Billion dollar bank hack: SWIFT software hacked, no firewalls, £6 switches

April 26, 2016

The Bangladesh central bank had no firewall and was using a second-hand £6 network switch when it was hacked earlier this year. Investigation by British defence contractor BAE Systems has also shown that the SWIFT software used to make payments was compromised, enabling the hackers to send money around the world without leaving any trace in Bangladesh.

In February, unknown hackers broke into the Bangladesh Bank and almost got away with about £700 million. In the event, their fraudulent transactions were cancelled after they managed to transfer $81 million (£56 million) when a typo raised concerns about one of the transactions. That money is still unrecovered, but BAE has published some of its findings.

The SWIFT organization is owned by 3,000 financial companies and operates a network for sending financial transactions between financial institutions. Institutions using the network must have existing banking relationships; SWIFT transactions do not actually send money but instead send payment orders that must then be settled by having the institutions involved moving money between accounts.

Read full story…