In typical data breaches, hackers work their way in, get what they’re after, and then head for the internet hills, occasionally stopping to brag about their exploits on some dark web forum after they’re done. But for last month’s data breach that resulted in hackers making off with $81 million from the Bangladesh Bank, more of the cybereffort involved covering their tracks than getting what they were after.
A report from UK security firm BAE found that SWIFT–Society for Worldwide Interbank Financial Telecommunication–the cooperative of literally thousands of worldwide banks, was compromised by hackers who then used the installed malware to cover up the record of transactions to prevent notice. The transactions that resulted in moving the millions of dollars–far less than the $951 million they were reportedly after–were first taken from Bangladesh Bank’s account at the Federal Reserve in New York, then routed to accounts in the Philippines.
There are some highly interesting details in this particular hacking event, and together they form the plot of a really outstanding cyberthriller novel. First, the security on SWIFT was reportedly subpar, with some allegations about the lax security of SWIFT’s network claiming that banks relied on $10 switches to connect to the network and that the system didn’t even have a firewall in place. Next, the hackers apparently infiltrated the full network instead of accessing usernames or passwords first, indicating a sophisticated form of attack. But don’t get too excited about their abilities; as TheNextWeb has reported, the $800M or so that the hackers didn’t make off with was due to their spelling error that triggered an alert on the system.
As for the outcome: most of the $81 million remains unaccounted for, and Bangladeshi law enforcement has not identified the malware the hackers used to cover up their illicit activity. BAE will release its report on their findings today.