SWIFT, the financial messaging system used by 11,000 banksthroughout the world, admitted this week that it's vulnerable tohackers if they penetrate its member financial institutions. Itshouldn't be major news: Thieves go where the money is,and more than half of the 25.8 million messages a daythat the network carried in March were meant to transfermoney. Yet SWIFT's hacker problem is a great illustration of howglobalized finance can get out of hand.

SWIFT's warning, sent to members over its secure network, tellsthem about “a number of recent cyber incidents in whichmalicious insiders or external attackers have managed to submitSWIFT messages from financial institutions' back offices, PCs, orworkstations connected to their local interface to the SWIFTnetwork.” Of these incidents, only one is well-known—February'sBangladesh Bank heist, which could easilyprovide the plot for a cyberpunk novel. On Monday, U.K.-basedBAE Systems' cybersecurity division provided thetechnical details of how the hack probably worked, havingfound malware that was likely used for the hack on an onlinemalware repository.

The perpetrators tried to transfer $951 million to thePhilippines and Sri Lanka from the account Bangladesh's centralbank holds with the New York Federal Reserve. The Philippine bitworked without a hitch: $81 million went to accounts at the RizalCommercial Banking Corp., set up in the names of two Chinesebusinessmen (who deny they had anything to do with it), then passedthrough several local casinos that are exempt frommoney-laundering regulations and left the Philippines in an unknowndirection.

Complete your profile to continue reading and get FREE access to Treasury & Risk, part of your ALM digital membership.

  • Critical Treasury & Risk information including in-depth analysis of treasury and finance best practices, case studies with corporate innovators, informative newsletters, educational webcasts and videos, and resources from industry leaders.
  • Exclusive discounts on ALM and Treasury & Risk events.
  • Access to other award-winning ALM websites including PropertyCasualty360.com and Law.com.
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.