Hackers may have breached 32 servers in Bangladesh’s central bank after remotely monitoring its activity in a coordinated cyber attack that ended in the theft of more than US$100 million from its account in the Federal Reserve Bank of New York.
The criminals, posing as Bangladeshi central bank officials, sent dozens of secure messages to the New York Fed, which transferred funds belonging to Bangladesh from the Fed to bank accounts in the Philippines and Sri Lanka, the Wall Street Journal reports.
The hackers introduced malicious code, known as malware into the Bangladesh bank’s servers, which allowed them to process and authorize the transactions, according to an interim report from FireEye Inc., the Silicon Valley-based cybersecurity firm the Bangladesh Bank hired to probe the Feb. 5 theft.
In addition to the malware, the cyber criminals deployed hacking tools, including keylogger software that monitors strokes on a keyboard, to steal Bangladesh Bank’s credentials for a closed network used by financial institutions to authorize financial transactions through secure messages.
Brussels-based Society for Worldwide Interbank Financial Telecommunication (SWIFT), a cooperative owned by some 3,000 global financial institutions, said Monday that it would ask customers to review their internal security in light of the breach of Bangladesh’s central bank.
“We reiterate that the SWIFT network itself was not breached. Our priority at this time is to investigate the interim findings and to encourage customers to review and, where necessary, to reinforce their local operating environments,” a Swift spokeswoman said.
FireEye said its investigators have identified malware “with advanced features of command and control,” which was “specifically designed for a targeted attack on Bangladesh Bank to operate on Swift Alliance Access servers”—the interface used by the central bank to access the Swift network.
Cyber criminals had monitored the bank’s routine activity through the malware, the report said, allowing them to compose money transfer messages that looked genuine but were intended for accomplices in the Philippines and Sri Lanka.
The malware that allowed hackers to send fraudulent messages through the Swift messaging system could still be in the local network, Bangladeshi officials said.
How the malware was installed on the computers has yet to be determined, according to the report, which hasn’t been made public.
– Contact us at english at HKEJ.com