The US Senate Homeland Security Committee’s top Democrat sought information on Thursday from global financial network SWIFT and the Federal Reserve Bank of New York on steps being taken to bolster cyber security in the wake of the theft of $81 million from the central bank of Bangladesh, reported Reuters.
Senator Tom Carper of Delaware asked that both authorities answer questions and brief his staff by June 17 on how they were handling issues following the February heist, during which hackers wired money out of an account at the New York Fed held by Bank Bangladesh, as well as how they were safeguarding against other potential cyber threats.
‘These cyber attacks raise important questions about the security of the SWIFT system and the ability of its members to prevent future attacks,’ Carper wrote in his letters.
The inquiry comes as policymakers, regulators and financial institutions around the world increase scrutiny into the heist at Bangladesh Bank and a separate attempt to use fraudulent SWIFT messages to steal from a commercial bank in Vietnam.
The Association of Banks in Singapore told Reuters it had invited SWIFT for a meeting in June to discuss the latest cyber attacks. The Bank of England last month ordered British banks to provide documentation on SWIFT security measures.
SWIFT’s security system has been in the limelight since the Bangladesh Bank theft and on Friday Reuters reported how in January 2015 hackers allegedly used a secure computer terminal at Banco del Austro (BDA) in Ecuador to instruct US San Francisco-based Wells Fargo Bank through the SWIFT system to transfer money to bank accounts in Hong Kong. BDA filed a lawsuit against Wells Fargo in New York this year for the US$12m transferred over 10 days.
The Reuters report highlighted how such thefts may be more commonplace than expected as many banks do not report such incidents for fear of losing consumer faith.
Criminals behind such heists are exploiting banks’ general willingness to approve SWIFT requests at face value, rather than making additional manual or automated checks, said the Reuters report.
In his letters, Carper said there appeared to be no evidence the Federal Reserve systems were penetrated or compromised in the Bangladesh attack. The New York Federal Reserve has denied responsibility for the intrusion, which some security researchers have said was due to a flaw in the SWIFT bank messaging network.
The identity of the Bangladesh hackers remains unknown.
Brussels-based SWIFT is a cooperative owned by some 3,000 global financial institutions.
A representative for SWIFT could not immediately be reached for comment. The New York Fed plans to respond, a representative said.
Carper asked SWIFT how it shares information about cyber security threats against member banks, whether there were consequences for members who did not follow security standards and if it plans to revise its cyber security policies in response to the Bangladesh attacks, among other questions.
He requested similar information from the Federal Reserve, including steps it has taken to coordinate with SWIFT, Bangladesh Bank, the Department of Homeland Security and Department of Treasury since the heist.
Source: New Age