- Dave Rubin fails to delete Patreon on livestream to delete Patreon 3 Years Ago
- The ‘some of y’all… and it shows’ meme is taking over Twitter Today 12:24 PM
- ‘Star Trek: Discovery’ begins season 2 on a cheerful note Today 11:49 AM
- Climate change memes are disrupting the feel-good ’10 year challenge’ Today 11:48 AM
- Mysterious Washington Post parody predicts Trump’s resignation Today 11:42 AM
- YouTube cracks down on challenges, pranks Today 11:04 AM
- Upskirting will soon be illegal in England Today 10:45 AM
- Jake Paul calls Keemstar a ‘piece of trash’ for ‘body-shaming’ Erika Costell Today 10:18 AM
- Sprint promises to stop selling location data after outcry Today 9:53 AM
- Kirsten Gillibrand announces presidential bid—and Al Franken diehards are salty Today 9:49 AM
- How to watch ‘Married at First Sight’ online for free Today 9:43 AM
- There are already memes for ‘Spider-Man: Far From Home’ Today 9:00 AM
- Did Laura Loomer get duped into believing Muslims got her suspended from Twitter? Today 8:44 AM
- Here’s what we know about the Ice Sphere and Ice Storm in Fortnite Today 8:18 AM
- Who is Jigsaw, the villain of Netflix’s ‘Punisher’ season 2? Today 7:25 AM
Hackers steal millions from Ecuadorian bank in third such attack this year
The network that processes money-transfer orders is urging banks to report every incident.
A recent streak of multimillion-dollar bank heists keeps getting longer.
Hackers exploited a flaw in a global money-transfer system to steal $9 million from Ecuador’s Banco del Austro in January 2015, according to a lawsuit made public Thursday night and first reported by the Wall Street Journal.
Of the $12 million that was fraudulently transferred out of the Ecuadorian bank, $2.8 million of it was recovered. Legal action continues to retrieve more of the money from Hong Kong, where it was transferred after the theft. It’s not clear where the money went next.
At the heart of the Ecuadorian heist, and previously disclosed thefts at a Bangladeshi bank and another institution, is the Society for Worldwide Interbank Financial Telecommunication (SWIFT), the global network through which thousands of international banks send each other money-transfer orders.
Concerns about the global financial system’s ability to resist cyberattacks are escalating, especially because SWIFT did not detect the intrusions. Hackers also tried and failed to exploit the system to steal from a Vietnamese bank in December.
Banco del Austro is suing Wells Fargo in a federal district court in New York for not seeing “red flags” in at least 12 transactions from January 2015 that transferred $12 million out of it.
“For each of the unauthorized transfers, an unauthorized user, using the Internet, hacked into BDA’s computer system after hours using malware that allowed remote access, logged onto the Swift network purporting to be BDA, and redirected transactions to new beneficiaries with new amounts,” the lawsuit alleges.
Wells Fargo is attempting to have the suit thrown out. It has dismissed the banks claims, arguing that financial firms cannot vet transfers to the extent that the Ecuadorians have claimed.
Additionally, Wells Fargo and SWIFT argue that it was the bank’s own security failures that allowed hackers to acquire its SWIFT login credentials. SWIFT made the same argument in the Bangladeshi case.
A SWIFT spokeswoman told the Wall Street Journal that the firm was never informed of the Ecuadorian hack and urged SWIFT customers to report frauds in order to strengthen the global financial system’s defenses.
It remains unclear whether the same hackers conducted all three attacks, but the similarities have many observers connecting the dots. All the attackers targeted SWIFT through the banks’ customer portals and commenced operations after the banks’ normal business hours.
It is also unclear if other banks are currently being digitally pillaged.
John Doyle, a senior executive at SWIFT until 2005, told Reuters that SWIFT can’t replace secure banking and that it can’t always know about every hack. Banks care too much about customer confidence, he said, to squander it by reporting every incident to SWIFT.
Nevertheless, SWIFT is urging its member banks to not keep multimillion-dollar hacks secret.
“The security of our global financial community can only be ensured through a collaborative approach,” the company told banks. “To this end, it is essential that you share critical security information related to [SWIFT] with us.”
Patrick Howell O'Neill is a notable cybersecurity reporter whose work has focused on the dark net, national security, and law enforcement. A former senior writer at the Daily Dot, O'Neill joined CyberScoop in October 2016. I am a cybersecurity journalist at CyberScoop. I cover the security industry, national security and law enforcement.