Earlier this year, a team of hackers tried to steal vast quantities of cash using vulnerabilities in the Swift international payment system. Now, another similar hack has occurred.
Image: Grant Hutchinson
Swift has announced that a hack has been performed using similar techniques to one that hit the central bank of Bangladesh in February. So far, Swift hasn’t named which bank was targeted, nor whether any money was actually stolen, reports the BBC. The organisation does, however, say that the hackers had a “deep and sophisticated knowledge of specific operational controls.”
You might remember that the bank of Bangladesh hackers used malware, called evtdiag.exe, which allowed them to change records on Swift databases in order to hide what they were up to. The criminals could delete records of transfer requests, intercept messages about payments and manipulate the displayed account balances to cover their tracks.
Their attempts were brought to a halt because they managed to misspell “foundation” as “fandation” — a typo that was noticed by Deutsche Bank, ultimately bringing the heist to an abrupt end. The criminals did, however, manage to make off with $US80 ($109) million before they were found out. It later transpired that the hacks were made possible by the use of cheap hardware.
It’s not clear who’s behind the latest hack. Though Swift does admit that it appears the event is “part of a wider and highly adaptive campaign targeting banks.” Oh dear.