MORE TO COME? | SWIFT warns banks on cyber heists as hack sophistication grows

SWIFT, the global messaging system used to move trillions of dollars each day, warned banks on Wednesday that the threat of digital heists is on the rise as hackers use increasingly sophisticated tools and techniques to launch new attacks.

Brussels-based SWIFT has been urging banks to bolster security of computers used to transfer money since Bangladesh Bank lost $81 million in a February 2016 cyber heist that targeted central bank computers used to move funds. The new warning provided detail on some new techniques being used by the hackers.

“Adversaries have advanced their knowledge,” SWIFT said in a 16-page report co-written with BAE Systems Plc’s cyber security division. “No system can be assumed to be totally infallible, or immune to attack.”

SWIFT has declined to disclose the number of attacks, identify victims or say how much money has been stolen. Still, details on some cases have become public.

Taiwan’s Central News Agency last month reported that Far Eastern International Bank lost $500,000 in a cyber heist. BAE later said that attack was launched by a North Korean hacking group known as Lazarus, which many cyber-security firms believe was behind the Bangladesh case.

Nepal’s NIC Asia Bank lost $580,000 in a cyber heist, two Nepali officials told Reuters earlier this month.

The new report described an attack on an unidentified bank. Hackers spent several months inside the network of one customer, preparing for the eventual attack by stealing user credentials and monitoring the bank’s operations using software that recorded computer keystrokes and screenshots, the report said.

When they launched the attack in the middle of the night, the hackers installed additional malware that let them modify messaging software so they could bypass protocols for confirming the identity of the computer’s operator, according to the report.

The hackers then ordered payments sent to banks in other countries by copying pre-formatted payment requests into the messaging software, according to the report.

After the hackers ended the three-hour operation, they sought to hide their tracks by deleting records of their activity. They also tried to distract the bank’s security team by infecting dozens of other computers with ransomware that locked documents with an encryption key, the report said.

While SWIFT did not say how much money was taken, it said the bank quickly identified the fraudulent payments and arranged for the stolen funds to be frozen.

source: interaksyon.com

In Ecuador cyber heist, thieves moved $9 million to 23 Hong Kong firms

HONG KONG/CHICAGO  - Cyber thieves who stole $12 million from an Ecuadorian bank in 2015 routed the funds through 23 companies registered in Hong Kong, some of them with no clear business activity, according to previously unreported court filings and judicial rulings.

The court papers offer a first glimpse into where some of the money was moved after it reached accounts in Hong Kong.

The filings stem from a lawsuit filed in early 2015 by Ecuador's Banco del Austro (BDA) in Hong Kong against the web of companies that received or handled more than $9 million in stolen funds, bank records submitted to the territory's Court of First Instance show. The BDA lawsuit alleged the companies had been "unjustly enriched" and sought recovery of the money.

The remaining $3 million was routed to entities in Dubai and elsewhere, according to separate court filings in the U.S. Those transfers are not the subject of litigation in Hong Kong.

The cyber thieves allegedly used the SWIFT global messaging system to move the funds. SWIFT, a conduit for bank money transfers worldwide, also was the network used to move $81 million out of Bangladesh Bank in February.

According to the Hong Kong court filings, BDA submitted criminal reports to police in both Hong Kong and Ecuador about the transfers. The content of those reports was not part of the court record reviewed by Reuters. The attacks have caught the attention of global investigative agencies. The U.S. Federal Bureau of Investigation and Bangladesh authorities are leading a search for criminals behind the February heist, which ranks among the largest ever.

In the Ecuadorian heist, the money was transferred by Wells Fargo based on authenticated SWIFT messages, and both BDA and the U.S. bank now believe those funds were stolen by unidentified hackers, according to documents in a BDA lawsuit filed against Wells Fargo in New York this year.

It was not clear whether the Hong Kong Police have launched an official probe. A spokesman for the agency declined to confirm or deny the existence of an investigation.

The Ecuador attorney general’s office did not respond to a request for comment. The FBI and BDA also declined comment.

Initially, cyber thieves moved $9.139 million of the more than $12 million they stole from BDA into the Hong Kong accounts of four companies at HSBC and Hang Seng Bank.

At least $3.1 million of the funds were then routed from those four companies to 19 "second layer" bank accounts, meaning the funds made a second hop to another set of Hong-Kong registered companies, the papers show.

Not tied to real businesses

Hang Seng did not immediately respond to a request for comment. HSBC declined to comment on the details of the case but a spokesman said in an e-mail that the bank actively co-operates with law enforcement and has controls in place to know its customers and deter crime.

SWIFT, an acronym for the Society for Worldwide Interbank Financial Telecommunication, has said its core messaging system has never been breached.

A BDA lawyer said in the filings that the Ecuador bank knew none of the firms or people behind the four companies that initially received the funds. Most of the "second layer" accounts appeared not to be tied to real businesses, the lawyer added.

Hong Kong Deputy High Court Judge Conrad Seagroatt said in a December ruling in the case that the four initial recipients showed no prior history of business activity. "They all appear to be otherwise inactive corporate vehicles controlled by citizens of the People's Republic of China," Seagroatt wrote.

In March last year, BDA secured an order from the court to freeze the accounts of the four companies that intially received the funds, although it later settled with the recipient of the smallest transfer of $95,731.18 and withdrew its claim against that firm, the court record shows.

As of last month, complaints against five of the 23 defendants had been withdrawn or dismissed, and settlements with some defendants have taken place, court papers reviewed by Reuters indicate.

BDA has declined to speak with Reuters about the Hong Kong case or the related litigation in the United States against Wells Fargo.

source: interaksyon.com