According to cybersecurity experts there are currently at least seven different hacking collectives targeting SWIFT and most attacks go unreported. Here are the five biggest ones that did make it into the media
Hack one: $1.8 billion
When: Early 2018
Where: Punjab National Bank, India
Read more: here
This Indian SWIFT hack isn’t the most famous one, but with $ 1.8 billion (yes, billion with a b) it is by far the biggest heist on this list. The reason you don’t read about this ongoing case in the media that much is because this wasn’t a cyber crime. It was two junior bank employees issuing illegal letters and sending the SWIFT messages that weren’t recorded on the internal system. That means that the backbone of the international payments framework can be tricked on an insane scale by junior employees at relatively minor banks. Sleep tight.
Hack two: around 100 million dollar
When: throughout 2015 and 2016
Where: Central Bank of Bangladesh’s Federal Reserve / Tien Phong Bank, Vietnam / Banco del Austro, Ecuador
Read more: here
The most famous SWIFT hack would have been 1 billion dollar if it wasn’t for a small typo by the hacker. These three attacks are lumped together since the attackers (likely North Koreans) used the same technique and are probably the same group. ‘The hackers were using a software exploit and a malware that had been specifically designed to change code in SWIFT’s Access Alliance software. That allowed them to tamper with a database recording the bank’s activity over the network, allowing attackers to delete outgoing transfer requests and intercept incoming requests, as well as change recorded account balances — effectively hiding the heist from officials.’ (via).
Hack three: around $60 million
When: October 2017
Where: Far Eastern International, Taiwan
Read more: here
Hackers gained access to the bank’s SWIFT terminal by planting malware on its servers. This allowed them to obtain the credentials and start slushing money out of the bank, By the time employers found out, 60 million had already been transferred. A week later a suspect was arrested in Sri Lanka when he tried to take some of the stolen the money out of an account. Most of the funds have since been recovered.
Hack four: $6 million
When: 2017
Where: (bank unknown), Russia
Read more: here
Details on this hack are vague since the disclosure was buried at the bottom of a Central Bank report. According to a spokesperson hacker took control of a computer at a Russian bank and used the SWIFT system to transfer money to their own accounts. The spokesperson added that ‘this is a common scheme’ which is, obviously, super comforting.
Hack five: $4,4 millon
When: October 2017
Where: NIC Asia Bank, Nepal
Read more: here
In 2017 hackers took advantage of the 5 day long national Deepawali holiday in Nepal to attack one of the nation’s largest commercial banks and take off with more than 4 million dollar. Instead of hacking the banks SWIFT infrastructure directly they went for NOC’s nostro account. CIB promised an investigation into the hack to determine who was at fault, but the results have not been made public.
Honorable mentions
- Globex, Russia saw its SWIFT messaging system hacked for 940 thousand dollar late 2017 (read more)
- City Union Bank in India was victim of a 1.8 million dollar SWIFT hack earlier this year. (read more)
Join our Telegram chat: https://t.me/kvantorcom
Follow us on Twitter: https://twitter.com/KVANTOR_COM
Like us on Facebook: https://www.facebook.com/kvantorcom
Read our thread at BitcoinTalk: https://bitcointalk.org/index.php?topic=3385572.40
