Taking ActionTaking Action for Your Money


Thieves are still using ‘secure’ banking network to steal millions

Posted at 6:13 PM, Feb 16, 2018
and last updated 2018-02-16 18:14:36-05

Thieves used the international payment system SWIFT to steal $6 million from a Russian bank last year.

The attack on the unnamed bank, which Russia’s central bank described as successful, is the latest in a series of thefts that have exploited SWIFT.

“The SWIFT payment system was used exclusively as a channel to withdraw the stolen funds,” the central bank said in a statement. “The bank — and the SWIFT operator’s workplace in particular — were the primary targets of the attack.”

The central bank described the attack as a “classic scheme.”

SWIFT, the communications network that links much of the global financial system, has been used in multiple attacks in recent years.

In 2016, criminals managed to steal $101 million from Bangladesh Bank, $20 million of which was later recovered. Financial institutions in Vietnam and Ecuador are also thought to have been hit with successful attacks.

The company said Friday that it does not comment on individual customers.

“When a case of potential fraud is reported to us, we offer our assistance to the affected user to help secure its environment,” the Brussels-based organization said in a statement.

The heists have followed a general pattern: Attackers circumvent a bank’s local security systems and gain access to the SWIFT network. Fraudulent messages are then used to initiate cash transfers.

In the case of Bangladesh Bank, hackers used the tactic to transfer money out of its accounts at the New York Fed.

SWIFT has taken steps to improve security at client banks, implementing tougher standards for their local computer networks. The company has also introduced new security audits and standards.

According to SWIFT, 89% of its customers said they had complied with the new rules by the end of 2017.

Stragglers have a year to get into shape. Starting in January 2019, SWIFT will no longer allow organizations that do not meet the standards to join its network.