Bangladesh bank hackers who stole £56m 'compromised international payments system'
BAE Systems said the malware used to exploit the SWIFT system could 'feasibly be used for similar attacks in future'
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.Hackers who stole £56m from the Bangladesh central bank may have found a way to exploit the SWIFT global bank payment system, BAE Systems computer security experts have said.
After uncovering tools it believes were linked to February's heist, one of the biggest in history, BAE Systems claims to have discovered that "sophisticated" malware was used to compromise the SWIFT system.
SWIFT is used by 11,000 banks around the world, and provides a platform for them to share information about transactions. By exploiting this system, BAE Systems said the hackers managed to cover their tracks and get away with the stolen money.
Using the malware, the hackers could delete money transfer details from the database, intercept incoming confirmation messages and manipulate account balances, essentially making the multi-million-pound transactions invisible to the bank and giving them more time to launder their takings.
Worryingly, the hackers' toolkit is "highly configurable", according to the company, and could "feasibly be used for similar attacks in future."
SWIFT appears to be aware of the issue. Speaking to Reuters, spokeswoman Natasha Deteran said a software update designed to thwart the malware would be going out today.
She said the update would help banks "spot inconsistencies" in their databases, and added "the malware has no impact on SWIFT's network or core messaging services."
Financial institutions will also get additional warnings to carefully scrutinise their security measures.
Adrian Nish, Bae Systems' head of threat intelligence, told Reuters he had never seen such an elaborate scheme.
"I can't think of a case where we have seen a criminal go to the level of effort to customise it for the environment they were operating in," he said. "I guess it was the realisation that the potential payoff made that effort worthwhile."
Nish's team found the malware on an online database, and are confident it was the software used in the attack because it was created close to the date of the heist, contained information about the bank's operations and was uploaded from Bangladesh.
The Independent has contacted Bangladesh Bank for more information.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments