The SWIFT financial messaging cooperative, the Federal Reserve Bank of New York and Bangladesh Bank quietly issued a statement this week revealing that they are still trying to resolve “the cyber fraud event that occurred in February 2016.”
I found the cryptic communique (apparently written by Mohua Mohosin, deputy general manager, Bangladesh Bank) as I was doing a thorough search for other news items. It’s odd how quickly we all forget a major event like this major cyber-attack from last year.
The document, dated July 3, explains that representatives of the New York Fed and Bangladesh Bank (the central bank of Bangladesh) met in New York to continue discussions about the case while SWIFT officials participated remotely.
“As has been discussed at prior meetings, the parties reviewed steps that have been and will be taken to remediate the event, and progress towards rebuilding the SWIFT-related infrastructure in Bangladesh Bank to help ensure that its correspondent banking operations function in a highly secure manner,” according to this latest statement.
“The participants remain committed to working together to recover the entire proceeds of the crime, bring the perpetrators to justice in cooperation with law enforcement from other jurisdictions, and lend support to multilateral international efforts to further protect the global financial system from these types of attacks in the future,” according to the jointly supported statement.
To remind you of the circumstances, hackers used SWIFT codes to break into the account of the Bangladesh central bank http://bit.ly/29NabVW . Hackers subsequently used messages and multiple attempts to break into the Federal Reserve Bank of New York, which then led to the theft of a hefty sum, according to official confirmations and media reports. The hackers in the initial robbery did encounter some barriers and, although some funds were retrieved, ultimately $81 million was stolen (and is apparently still missing) from the Bangladesh central bank account.
Sadly, the Bangladesh incident became the model for later hacking attacks upon SWIFT clients. “As SWIFT has previously stated, all the attacks have followed the same broad modus operandi,” a spokesperson told FTF News.
Since the incident, SWIFT has been taking steps to underscore its commitment to cyber-security protections. At its SIBOS conference in Geneva this past October, the cooperative pushed core security standards and an associated assurance framework that it is making mandatory for all its clients.
For the moment, the new joint statement may have more than a few meanings.
First, if we take the statement at face value, it’s likely that the perpetrators have not yet been found and may be very hard to find.
On a more positive note, the trio has apparently discovered a way to work together for what has turned out to be a highly troubling, complex, time-consuming and not terribly transparent matter.
My hope is that this sign of new cooperation may be the key to finding the hackers.