TORONTO (Reuters) - Hackers continue to target the SWIFT bank messaging system, though security controls instituted after last year’s $81 million heist at Bangladesh’s central bank have helped thwart many of those attempts, a senior SWIFT official told Reuters.
“Attempts continue,” said Stephen Gilderdale, head of SWIFT’s Customer Security Programme, in a phone interview. “That is what we expected. We didn’t expect the adversaries to suddenly disappear.”
SWIFT spokeswoman Natasha de Teran told Reuters that the attackers had attempted to hack into computers that banks use to access the organization’s proprietary network, then create fraudulent messages to send over the SWIFT system.
“We have no indication that our network and core messaging services have been compromised,” she said.
The disclosure underscores that banks remain at risk of cyber attacks targeting computers used to access SWIFT almost two years after the February 2016 theft from a Bangladesh Bank account at the Federal Reserve Bank of New York.
Gilderdale declined to say how many hacks had been attempted this year, what percentage were successful, how much money had been stolen or whether they were growing or slowing down.
On Monday, two people were arrested in Sri Lanka for suspected money laundering from a Taiwanese bank whose computer system was hacked to enable illicit transactions abroad. Police acted after the state-owned Bank of Ceylon reported a suspicious transfer.
SWIFT, a Belgium-based co-operative owned by its user banks, has declined comment on the case, saying it does not discuss individual entities.
Gilderdale said that some security measures instituted in the wake of the Bangladesh Bank heist had thwarted attempts.
As an example, he said that SWIFT had stopped some heists thanks to an update to its software that automatically sends alerts when hackers tamper with data on bank computers used to access the messaging network.
SWIFT shares technical information about cyber attacks and other details on how hackers target banks on a private portal open to its members.
Gilderdale was speaking ahead of the organization’s annual Sibos global user conference, which starts on Monday in Toronto.
At the conference, SWIFT will release details of a plan to start offering security data in “machine digestible” formats that banks can use to automate efforts to discover and remediate cyber attacks, he said.
SWIFT will also unveil plans to start sharing that data with outside security vendors so they can incorporate the information into their products, he said.
Reporting by Jim Finkle; Editing by Rosalba O'Brien and Marguerita Choy