May 19, 2016
In February, cybercriminals stole $81 million from the Central Bank of Bangladesh with a malware scheme that manipulated the software the bank uses to process transactions via the Society for Worldwide Interbank Financial Telecommunication (SWIFT) system, which moves billions around the globe every day.
The attack involved siphoning funds from a Bangladesh account at the Federal Reserve Bank of New York. Sen. Tom Carper (D-Del.), ranking member of the Senate Homeland Security and Governmental Affairs Committee, has asked New York Fed President William Dudley what is being done to improve cybersecurity in the wake of one of the largest bank heists in history.
"It is my understanding that there is no evidence of any attempt to penetrate Federal Reserve systems or that any Federal Reserve systems were compromised in connection with these recent incidents," Carper said. "However, these cyberattacks raise important questions about the security of the SWIFT system and the ability of its members to prevent future attacks."
Carper asked about the Federal Reserve's protocols for sharing potential cyberthreat information, whether the Federal Reserve plans to amend its cybersecurity or internal control policies and whether it has provided technical assistance to improve SWIFT security. Carper also wants the Federal Reserve to describe what it has done to coordinate with affected entities since the attack.
He contacted SWIFT Managing Director Patrick Antonacci seeking similar information on SWIFT's protocols and plans, as well as the repercussions facing SWIFT members that do not adhere to security standards and the technical, operational, managerial and procedural controls members encounter when they access the organization's system.A SWIFT alert sent to users on May 13 disclosed that there had been a second instance of malware targeting banks in an effort to obtain the kind of authenticating information necessary to transfer funds out of member accounts.
"The attackers clearly exhibit a deep and sophisticated knowledge of specific operational controls within the targeted banks -- knowledge that may have been gained from malicious insiders or cyberattacks, or a combination of both," the release states.
Carper requested responses and briefings with his staff from both organizations by June 17.
Reply With Quote
Connect With Us