Roughly a year ago we wrote about perhaps the most notable bank heist in history in which a group of hackers used Swift, the interbank messaging system, to steal $81 million from the Central Bank of Bangladesh. Here’s our recap:
For those who missed the story, you can review it in all its James Bond-ish glory in the four posts linked below, but here is a brief summary of what happened to the $81 million: 1) it was transferred to four accounts at the Jupiter Street, Makati City, branch of Rizal Commercial Banking Corp (RCBC) in the Philippines, 2) $470,000 in cash went into the branch manager’s trunk and the rest went to a possibly forged (but possibly not) account registered to one William Go, 3) the money was transferred to an FX broker called Philrem, 4) $50 million was split between two casinos and the remaining $31 was delivered to a “Weikang Xu” in cash.
From there, the trail goes cold.
- Plot Thickens In New York Fed Heist As $30 Million In Cash Said Delivered To Mystery Chinese Man
- The Incredible Story Of How Hackers Stole $100 Million From The New York Fed
- Chinese Hackers Break Into NY Fed, Steal $100 Million From Bangladesh Central Bank
- Mystery Of New York Fed Robbery Has Central Banks Asking Who’s Next
But Bangladesh isn’t the only country whose Central Bank has been targeted by a growing number of hackers seeking to score a quick, and massive, loot. As Bloomberg notes, hacks on global financial systems soared in 2016 and claimed Russia, Poland, Uruguay and Mexico, just to name a few, as victims.
Over the course of last year, hackers looted up to $21 million from accounts opened with the Bank of Russia.
Poland’s financial regulator was targeted in January by a suspected “watering hole” attack, where hackers target an often-used website, according to research from BAE Systems. In this instance, the hack originated from the website of Polish Financial Supervision Authority (KNF), where code was planted that would serve malware to certain visitors of the site. The malicious code was selectively targeted at financial institutions, and multiple banks were compromised via their users simply browsing the KNF website.
Similar code was also believed to be present on the website of the state-owned Banco de la República Oriental del Uruguay, and the National Banking and Stock Commission of Mexico in late 2016, according to analysis from BAE Systems and U.S. software company Symantec Corp.
Now, the hacking collective “Anonymous,” known for its activism against big corporations, security forces, and governments, has decided it wants to get in on the massive central bank scores and is actively recruiting new hackers that can assist in the effort.
While the people wouldn’t say which banks are being targeted, they said the group has been busy recruiting new hackers to aid it in its forays, and renewed its attack against a number of central banks in February.
The group last year attacked at least eight monetary authorities, including the Dutch Central Bank, the Bank of Greece, and the Bank of Mexico, the two people said. In a change of tack, it is also considering plans to sell on any confidential information it obtains, according to one of the people.
The actions by non-state hacking and hacktivist groups such as Anonymous “are a wake-up call that should alert us to the critical weaknesses of global financial systems,” said Stefano Zanero, a professor of computer security at Italian university Politecnico di Milano.
Janet Yellen recently warned in testimony before the congressional Joint Economic Committee in November that a successful cyber-security attack on the U.S. banking system is “one of the most significant risks our country faces.” In fact, central banks all around the world are spending millions on cybersecurity experts and even buying startup companies to avoid being the next embarrassing victim of a multi-million dollar cyber heist.
In response, central banks and related agencies have been busy attempting to stem the increasing number of attacks. In June Swift hired BAE Systems and U.K. cybersecurity adviser NCC Group Plc in a bid to improve its security defenses. BAE has since helped Swift analyze whether it needs to flag potential issues to correspondent banks.
The Bank of England is even scooping up startups to help it battle online threats. It is currently running an accelerator, launched in June 2016, and is to start working with Anomali in order to “hunt and investigate cyber security intelligence data in a highly automated fashion,” according to a case study published in February by the Bank.
Of course, try as they might, we suspect the world’s bureaucratic central banks may be ill-equipped for a battle against an army of anonymous, international hackers fed up with their destructive policies aimed at continously inflating assets bubbles which serve only to help the rich get richer while enslaving the masses…