Nepal bank latest victim in heists targeting SWIFT system

Nepal bank latest victim in heists targeting SWIFT system

By Gopal Sharma

KATHMANDU (Reuters) – A bank in Nepal is the latest victim in a string of cyber heists targeting the global SWIFT bank messaging system, though most of the stolen funds have been recovered, two officials involved in the investigation confirmed on Tuesday.

Hackers last month made about $4.4 million in fraudulent transfers from Kathmandu-based NIC Asia Bank to countries including Britain, China, Japan, Singapore and the United States when the bank was closed for annual festival holidays, according to Nepal media reports.

All but $580,000 of the funds were recovered after Nepal asked other nations to block release of the stolen money, Chinta Mani Shivakoti, deputy governor of the Central Nepal Rastra Bank (NRB), told Reuters.

Brussels-based SWIFT said last month that security controls instituted after last year’s $81 million theft from Bangladesh’s central bank helped thwart some recent hacking attempts, but it warned that cyber criminals continue to target SWIFT customers.

SWIFT or the Society for Worldwide Interbank Financial Telecommunication is a co-operative owned by its user banks. It declined to comment on the NIC Asia Bank hack, saying it does not discuss specific users.

Representatives with NIC Asia Bank, one of dozens of private banks in Nepal, were not available for comment.

The chief of Nepal’s Central Investigation Bureau, Pushkar Karki, confirmed to Reuters that his agency was investigating the theft.

KPMG is also involved in the investigation, according to Nepali media reports. KPMG representatives could not immediately be reached for comment.

The central bank intends to release guidelines on how to thwart such incidents after investigations are completed, according to Shivakoti.

“The incident showed there are some weaknesses with the IT department of the bank,” Shivakoti said.

SWIFT said in a statement on Tuesday that it offers assistance to banks when it learns of potential fraud cases, then shares relevant information with other clients on an anonymous basis.

“This preserves confidentiality, whilst assisting other SWIFT users to take appropriate measures to protect themselves,” it said.

“We have no indication that our network and core messaging services have been compromised,” SWIFT added.

(Reporting by Gopal Sharma, additional reporting by Jeremy Wagstaff in Singapore and Jim Finkle in Toronto; Editing by Richard Balmforth and Matthew Lewis)

SWIFT says hackers still targeting bank messaging system

FILE PHOTO : The Swift bank logo is pictured in this photo illustration taken April 26, 2016. REUTERS/Carlo Allegri/File Photo

By Jim Finkle

TORONTO (Reuters) – Hackers continue to target the SWIFT bank messaging system, though security controls instituted after last year’s $81 million heist at Bangladesh’s central bank have helped thwart many of those attempts, a senior SWIFT official told Reuters.

“Attempts continue,” said Stephen Gilderdale, head of SWIFT’s Customer Security Programme, in a phone interview. “That is what we expected. We didn’t expect the adversaries to suddenly disappear.”

The disclosure underscores that banks remain at risk of cyber attacks targeting computers used to access SWIFT almost two years after the February 2016 theft from a Bangladesh Bank account at the Federal Reserve Bank of New York.

Gilderdale declined to say how many hacks had been attempted this year, what percentage were successful, how much money had been stolen or whether they were growing or slowing down.

On Monday, two people were arrested in Sri Lanka for suspected money laundering from a Taiwanese bank whose computer system was hacked to enable illicit transactions abroad. Police acted after the state-owned Bank of Ceylon reported a suspicious transfer.

SWIFT, a Belgium-based co-operative owned by its user banks, has declined comment on the case, saying it does not discuss individual entities.

Gilderdale said that some security measures instituted in the wake of the Bangladesh Bank heist had thwarted attempts.

As an example, he said that SWIFT had stopped some heists thanks to an update to its software that automatically sends alerts when hackers tamper with data on bank computers used to access the messaging network.

SWIFT shares technical information about cyber attacks and other details on how hackers target banks on a private portal open to its members.

Gilderdale was speaking ahead of the organization’s annual Sibos global user conference, which starts on Monday in Toronto.

At the conference, SWIFT will release details of a plan to start offering security data in “machine digestible” formats that banks can use to automate efforts to discover and remediate cyber attacks, he said.

SWIFT will also unveil plans to start sharing that data with outside security vendors so they can incorporate the information into their products, he said.

(Reporting by Jim Finkle, Editing by Rosalba O’Brien)

Man arrested in plot to bomb Oklahoma bank

Jerry Drake Varnell, is pictured in this undated handout photo obtained by Reuters August 14, 2017. Oklahoma Department of Corrections/Handout via REUTERS

(Reuters) – An Oklahoma man was arrested after what he thought was an attempt over the weekend to bomb an Oklahoma City bank building as part of an anti-government plot, U.S. prosecutors said on Monday.

