Bank official and a New York Fed official who spoke to Reuters. The decision by the Fed to later conform to some of the re-submitted requests raises concerns about whether it overlooked red flags.
The US central bank arm in New York initially turned down the transfer requests as they lacked correct formatting as required by the Swift messaging system used by the network banks for financial transfers.
However, the cyber thieves later on in the day re-submitted those 35 requests on the second try with the proper messaging format. Swift (the first line defense against sham wire transfers) had authenticated all the requests.
The New York Fed went on to reject thirty of the requests a second time despite the technical compliance. But they did approve five requests for a sum of a $101 million. However, due to spelling errors, one of those five transfers (a $20 million request) was reversed.
The NY Fed has stated it blocked the thirty resubmitted requests as they had been flagged for an economic sanction review. Only afterward were they considered potentially fraudulent.
A source close to the Bangladesh Bank said the NY Fed ought to have turned down all the requests on both the second and first attempts.
Anomalies in the four transfers that finally went through ought to have raised questions at the NY Fed according to the source close to the Bangladesh Bank, and who also had direct knowledge of the matter. They were paid out to individual recipients, a very rare thing with Bangladesh central bank, and the fake names on the four approved fund withdrawals also featured on some of the thirty resubmitted requests that had initially been rejected by the bank.
The hackers made use of the Swift credentials of the Bangladesh central bank to transfer money to Philippines accounts. Swift is a system that is used by banks to transfer requests and exchange messages.
Had the hackers been successful, they would have made away with nearly $1 billion they had attempted to steal. However, because of irregularities, several of their cyber attacks plans were thwarted.
The Federal Financial Institutions Examination Council (a group of United States banking regulators) encouraged banks to examine the security of their interbank payment network through a statement it sent to them.
FFIEC said that after recent cyber attacks banks must actively manage the risks linked with interbank wholesale payment networks and messaging.
The council further pointed out that the statement was purposed to alarm banks to certain security measures that could protect their payment and messaging networks from unauthorized access and cyber attacks.
It cautioned that unauthorized transactions could subject the originating bank to compliance breaches and losses.
Swift and the Bangladesh Central Bank have placed the blame on each other for the shortfalls that facilitated the February hacking.
The Federal Bureau of Investigators (FBI) sent its caution to United States banks on 23 May, warning them to pay special attention to possibly fraudulent global transfer requests.
The alert said that the actors have taken advantage of vulnerabilities in banks’ internal environments and initiated unauthorized monetary transfers over a global payment messaging system.
FBI said it would not comment on the alerts, and didn’t also identify specific victims. However, its spokesman said it routinely warns private industry about various cyber attacks threats indicators noted during its investigations. The Bureau provides this data to assist systems administrators to watch over against cyber attacks of determined criminals.