SWIFT Technicians Could Be Behind Security Breach At The Bank Of Bangladesh
Gareth Andrews / 9 years ago
When it comes to security, there are some groups that you want to rely on and trust as almost second nature. The first group that comes to mind is your bank, because if you don’t trust your bank to handle your money and protect your accounts then you will find it hard to purchase anything online. The second group is those responsible for any communication and financial transactions between groups or accounts. One of the latter groups, SWIFT, could be responsible for the security flaw that allowed hackers to make off with $81 million from the bank of Bangladesh.
With the original analysis of the breach revealing that a $10 switch with no firewalls was responsible for the security flaw that allowed the hackers into the network, it’s now been revealed just how that system came to be.
SWIFT is an organisation based around sending financial transactions between financial institutions, so when some of its workers connected the Bangladesh real-time gross settlement system (RTGS) to the SWIFT network, you would expect them to follow basic security procedures?
In this case, it would appear they didn’t as one of the banks officials revealed that contrary to the policy used by SWIFT, the workers connected directly to the main banking system through the use of an unmanaged switch that was unused at the bank. If that wasn’t enough, the technicians then set up a wireless network, as to avoid the locked room that you had to be in to access the network. With only a simple password blocking users from a secure financial network, you are asking for trouble, especially if you don’t disable or even delete the system when you finish the work.
The system was already found to be in danger as BAE Systems reports that there was malware on the system designed to rewrite transactions sent around the SWIFT system, giving hackers the ability to transfer funds not originally intended for one of their accounts to them or anyone else in the world.