SWIFT admits international bank transfer system was hacked

© Dado Ruvic
The SWIFT international money transfer network has warned banks of a number of recent cyber attacks on its system and has asked them to update their software.

The system used by SWIFT was compromised in the $81 million cyber heist from the US Federal Reserve account of the Bangladesh central bank.

"SWIFT is aware of a number of recent cyber incidents in which malicious insiders or external attackers have managed to submit SWIFT messages from financial institutions' back-offices, PCs or workstations connected to their local interface to the SWIFT network," the SWIFT group warned customers in a notice seen by Reuters.

The statement is the first time SWIFT has acknowledged there were other cyber incidents on its system, as well as the attack on the central bank of Bangladesh.

According to Reuters, SWIFT did not name any victims or disclose the value of any losses from the previously undisclosed attacks.

SWIFT has released a security update for the software that 11,000 financial institutions use to access its network, and has told customers the update should be installed by May 12.

On Monday, security researchers with British defense contractor BAE Systems alleged the cyber thieves who stole $81 million from the central bank of Bangladesh hacked SWIFT software.

In a note to customers SWIFT group said the attackers obtained valid credentials for operators authorized to create and approve SWIFT messages, then submitted fraudulent messages by impersonating those people.

Bangladesh Bank officials had blamed a broken printer for preventing the timely discovery of the hack of the bank’s overseas account.

The cyber thieves got away with $81 million while attempting to steal around $1 billion.

Experts say hackers are turning to SWIFT and other private financial messaging platforms because they could steal larger amounts.

 “These hacks specifically target financial institutions because smaller efforts result in much larger thefts,” said Shane Shook, a banking security consultant.“It’s much more efficient than stealing from consumers.”

“After the Bangladesh bank heist became public, every other attacker out there is looking to see if they can do the same,” said Justin Harvey, chief security officer with Fidelis Cybersecurity.

SWIFT’s messaging services are used by about 11,000 financial institutions in more than 200 countries. The network processed 25.6 billion financial transfers in 2014.