Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Crime Security

Second Hacker Group Targets SWIFT Users, Symantec Warns (reuters.com) 15

A second hacking group has sought to rob banks using fraudulent SWIFT messages, cyber security firm Symantec said on Tuesday. The group is said to be using the same approach that resulted in $81 million in the high-profile February attack on Bangladesh's central bank. From a Reuters report: Symantec said that a group dubbed Odinaff has infected 10 to 20 Symantec customers with malware that can be used to hide fraudulent transfer requests made over SWIFT, the messaging system that is a lynchpin of the global financial system. Symantec's research provided new insight into ongoing hacking that has previously been disclosed by SWIFT. SWIFT Chief Executive Gottfried Leibbrandt last month told customers about three hacks and warned that cyber attacks on banks are poised to rise. SWIFT and Symantec have not identified specific victims beyond Bangladesh Bank. Symantec said that most Odinaff attacks occurred in the United States, Hong Kong, Australia, the United Kingdom and Ukraine.
This discussion has been archived. No new comments can be posted.

Second Hacker Group Targets SWIFT Users, Symantec Warns

Comments Filter:
  • by JcMorin ( 930466 ) on Tuesday October 11, 2016 @10:24AM (#53055367)
    So if I read properly, even Symantec customers are not protected against hack...
  • That nefarious persons, politicians and the occasional hacker will go after large sums of money that are poorly protected from theft and diversion.

    Raise the moat!

  • by Anonymous Coward

    But I was told Macs did not have viruses!

  • by ErichTheRed ( 39327 ) on Tuesday October 11, 2016 @10:52AM (#53055605)

    This is the same thing that happens with networks like SCADA systems, supposedly "air gapped" networks, etc. Even if there is no physical access to the network, it can totally be defeated by a USB key. I'm sure SWIFT has tons of security in place to protect the actual transaction, but lots of these systems that I've seen over the years have relied on the fact that they're typically isolated...which means very little these days. Because the networks are isolated, it becomes more of a pain to apply patches and updates, and network owners are less likely to bother because of this. And in the case of the SCADA stuff or a vertical-market company that doesn't really have much competition, there's little incentive for the device manufacturer or network owner to do any maintenance or write secure code in the first place.

    It's kind of sad, but any networked system these days has to assume that anyone accessing it, whether inside or outside the company perimeter, is attacking it. Too many companies assume that if a machine is plugged into the "inside" network, it's safe. Changing access policies is a hard sell though, so places keep doing it and keep getting compromised.

    • To be fair not all SCADA systems are as unprotected as you would imply but they are not the fortress for security one would hope. In North America there is the NERC CIP standards [nerc.com] that need to be followed for grid operators which are a good start and should be approachable for most /. readers. The nice thing is that NERC has teeth and fines can be huge (I believe up to $1,000,000 per violation per day of non compliance) The NERC CIP standards go a whole lot farther than the other major standard that is menti
  • by Salgak1 ( 20136 ) <salgak AT speakeasy DOT net> on Tuesday October 11, 2016 @11:09AM (#53055749) Homepage

    . . . . . I interviewed with SWIFT. Nothing discussed was particularly cutting-edge, from the details I gathered (which probably aren't complete), the major feature was a interconnected set of VPNs. I mentioned dual-key cryptography and was met with a lot of blank looks. Which implies either they weren't using it, or they have a rather substantial collection of really good poker players. . .

    • Old style security.
      Back in the good old days, where you just needed to protect your outside connection and leave your intranet wide open.
      Or how about the gooder older days if you system was hooked up to a modem, high security was asking for a password to login.

  • The article neglected to mention that the SWIFT hack only works on an Oracle database running on top of Microsoft Windows and consisted of replacing two bytes [blogspot.co.uk] in a running process [archive.is].

Avoid strange women and temporary variables.

Working...