The chief executive of secure messaging system SWIFT said the theft of $81 million from Bangladesh’s central bank, by criminals sending fraudulent payment instructions via SWIFT, would force the organisation to shrink and review its strategy.
Gottfried Leibbrandt told Reuters he would be forced to scale back some of SWIFT’s operations to help pay for new security initiatives it plans. But he denied the Belgium-based co-operative should have taken these measures sooner.
‘Hindsight is always a wonderful thing,’ he said in an interview at SWIFT’s London offices.
‘You can always say ‘should they have done it before?’, but sometimes it takes these types of events,’ he added.
In February, thieves hacked into Bangladesh Bank’s interface with SWIFT’s network — a fund-transfer pipeline that is the backbone of international finance.
They sent payment instructions to the Federal Reserve Bank of New York, telling it to transfer $951 million from Bangladesh Bank’s account to accounts in the Philippines. Most of the transactions were blocked but four went through, amounting to $81 million that remains missing.
Industry officials say it was long understood that the biggest weakness in the SWIFT system was users’ access points to the core network, since not all banks had strict security practices for safeguarding the keys to their SWIFT terminals.
However, Leibbrandt, a former management consultant with McKinsey who joined SWIFT in 2005 and has been CEO for four years, said that before February he had been unaware of any attempts to hack into a bank’s SWIFT terminal. Consequently, he concentrated SWIFT’s security activities on its own infrastructure.
After the Bangladesh theft, other banks came forward and revealed they had been victims of attacks. SWIFT discovered, by examining inquiries to its customer support department, that other banks had also likely been compromised.
The incidents have changed industry perceptions about how trustworthy SWIFT messages really are.
Last week, SWIFT unveiled measures to tighten up security throughout the broader system, including adding additional authentication factors to the software it sells users and the possible development of a service that would allow it to spot suspicious payment instructions sent across its network.
Source: New Age