WASHINGTON (BLOOMBERG) - Investigators are examining possible computer breaches at as many as 12 banks linked to Swift's global payments network that have irregularities similar to those in the theft of US$81 million (S$111.7 million) from the Bangladesh central bank, according to a person familiar with the probe.
FireEye, the security firm hired by the Bangladesh bank, has been contacted by the banks, most of which are in Southeast Asia, because of signs that hackers may have breached their networks, the person said. They include banks in the Philippines and New Zealand but not in Western Europe or the United States. There is no indication of whether money was taken.
The expansion of the investigation four months after the discovery of the Bangladesh attack, the biggest known cyber- heist in history, suggests a broad and serious campaign to breach the international financial system.
FireEye declined to comment on the report. A Swift spokesman, Natasha de Teran, said, "As we have stated before, we are actively looking into other possible instances of such fraud, but we will not comment on individual entities."
The Brussels-based cooperative, whose full name is the Society for Worldwide Interbank Financial Telecommunication, has warned that there may have been more breaches than the three already publicly identified, including those in Vietnam and Ecuador.
Swift was already coming under increasing pressure from its bank customers to ratchet up its security measures in order to prevent future cyber robberies. Swift has relied on the trust within its network - if you receive a Swift message, you can be sure it is legitimate and move the money as instructed immediately - to cement its effective dominance of the international payments system over the past four decades. If that trust erodes, it calls into doubt the foundation upon which the cooperative is built.
Hackers may have targeted even more banks, Swift's CEO, Gottfried Leibbrandt, said this week in a speech outlining plans to improve network and client defenses. He didn't provide any details about which banks may have been targeted or whether their defenses had been breached.
In the Bangladesh case, the Federal Reserve Bank of New York was tricked by fake Swift messages into wiring money it held for the impoverished country to hacker-controlled accounts in the Philippines. The Fed's systems halted an additional US$850 million the attackers tried to have transferred. Hackers also stole US$12 million from an Ecuadorean bank in January 2015, and tried to move about US$1.2 million in an attack late last year on a Vietnamese lender that was foiled.