Pages

3 May 2016

What The Bangladesh SWIFT Hack Teaches About The Future Of Cybersecurity And Cyberwar

Apr 30, 2016 

Hacked By Def Con Press Preview during the 2016 Tribeca Film Festival in New York City. (Rob Kim/Getty Images for Tribeca Film Festival)

Cybersecurity headlines this week have been filled with emerging details of the February 2016 cyber theft of 81 million dollars from the Bangladesh central bank’s holdings in the New York Federal Reserve Bank. In a nutshell, highly skilled attackers crafted an intricately customized assortment of malware that ran on the bank’s own computers and issued what appeared to be legitimate SWIFT monetary transfer orders. The software went to great lengths to hide the transactions from bank personnel, from deleting database entries to altering hardcopy paper printouts. What can we learn from this attack about the future of cybersecurity and cyberwarfare?

BAE Systems has a lengthy technical readout on the likely tools, techniques and workflow the attackers used to penetrate Bangladesh Bank’s networks and infiltrate its SWIFT-connected computers. As bad as the attack was, it could have been far worse. The attackers initially attempted to loot the bank of a grand total of 951 million dollars, but most transfers were blocked, leaving the robbers with just 81 million which was routed through bank accounts and casinos in the Philippines and remain missing.

It further turns out that this was not an isolated attack. Reuters reports that SWIFT quietly notified its customers earlier this week that “SWIFT is aware of a number of recent cyber incidents in which malicious insiders or external attackers have managed to submit SWIFT messages from financial institutions’ back-offices, PCs or workstations connected to their local interface to the SWIFT network.”

Banks are not the only ones facing cyberrobberies. An Austrian aerospace company similarly lost 54 million dollars this past January when hackers got ahold of login credentials for its corporate treasury management system. At the same time, ransomware attacks are increasingly holding medical facilities, police departments and entire municipal governments hostage for ever-growing sums of money.

In 2007 Estonia endured the world’s first nation-scale cyberattack against critical infrastructure, while this past December parts of Ukraine lost power in a coordinated cyberattack against civil society. As the flurry of recent ransomware attacks against hospitals and governments show, no target is considered off limits today and hackers will continue to expand their universe of targets to follow the money trails. The Bangladesh cyber heist, the SWIFT notification that this is not the first time this has happened and the Austrian company’s loss of $54M in a similar attack shows both that cybercriminals are likely to increase their direct attacks on the financial system and that the system is far more vulnerable than previously believed.

Recommended by Forbes

This past November I wrote about the future of cyber warfare and the coming era of “cyber first strike.” Imagine an attack in which a nation state destabilizes another by launching a coordinated deniable attack through intermediaries that loot the nation’s banks and private industry, transferring funds out of the country en masse. Even if the global financial system agreed to cancel all of the transactions or detected the attack in progress and halted all cross national transfers, the resulting economic chaos would be enough to effect substantial political and economic instability. Moreover, by targeting private industry, looting corporate treasury systems like happened to the Austrian company, commercial activity could be substantially damaged.

Putting it all together, perhaps the most important lesson learned from the Bangladesh central bank cyber heist this past February is that we live in a world now in which looting a central bank of tens of millions of dollars is no longer the plot line of a summer blockbuster and instead can be done by a few hackers who disappear (at least for the time being) without a trace. This is the future of our cyber society.

No comments:

Post a Comment