The Federal Bureau of Investigation arrested Jerry Drake Varnell, 23, on Saturday after an undercover agent posed as a co-conspirator and agreed to help him build what he believed was a 1,000-pound (454 kg) explosive.

Varnell had initially planned to bomb the U.S. Federal Reserve in Washington in a manner similar to the 1995 explosion at a federal building in Oklahoma City that killed 168 people, according to a complaint.

FBI agents arrested Varnell after he went as far as making a call early on Saturday morning to a mobile phone he believed would detonate a device in a van parked next to a BancFirst Corp building in downtown Oklahoma City, the complaint said.

“This arrest is the culmination of a long-term domestic terrorism investigation involving an undercover operation, during which Varnell had been monitored closely for months as the alleged bomb plot developed,” federal prosecutors said in a statement. “The device was actually inert, and the public was not in danger.”

Varnell, of Sayre, Oklahoma, was charged with malicious attempted destruction of a building in interstate commerce. He is expected to make his first court appearance in federal court in Oklahoma City on Monday afternoon.

 

(Reporting by Joseph Ax in New York and Bernie Woodall in Fort Lauderdale, Florida; Editing by Chizu Nomiyama and Lisa Von Ahn)

 

British banks keep cyber attacks under wraps to protect image

worker going to Canary Wharf Businesses

By Lawrence White

LONDON (Reuters) – Britain’s banks are not reporting the full extent of cyber attacks to regulators for fear of punishment or bad publicity, bank executives and providers of security systems say.

Reported attacks on financial institutions in Britain have risen from just 5 in 2014 to 75 so far this year, data from Britain’s Financial Conduct Authority (FCA) show.

However, bankers and experts in cyber-security say many more attacks are taking place. In fact, banks are under almost constant attack, Shlomo Touboul, Chief Executive of Israeli-based cyber security firm Illusive Networks said.

Touboul cites the example of one large global financial institution he works with which experiences more than two billion such “events” a month, ranging from an employee receiving a malicious email to user or system-generated alerts of attacks or glitches.

Machine defenses filter those down to 200,000, before a human team cuts that to 200 “real” events a month, he added.

Banks are not obliged to reveal every such instance as cyber attacks fall under the FCA’s provision for companies to report any event that could have a material impact, unlike in the U.S. where forced disclosure makes reporting more consistent.

“There is a gray area…Banks are in general fulfilling their legal obligations but there is also a moral requirement to warn customers of potential losses and to share information with the industry,” Ryan Rubin, UK Managing Director, Security & Privacy at consultant Protiviti, said.

SWIFT ACTION

Banks are not alone in their reluctance to disclose every cyber attack. Of the five million fraud and 2.5 million cyber-related crimes occurring annually in the UK, only 250,000 are being reported, government data show.

But while saving them from bad publicity or worried customers, failure to report more serious incidents, even when they are unsuccessful, deprives regulators of information that could help prevent further attacks, the sources said.

A report published in May by Marsh and industry lobby group TheCityUK concluded that Britain’s financial sector should create a cyber forum comprising bank board members and risk officers to promote better information sharing.

Security experts said that while reporting all low level attacks such as email “phishing” attempts would overload authorities with unnecessary information, some banks are not sharing data on more harmful intrusions because of concerns about regulatory action or damage to their brand.

The most serious recent known attack was on the global SWIFT messaging network in February, but staff from five firms that provide cyber security products and advice to banks in Britain told Reuters they have seen first-hand examples of banks choosing not to report breaches, despite the FCA making public pleas for them to do so, the most recent in September.

“When I moved from law enforcement to banking and saw what banks knew, the amount of information at their disposal, I thought ‘wow’, I never had that before,” Troels Oerting, Group Chief Information Security Officer at Barclays and former head of Europol’s Cyber Crime Unit, said.

Oerting, who joined Barclays in February last year, said since then banks’ sharing of information with authorities has improved dramatically and Barclays shares all its relevant information on attacks with regulators.

Staff from five firms that provide cyber security products and advice to banks in Britain told Reuters they have seen first-hand examples of banks choosing not to report breaches.

“Banks are dramatically under-reporting attacks, they do what’s legally required but out of embarrassment or fear of punishment they aren’t giving the whole picture,” one of the sources, who declined to be named because he did not want to be identified criticizing his firm’s customers, said.

Apart from Barclays, the other major British banks all declined to comment on their disclosures.

The Bank of England declined to comment and the FCA did not respond to requests for comment.

KEEPING SECRETS

Companies that use external security systems also do not always inform them of attacks, the sources said.

“Our customers sometimes detect attacks but don’t tell us,” Touboul, whose firm helps protect banks’ SWIFT payment networks by luring attackers to decoy systems, said.

Hackers used the bank messaging system that helps transmit billions of dollars around the world every day to steal $81 million in one of the largest reported cyber-heists.

