Those of you who read the New York Time or Financial Times may have seen reports, about hackers using the SWIFT global financial network to transfer (yep – steal) money from banks.
SWIFT, the Society for Worldwide Interbank Financial Telecommunication, is an organisation that enables financial institutions around the world to exchange information about financial transactions in a secure environment. For example, if you’ve tried to deposit money internationally you’ll probably recognise the Business Identifier Codes (BICs) you need to detail for the payment. These are also known as SWIFT codes.
Alarms were first raised early in 2016 when thieves compromised the SWIFT network, and sent fake SWIFT messages for the transfer of $81 million from the Bangladesh central bank via its account at the New York Federal Reserve.
A second similar attack enabled fake transfer requests to be sent to Wells Fargo, and 12 million in funds was transferred from Banco del Austro.
A raft more potential (undisclosed) attacks began to come to light. SWIFT was forced to notify its member banks that other such attacks had also been successful.
To execute these multi-million dollar heists—some of the biggest in history, the hackers used a similar modus operandi—they compromised the bank’s weak ‘local security’ around SWIFT to gain access in order to send money transfer orders through using the bank’s SWIFT account.
Although this attack focused on the Bank’s SWIFT software services rather than money in that bank or the bank’s end user, the attack is noteworthy because it focused on the weakness of the bank’s ‘local security’.
The attack used customised malware to circumvent local bank security and compromise the SWIFT messaging system. It then sent fraudulent messages via SWIFT to initiate money transfers from accounts at much larger banks. The hackers had actually intended to steal $951 million from the Bangladesh central bank account in the New York Federal Reserve, but a typo in their malware caused it fail at just $81 million.
For BankVault customers, the story provides an argument for why our solution makes sense for your own security and financial risk management. While we can’t help the banks get their security sorted—although we’d hope they’re insured for these kinds of losses—we can ensure your ‘local security’ for important financial transactions isn’t a risk you need to worry about.
The great beauty of BankVault is that it completely circumvents your own computer and its local security—good or bad—making your computer redundant during any online transaction process.
If malware is present on your system, if your computer is hacked, if your system has been attacked, your transaction is not put at risk.
With BankVault you’ll be using a clean, safe and temporary ‘virtual computer’ hidden in the cloud.
Local security is a headache for everyone—banks included. They also need to patch software, update their antivirus, maintain firewall configurations, monitor networks, respond to anomalies and protect their customers.
BankVault gives you peace of mind when you need to be sure your online responsibilities are secure—whether that’s your own banking, your customers’ or any other important online financial transactions.