Thieves who stole $81 million from the Bangladesh Bank may have been aided by a security flaw in the SWIFT international banking network, according to Reuters. Security researchers from BAE found malware designed to help thieves delete transfer information to hide their tracks. "I can't think of a case where we have seen a criminal go to the level of effort to customize it for the environment they were operating in," says BAE's Adrian Nish. SWIFT, a coop with 3,000 member banks, confirmed that it knew about malware targeting its client software, though Bangladesh police say they haven't found it on the bank's servers yet.
The bank had serious security problems like a bad firewall and aging equipment, which let hackers steal credentials and penetrate the servers. Once inside, they created a sophisticated attack that may have included a customized version of a tool called "evtdiag.exe" to delete SWIFT transactions. Researchers spotted the file in a malware repository, and while they couldn't confirm that it was used, say it contained specific information about the bank and was uploaded from Bangladesh.
The malware could not only delete outgoing transfers, but also erase inbound confirmation messages, change account balance logs and even disable a printer that made hard copies of requests. It's not clear if any of those capabilities were used during the hack, as the investigation is still ongoing, but it could have been much worse. The thieves were trying to steal nearly $1 billion, but got a "mere" $81 million because a German bank flagged a transfer order due to spelling errors. SWIFT told Reuters that it will release software today to shore up security and will also warn banks to double-check their systems.