Skip to main content

SWIFT Attack and other nightmares

A very experienced and insightful  friend and advisor, who shall remain nameless for the time being, asked us at Haventec to consider having a look at the attacks on the SWIFT interbank transaction system, and seeing if there is a way to help plug that incredibly dangerous and large hole.

It's nice to think that he feels we could have a go at solving a problem of this magnitude.

To be specific, that hole was $81 million dollars large ($81mill still not accounted for of nearly $1 bill initially attacked!) when a Bangladeshi Bank was attacked late last year, and just recently a Vietnamese bank was attacked in a related incident losing over a million dollars in fraudulent transactions.

In a nutshell, the attack was initiated by a hacker group modifying a PDF reader so that it modified transaction records when a bank worker reviewed them from an internal computer so that fraudulent transactions could be hidden and then they placed tools on the infected network to modify transactions. Here are some background links if you are interested:

So with thousands of eyes and hundreds of thousands of man years in experience being thrown at the problem, what could little Haventec do to help?

What about these ideas?
  • What about a block chain transaction system where account details remain anonymous and specific amounts also do but the range of the amount involved and the bank identities involved are part of the public ledger?
    • For example certain tokens could be reserved for transactions above $1 million USD, others for more than $100k etc. This way everyone could help track transactions that are out of the norm and more easily capture discrepancies between internal and public transaction registers.
  • From what I can tell, the attack was successful mainly because of the insider knowledge that the Bangladeshi bank used a specific brand of PDF reader for their transaction procedures. The attackers cloned and modified that PDF reader to get their attack going.

    Well how do you fix that?

    It occurred to me that corporations need their own version of a Corporate App Store. By definition a safe place to obtain your apps and upgrades.

    So if users on a bank network know they have to get their apps from an app store on the company network they can avoid this problem.

    Even attempting to download an app from a legitimate software provider can be attacked especially if the provider is not using https. If an app is not in the store then the App Store has the user enter a link to the download location of the required app and the Store completes the necessary security checks to ensure that the code has not been manipulated and provides it safely for company staff. The app store could include provider blacklists and hack detection of applications and install images... mmm sounds interesting.
I hope these ideas are a step in the right direction to solve this incredibly important problem.

Now here is a sobering thought in closing.

When the researchers found the PDF Reader software in question at the Bangladesh Bank, specific transactions from specific banks and locations were being monitored by the hackers for exploitation.

And guess what? Australia and Australian Bank transactions were being targeted too!
So obviously we in Australia are on the hackers radar.