Ecuadorean Bank Loses $12 million via SWIFT

ecuador-bank-hackCyber attacks against financial institutions have seen an alarming rise in recent times—the most notable of which is the previous Bangladesh Bank hack where cybercriminals stole about $81 million. Just a few days ago, a new lawsuit has disclosed that an Ecuadorean bank was victimized by a similar attack in January 2015 where cybercriminals stole an estimated $9 million. This heist seemingly bears all the hallmarks of the attacks against the Bangladesh central bank, as well as a small Vietnamese lender.

The attack on Banco del Austro is described in a lawsuit filed in New York against San Francisco-based Wells Fargo & Co., stating that hackers obtained access to the codes the bank uses to move money via SWIFT, the global interbank network. This allowed cybercriminals to amass 12 million, which was transferred to accounts in Hong Kong, Dubai, New York, and Los Angeles. According to reports, SWIFT was used to transfer funds from the US bank. A SWIFT spokeswoman told Reuters that while the attack happened over a year ago, the firm only discovered it recently—implying that banks have not been sharing critical details of such incidents to prevent future heists. SWIFT, which stands for Society for Worldwide Interbank Financial Telecommunication, warned customers that the two recent banking attacks in Bangladesh and Vietnam appeared to be “part of a wider and highly adaptive campaign.” Wells Fargo did not immediately comment on the matter.

The Bangladesh Central Bank Cyber Heist

On February 4th, unknown cybercriminals used SWIFT credentials of Bangladesh Central Bank employees to send about three dozen fraudulent money transfer requests to the Federal Reserve Bank of New York asking the bank to wire millions of the Bangladesh Bank’s funds to bank accounts in the Philippines, Sri Lanka, and other parts of Asia. The hackers managed to steal $81 million, sending it to Rizal Commercial Banking Corporation (RCBC) in the Philippines thru four different transfer requests and another $20 million sent to Pan Asia Banking in Sri Lanka in a single request. While the latter was recovered, the $81 million was lost to the Philippines; entering RCBC’s banking system on February 5. An investigation revealed that the money was laundered through casinos with some transferred to Hong Kong. The Fed bank in New York blocked the remaining 30 transactions, amounting to $850 million, at the request of the Bangladesh Bank. The hacks have since sparked concerns within global banks urging SWIFT to shore up security at its 11,000 members.

[READ: Lessons from the Bangladesh Bank Heist]

The Ecuador Bank Connection

The attack on the Bangladesh Bank followed the same pattern described by Banco del Austro: attackers used malware to circumvent a target’s local security systems, perpetrators gained access to the SWIFT messaging network, and fraudulent messages were sent via SWIFT to initiate cash transfers from accounts at larger banks. These techniques indicate the use of targeted malware to compromise banks’ international payment systems, underscoring the vulnerability of smaller banks that have weak security systems. In addition, the hack may be a bigger and more far-reaching problem than originally feared. The hacks also raise concerns regarding the integrity and trustworthiness of SWIFT transparency. If hackers could easily subvert systems at SWIFT endpoints as seen in the Bangladesh Bank heist, they conceivably could run more dangerous money transfers. In a statement, SWIFT said “We specifically remind all users to respect their obligations to immediately inform SWIFT of any suspected fraudulent use of their institution’s SWIFT connectivity. We are currently working to further reinforce our support to customers in securing their access to the SWIFT network”. SWIFT said that a new program for beefing up security is underway and will be detailed next week, after receiving feedback from a board of committee and its regulators. Currently, it has “centralized all information about ongoing attacks and other security measures in a restricted section of its website”.

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.