Targeted attacks, in which organized criminals penetrate bank systems and then lurk for months to identify and profile key executives and accounts, are becoming more common, David Ferbrache, technical director Cybersecurity at KPMG and former head of cyber and space at the UK Ministry of Defended, said.

“The lesson of the SWIFT attack is that the global banking system is heavily interconnected and dependent on the trust and security of component members, so more diligence in controls and more information sharing is vital,” Ferbrache said.

“Big banks are spending enormous amounts of money, $400-500 million a year, but there are still vulnerabilities in their supply chains and in executives’ home networks, and organized crime groups are shifting their focus accordingly,” Yuri Frayman, CEO of Los Angeles-based cyber security provider Zenedge, said.

BRAND DAMAGE

Banks are increasingly sensitive to the brand damage caused by IT failings, perceiving customers to care just as deeply about security and stable service as loan or deposit rates.

Former RBS Chief Executive Stephen Hester waived his bonus in 2012 over a failed software update which caused chaos for thousands of bank customers.

And HSBC issued multiple apologies to customers after its UK personal banking websites were shuttered by a distributed denial of service (DDoS) attack, following earlier unrelated IT glitches.

“People don’t care about a 0.1 percent interest rate change but ‘will this bank do the utmost to keep my money and information safe?'” Oerting said.

(Editing by Sinead Cruise and Alexander Smith)

Likely hack of U.S. banking regulator by China covered up: probe

Mouse with Chinese flag projection

By Jason Lange and Dustin Volz

WASHINGTON (Reuters) – The Chinese government likely hacked computers at the Federal Deposit Insurance Corporation in 2010, 2011 and 2013 and employees at the U.S. banking regulator covered up the intrusions, according to a congressional report on Wednesday.

The report cited an internal FDIC investigation as identifying Beijing as the likely perpetrator of the attacks, which the probe said were covered up to protect the job of FDIC Chairman Martin Gruenberg, who was nominated for his post in 2011.

“The committee’s interim report sheds light on the FDIC’s lax cyber security efforts,” said Lamar Smith, a Republican representative from Texas who chairs the House of Representatives Committee on Science, Space and Technology.

“The FDIC’s intent to evade congressional oversight is a serious offense.”

The report was released amid growing concern about the vulnerability of the international banking system to hackers and the latest example of how deeply Washington believes Beijing has penetrated U.S. government computers.

The report did not provide specific evidence that China was behind the hack.

Shane Shook, a cyber security expert who has helped investigate some of the breaches uncovered to date, said he did not see convincing evidence in the report that the Chinese government was behind the FDIC hack.

“As with all government agencies, there are management issues stemming from leadership ignorance of technology oversight,” Shook said.

Speaking in Beijing, Chinese Foreign Ministry spokesman Lu Kang repeated that China opposed hacking and acted against it.

People should provide evidence for their accusations and not wave around speculative words like “maybe” and “perhaps”, he told reporters.

“This is extremely irresponsible.”

The FDIC, a major U.S. banking regulator which keeps confidential data on America’s biggest banks, declined to comment. Gruenberg is scheduled to testify on Thursday before the committee on the regulator’s cyber security practices.

Washington has accused China of hacking computers at a range of federal agencies in recent years, including the theft of more than 21 million background check records from the federal Office of Personnel Management beginning in 2014.

WATCHDOG MEMO

The compromise of the FDIC computers by a foreign government had been previously reported in May and some lawmakers had mentioned China as a possible suspect, but the report on Wednesday for the first time cited a 2013 memo by the FDIC’s inspector general, an internal watchdog, as pointing toward China.

“Even the former Chairwoman’s computer had been hacked by a foreign government, likely the Chinese,” the congressional report said, referring to Gruenberg’s predecessor, Sheila Bair, who headed the FDIC from 2006 until 2011 when Gruenberg took over as acting chairman.

Bair could not be immediately reached for comment.

A redacted copy of the 2013 FDIC inspector general’s memo seen by Reuters said investigators were unable to determine exactly which files had been extracted from agency computers.

But a source familiar with the FDIC’s internal investigation said the areas of the regulator’s network that were hacked suggested the intruders were seeking “economic intelligence.”

In all, hackers compromised 12 FDIC workstations, including those of other executives such as the regulator’s former chief of staff and former general counsel, and 10 servers, the congressional report said.

It accused the FDIC of trying to cover up the hacks so as not to endanger the congressional approval of Gruenberg, who was nominated by President Barack Obama and confirmed by the U.S. Senate in November 2012.

A witness interviewed by congressional staff said the FDIC’s current head of its technology division, Russ Pittman, instructed employees not to disclose information about the foreign government’s hack, the report said.

The witness said the hush order was to “avoid effecting the outcome of Chairman Gruenberg’s confirmation,” according to the report. Pittman could not immediately be contacted for comment.

