Ukrainian bank cyber-heist: Hackers compromise Swift network in $10m theft
June 28, 2016
Shah Sheikh (1294 articles)

Ukrainian bank cyber-heist: Hackers compromise Swift network in $10m theft

Hackers have reportedly stolen $10m from a bank in Ukraine by exploiting the Swift messaging system, according to reports emerging from the region citing an independent IT monitoring organisation called the Information Systems Audit and Control Association (ISACA).

English-language newspaper, the Kyiv Post, has reported the ISACA branch in Ukraine disclosed that cybercriminals were able to compromise the bank’s security in similar fashion to the incident at the Bangladesh central bank in which $81m (£56m) was stolen by hackers.

“At the current moment, dozens of banks (mostly in Ukraine and Russia) have been compromised, from which has been stolen hundreds of millions of dollars,” a member of the ISACA reportedly said before elaborating that $10m was compromised from a Ukrainian bank under investigation.

The bank in question had not yet been named – and is unlikely to be revealed as analysts are usually abiding by strict non-disclosure agreements until the firm itself chooses to go public with information.

“Banks now are not sharing such information at all and are afraid of publicity,” said Aleksey Yankovsky, head of ISACA’s Kyiv division, according to local media outlets.

The investigators allegedly claimed that “publicly available information and tools” was likely used to commit the theft – but details remain vague about how the alleged hack took place.

Based on local reports, it appears the hackers exploited money transfers usually sent through the Swift system – however this has not yet been independently verified by IBTimes UK. This publication has contacted both Swift and the ISACA for additional comment.

In a statement, the ISACA said: “In this case, a few individuals were hired through their consulting organisation(s), and some happened to be members of the ISACA Kyiv chapter. It looks like the story associated them with their chapter membership instead of with their organizations. ISACA isn’t engaged in security consulting—we’re a nonprofit global professional association, and the Kyiv Chapter is one of our 213 independent chapters around the world.”

SWIFT declined to comment.

In a major cyber-heist earlier this year, cybercriminals accessed the central bank of Bangladesh and made 35 transfer requests totalling $951m (€841m, £647m) to its account with the New York Federal Reserve. Five of these were eventually passed, worth $101m – however, one transfer of $20m was later stalled due to a spelling error on the request.

However $81m remains missing and adding to the mystery is the unknown identities of the cybercriminals. Some malware analysts have linked the incidents to the North Korean regime, however, as in most cybercrimes, attribution is difficult to prove with certainty.

As the frequency of banking hacks increases – with institutions in Vietnam and Ecuador also reportedly attacked – Swift has maintained its core systems have not been compromised.

“First and foremost we would like to reassure you again that the Swift network, core messaging services and software have not been compromised,” it said in a statement. “The attackers clearly exhibit a deep and sophisticated knowledge of specific operational controls within the targeted banks – knowledge that may have been gained from malicious insiders or cyberattacks, or a combination of both.”

Furthermore, the chief executive of Swift, Gottfried Leibbrandt, recently warned that banks need to tighten security or risk suspension from the global collective – which has come under increasing strain since the hacks began.

Speaking to The Financial Times, he said: “We could say that if the immediate security around Swift is not in order we could cut you off, you shouldn’t be on the network […] the days when you needed to break into a bank and carry guns and blow torches are over. You can now rob a bank from just your own PC and that does change the game completely.”

Source | IBTimes