Latest in Culture

Image credit:

Report: Bank network flaw helped hackers steal $80 million

Thieves may have attacked the SWIFT transfer system to cover their tracks.
Steve Dent, @stevetdent
April 25, 2016
Share
Tweet
Share

Sponsored Links

Reuters

Thieves who stole $81 million from the Bangladesh Bank may have been aided by a security flaw in the SWIFT international banking network, according to Reuters. Security researchers from BAE found malware designed to help thieves delete transfer information to hide their tracks. "I can't think of a case where we have seen a criminal go to the level of effort to customize it for the environment they were operating in," says BAE's Adrian Nish. SWIFT, a coop with 3,000 member banks, confirmed that it knew about malware targeting its client software, though Bangladesh police say they haven't found it on the bank's servers yet.

The bank had serious security problems like a bad firewall and aging equipment, which let hackers steal credentials and penetrate the servers. Once inside, they created a sophisticated attack that may have included a customized version of a tool called "evtdiag.exe" to delete SWIFT transactions. Researchers spotted the file in a malware repository, and while they couldn't confirm that it was used, say it contained specific information about the bank and was uploaded from Bangladesh.

The malware could not only delete outgoing transfers, but also erase inbound confirmation messages, change account balance logs and even disable a printer that made hard copies of requests. It's not clear if any of those capabilities were used during the hack, as the investigation is still ongoing, but it could have been much worse. The thieves were trying to steal nearly $1 billion, but got a "mere" $81 million because a German bank flagged a transfer order due to spelling errors. SWIFT told Reuters that it will release software today to shore up security and will also warn banks to double-check their systems.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

The 2020 Engadget Holiday Gift Guide

The 2020 Engadget Holiday Gift Guide

View
Google built an 'Infinite Bad Guy' generator using 15,000 YouTube covers

Google built an 'Infinite Bad Guy' generator using 15,000 YouTube covers

View
Google Assistant can finally schedule your smart lights

Google Assistant can finally schedule your smart lights

View
Lenovo's Google-powered Smart Clocks hit all-time low prices for Black Friday

Lenovo's Google-powered Smart Clocks hit all-time low prices for Black Friday

View
The Morning After: What you need for ray-tracing in 'Cyberpunk 2077'

The Morning After: What you need for ray-tracing in 'Cyberpunk 2077'

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr