Swift in – SWIFT out

You may have seen this week’s news about an audacious raid on The Bangladesh Central Bank in which hackers unknown (Mwahahaha), tried to syphon off a cool one beellion dollars, getting away with just a mere $100M, having being caught in action due to nothing more simple than a spelling mistake picked up by the ruthlessly efficient Deutsche Bank – a transit entity for the funds.

The crime appears to have reached the news because of muck slinging and blame raking between the parties involved. The Bangladesh Central Bank is blaming the Federal Reserve (with whom it held funds), The Fed in turn is fingering the SWIFT (The Society for Worldwide Interbank Financial Telecommunication) System, which uses a series of secret codes enabling automated transfers to be made between member banks.

You can read all about it here.

Or here.

Or for the unbiased good old British perspective, here.

We learn a number of things from this monster crime – potentially the largest bank robbery ever:

Firstly, it appears that the hackers thoroughly analysed the business processes of the target and used the processes accurately, as well as clearly recovering the secret SWIFT keys; the business process is the most important part of this work, without careful analysis and exploitation, the keys alone would be worthless. (Inside job anyone?).

Secondly, foundation is not spelt ‘fandation’ DOH! There you are with a brain the size of a planet and your mild dyslexia gets the better of your Magnum Opus.

Thirdly, if you are going to make mistakes, don’t have The Germans on the reviewing panel.

Regular readers of this blog and visitors to our security seminars will have heard us bleat on about identifying your crown jewels and protecting them appropriately. Admittedly, protecting business processes is difficult, but appropriate controls, rigorously enforced, measured and audited are a necessity, especially with a billion dollars at stake.

Furthermore access to secrets, like passwords and SWIFT codes require appropriate levels of control and monitoring. Something we advise our customers on regularly. There are straightforward technologies (like CyberArk), which when deployed can make secret management secure and (relatively) stress free.

If you would like to know any more about identifying and protecting your “crown jewels”, we would love to share our thoughts with you. Please contact us at: 020 7517 3900 or email us at [email protected].

We wish Mandiant/FireEye every success in catching these naughty bouys.