In February, unknown hackers broke into the Bangladesh Central Bank and almost got away with just shy of $1 billion, bank had no firewall and was using a second-hand $10 network when it was hacked.
British defense contractor BAE Systems has also shown that the SWIFT software used to make payments was compromised, enabling the hackers to send money around the world without leaving any trace in Bangladesh.
The SWIFT organization is owned by 3,000 financial companies and operates a network for sending financial transactions between financial institutions.
Institutions using the network must have existing banking relationships; SWIFT transactions do not actually send money but instead send payment orders that must then be settled by having the institutions involved moving money between accounts.
The technical details of the attack have yet to be made public, BAE identified tools uploaded to online malware repositories that we believe are linked to the heist.
The custom malware was submitted by a user in Bangladesh, and contains sophisticated functionality for interacting with local SWIFT Alliance Access software running in the victim infrastructure.
This malware appears to be just part of a wider attack toolkit, and would have been used to cover the attackers’ tracks as they sent forged payment instructions to make the transfers.
This would have hampered the detection and response to the attack, giving more time for the subsequent money laundering to take place.