Latest in Culture

Image credit: Reuters

Report: Bank network flaw helped hackers steal $80 million

Thieves may have attacked the SWIFT transfer system to cover their tracks.
118 Shares
Share
Tweet
Share
Save

Sponsored Links

Reuters

Thieves who stole $81 million from the Bangladesh Bank may have been aided by a security flaw in the SWIFT international banking network, according to Reuters. Security researchers from BAE found malware designed to help thieves delete transfer information to hide their tracks. "I can't think of a case where we have seen a criminal go to the level of effort to customize it for the environment they were operating in," says BAE's Adrian Nish. SWIFT, a coop with 3,000 member banks, confirmed that it knew about malware targeting its client software, though Bangladesh police say they haven't found it on the bank's servers yet.

The bank had serious security problems like a bad firewall and aging equipment, which let hackers steal credentials and penetrate the servers. Once inside, they created a sophisticated attack that may have included a customized version of a tool called "evtdiag.exe" to delete SWIFT transactions. Researchers spotted the file in a malware repository, and while they couldn't confirm that it was used, say it contained specific information about the bank and was uploaded from Bangladesh.

The malware could not only delete outgoing transfers, but also erase inbound confirmation messages, change account balance logs and even disable a printer that made hard copies of requests. It's not clear if any of those capabilities were used during the hack, as the investigation is still ongoing, but it could have been much worse. The thieves were trying to steal nearly $1 billion, but got a "mere" $81 million because a German bank flagged a transfer order due to spelling errors. SWIFT told Reuters that it will release software today to shore up security and will also warn banks to double-check their systems.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
118 Shares
Share
Tweet
Share
Save

Popular on Engadget

The 2019 Engadget Holiday Gift Guide

The 2019 Engadget Holiday Gift Guide

View
What's coming to Netflix in December: 'The Witcher' and 'Lost in Space'

What's coming to Netflix in December: 'The Witcher' and 'Lost in Space'

View
Verizon's 5G coverage maps are here, and they're sparse

Verizon's 5G coverage maps are here, and they're sparse

View
Apple's iPhone 11 battery case includes a dedicated camera button

Apple's iPhone 11 battery case includes a dedicated camera button

View
Hyundai's Vision T concept SUV looks like a driveable TIE Fighter

Hyundai's Vision T concept SUV looks like a driveable TIE Fighter

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr