Wanted: Bank Robber, Gun Not Required

17May

Wanted: Bank Robber, Gun Not Required

By Goldco Precious Metals Blog , , , , , 0 Comments

If you remember the old saying that something vital was as safe as “money in the bank” you’ll want to update your assumptions.

As we reported earlier this year, in February hackers gamed the international intra-bank transfer system known as SWIFT for a cool $101 million. Pretending to be Bangladesh’s Central Bank, the thieves conned the U.S. Federal Reserve into sending money to a string of casinos in the Philippines.

Setting aside the question of whether someone should have found it odd that a central bank was wiring money directly to foreign casinos, it’s still not clear how the bandits made off with their haul. As of this writing, with all the international resources of the FBI on the job, only $20 million has been recovered. That means there are hackers on a yacht somewhere soaking up the sun and living large on $81 million funneled right out of the international banking system.  The scariest part?  The only thing that stood between the criminals and their initial goal of getting away with more than one billion was someone finally noticing a simple typo in one of the transfer requests.

The fact that the bogus transactions haven’t been traced yet, despite virtually the entire banking world looking for them, says as much about the security of our financial systems as it does about the skill of the hackers. If our central banks, which one would think would be the most secure institutions on the planet, are this vulnerable, what does that say about the rest of our banking systems? How many losses have gone unsolved, undisclosed or undiscovered one can only guess.

An Inside-Out Job

The FBI is claiming the bad guys had inside help, which is the go-to conclusion when investigators can’t figure out how thieves pulled off a heist. Why they picked the Bangladesh Central Bank (BCB) is less of a mystery. Turns out security was laughably lax at the bank, which had no firewall and was using a ten dollar network setup at the time it was compromised.

In its defense, the SWIFT software and system is incredibly hard to hack into—from the outside.  But once the thieves had direct access to it, having gotten through the BCB’s non-existent network security, they were able to hack into SWIFT from within the Bangladesh bank’s system and even use malware to send authenticated settlement notices. When confirmations were received from a server in Egypt, the malware even covered its tracks, deleting both the confirmation and transaction records.

Shady Partners

It’s also somewhat less than a mystery why the hackers decided to send the money to the Philippines. The funds transfers were sent to the Rizal Commercial Banking Corp. held by two Chinese nationals who organize gambling junkets to Macau and the Philippines. The money was then transferred to a string of casinos and from there to a series of international bank accounts. Philippine casinos are exempt from money laundering regulations and were under no obligation to report the suspicious transactions. Two officers at Rizal are facing charges when one of them got caught taking $427,000 out of one of the thieves’ transfer accounts.

The Real Forehead-slapper

Now we get word that, just last week, yet another bank, this time in Vietnam, was discovered to be infected with the same malware used in the Bangladesh attack. This time no one’s saying how the intrusion was discovered, or how much money the thieves stole; a silence that implies the haul was probably substantial.  Why the SWIFT system hadn’t been patched against the known threat of the very malware used in the previous attack is another mystery. None of those questions are particularly flattering for the international banking system, or reassuring to bank customers.

And the Next Weak Link?

SWIFT is based in Brussels and is a bank-owned cooperative. The finger-pointing started within days, with authorities in Bangladesh accusing the SWIFT system of failing to patch known software vulnerabilities, and SWIFT retorting that the issue was lax security on the part of the bank. SWIFT maintains it was simply processing properly formatted settlement instructions.

What we know for certain is that SWIFT system security was only as strong as its weakest link. We know that $81 million is still missing and the fact that it has been missing this long lowers the likelihood it will ever be found.

The far bigger story here is that the safeguards underlying the world’s banking systems are clearly vulnerable to a well-crafted attack. It’s doubtful thieves are going to confine their ambitions to Bangladesh and Vietnam; it seems more likely that your bank, and mine, are in some criminal’s sights at this very moment, our brokerages as well.  Any widely known store of digital, hackable wealth is vulnerable.  The question becomes, do you protect yourself now, or wait until a catastrophic theft occurs?  Or, to be more precise, until you’re finally notified a theft has occurred?  Or do you take a portion of your wealth off the table, and put it in a physical asset no thief can hack.

Share this post

Author

Leave a Reply

Your email address will not be published.

Related Posts

31May

Why Central Banks Buy So Much Gold – Video

05Apr

Saving Your Cash is Killing the Economy

We can't win. Experts scolded us for spending rather than saving,... read more

10Apr

Auditing the Federal Reserve

The ostensible purpose of the Federal Reserve is to maintain balance... read more

15Oct

Markets Are Sending a Message – Are You Listening?

If weakness in the stock market earlier this year didn’t wake... read more

07Nov

Central Banks Buying More Gold Now Than in Years: What Do They Know?

Gold has been almost universally derided by governments in recent decades.... read more

18Jan

Biggest Market Players Dump Stocks for Cash in 2016

When pension and mutual fund managers sense danger in the water... read more

05Nov

Latest Jobs Report: The Last Hurrah for the US Economy?

The latest jobs report was heralded by mainstream media as another... read more

09Nov

Now Is the Time to Protect Your Retirement Assets: Here’s Why

Thanks to the stock market’s performance since 2016 there are now... read more

14Jun

Why Now Is the Right Time to Buy Gold

If you’re saving and investing, it’s probably for a reason. For... read more

13Jul

Don’t Make These Retirement Mistakes

One of the common worries that all retirees have is whether... read more