The report also provided details of data breaches in which FDIC employees leaving the regulator took sensitive documents with them. It said current FDIC officials have purposely concealed information about breaches that had been requested by Congress.

U.S. intelligence officials believe Beijing has decreased its hacking activity since signing a pledge with Washington last September to refrain from breaking into computer systems for the purposes of commercial espionage.

At the same time, Obama has acknowledged difficulties in keeping government information secure. In addition, Republican opponents have said that Democratic presidential candidate Hillary Clinton’s use of a private email server when she was secretary of state could have exposed classified information to foreign governments.

(Reporting by Jason Lange and Dustin Volz; Additional reporting by Jim Finkle in Boston, and Ben Blanchard in BEIJING; Editing by Grant McCool)

Citibank to close Venezuela government accounts: Maduro

Venezuelan President

CARACAS (Reuters) – Venezuela’s President Nicolas Maduro said on Monday that Citibank NA <C.UL>, planned to shut his government’s foreign currency accounts within a month, denouncing the move by one of its main foreign financial intermediaries as part of a “blockade.”

“With no warning, Citibank says that in 30 days it will close the Central Bank and the Bank of Venezuela’s accounts,” Maduro said in a speech, adding that the government used the U.S. bank for transactions in the United States and globally.

“Do you think they’re going to stop us with a financial blockade? No, gentlemen. Noone stops Venezuela.”

Citibank, a unit of Citigroup Inc <C.N>, could not immediately be reached for comment about the purported measure against Venezuela’s monetary authority and the Bank of Venezuela which is the biggest state retail bank.

With the OPEC nation’s economy immersed in crisis, various foreign companies have been pulling out or reducing operations.

Critics say the socialist economics of Maduro and his predecessor Hugo Chavez have been a disaster for Venezuela, while the government blames its political foes and local businessmen for waging an “economic war” against it.

Due to strict currency controls in place since 2003, the government relies on Citibank for foreign currency transactions.

(Reporting by Diego Ore; Writing by Andrew Cawthorne; Editing by Andrew Hay)

Bangladeshi probe panel’s chief says SWIFT responsible for cyber theft

Bangladesh central bank

DHAKA (Reuters) – A Bangladesh government-appointed panel investigating the theft of $81 million from the country’s central bank has found that SWIFT, the international banking payments network, committed a number of mistakes in connecting up a local network, the panel head said on Sunday.

“We have shown that SWIFT made a number of errors that made it easy for the hackers,” Mohammed Farashuddin, a former governor of the Bangladeshi central bank, told reporters.

He said SWIFT, a cooperative owned by 3,000 financial institutions, could not escape responsibility as it had connected its network to the central bank’s new real time gross settlement (RTGS) system launched in October for domestic transactions.

“SWIFT is responsible for the heist of Bangladesh Bank as it approached the central bank for the installation of RTGS real time gross settlement,” Farashuddin said.

SWIFT has already rejected allegations made by Dhaka that it had been at fault, saying its financial messaging system remained secure and had not been breached by the hackers during the attack on Bangladesh Bank.

The hackers broke into the computer systems of the central bank in early February and issued instructions through the SWIFT network to transfer $951 million of its deposits held at the New York Federal Reserve Bank to accounts in the Philippines and Sri Lanka.

Most of the transactions were blocked but four went through amounting to $81 million, prompting allegations by Bangladeshi officials that both the Fed and SWIFT had failed to detect the fraud.

Bangladeshi police and a bank official said earlier this month that the central bank became more vulnerable to hackers when technicians from SWIFT connected the new bank transaction system to SWIFT messaging three months before the cyber theft.

The local Daily Star newspaper quoted Farashuddin as saying that SWIFT failed to implement 13 security measures in the installation of the system.

Farashuddin is due to submit his final report to the government in the next few days.

A spokeswoman for SWIFT said she had no immediate comment to make.

In a letter to users dated May 3, SWIFT told its bank customers that they were responsible for securing computers used to send messages over its network.

(Reporting by Serajul Qaudir; Writing by Sanjeev Miglani; Editing by Greg Mahlich)

Russian Cyber-Gangster Targeting US Banks

Computer security firm McAfee has sent an alert to banks throughout the US that a Russian “cyber-gangster” using the alias “Thief-In-Law” is preparing a massive assault on the banking system.

The cyber-criminal has reportedly infected hundreds of computers in the US with the intent of stealing their bank account information. The information would then be used to pull money from their account and that of other people on the same banking system. Continue reading

Spain Prepares Bank Bailout

The second biggest lender in Spain is reporting that it could take up to 60 billion euros ($78 billion US) to bail out the country’s banks.

The results of independent stress tests of the Spanish banking system aren’t due to be released until September 28th but BBVA apparently obtained access to the information in advance. Continue reading