Banco del Austro’s funds were being held in accounts at Wells Fargo.
Advertisement
The next 10 days saw Wells Fargo approve a total of at least 12 transfers, which amounted to a total of $12 million of BDA’s money, over the SWIFT system.
The SWIFT network – which allows banks to process billions of dollars in transfers each day – is considered the backbone of global banking.
It appears that the attacker managed to steal $12.2 million out of BAE’s accounts at the US-based Wells Fargo bank.
More details about the malware-enabled hack of Bangladesh Bank continue to come to light, including the fact that it was carried out on a Friday, which is a Muslim day of prayer. The BoE has declined to comment on the matter.
Wells Fargo argues that the suit should be thrown out because if Banco del Austro’s claims were implemented, it would place unreasonable expectations on banks to vet all transfers.
Wells Fargo has countered that security lapses in BDA’s own operations caused the Ecuadorean bank’s losses.
Meanwhile, Sweden’s Riksbank on Wednesday called on all users of the central bank’s RIX payments system for large transaction to follow the SWIFT recommendations, a central bank spokesman told Reuters.
We need to be informed by customers of such frauds if they relate our products and services, so that we can inform and support the wider community.
“We have been in touch with the bank concerned to get more information, and are reminding customers of their obligations to share such information with us”. They suggest that in the United States, BITS – the technology and policy division of the Financial Services Roundtable – could be tapped to organize related discussions.
Brussels-based SWIFT said it was aware of malware targeting its client software and had released a patch. Last week SWIFT warned it had detected another attack against an unnamed commercial bank.
Earlier this week, Singapore’s central bank asked banks to maintain a high level of security for their critical IT systems following recent cyber attacks using the SWIFT financial messaging system.
The Bank of England reportedly told United Kingdom banks to conduct an audit of any system connected to Swift – which is used by 11,000 institutions across the globe to communicate securely and transfer funds.
A little-noticed lawsuit details a hacking attack similar to one that stole $81 million from Bangladesh’s central bank, saying cybercriminals stole about $9 million a year ago from a bank in Ecuador.
It is unclear what SWIFT tells member banks about cyberthefts, which are typically first discovered by the bank that has been defrauded. The request comes as Reuters reports that three banks involved in a $12 million attack past year failed to inform the messaging network. The Bank of England last month ordered British banks to provide documentation on SWIFT security measures.
The request was sent to all banks regulated by the BoE in April.
If three makes a trend, then it’s official: The global banking system is under attack. But once cyber-thieves obtain legitimate codes and credentials, they said, SWIFT has no way of knowing they are not the true account holders.
Cyber-criminals also unsuccessfully tried to send money using the SWIFT network from a Vietnamese bank to a Slovenian one in December.
SWIFT, a cooperative owned and governed by representatives of the banks it serves, was founded in 1973 and operates a secure messaging network that has been considered reliable. The banking industry is now looking at increasing the security of shared systems that settle payments, like SWIFT.
Advertisement
They had been able to bypass primary risk controls in order to initiate this process. The private communications, Reuters said, told banks to respond “by early May”.
