A third case a SWIFT member bank in Ecuador revealed to be a victim of a cyber heist at a time when details of the Bangladesh Bank heist are still scarce brings focus to the state of cybersecurity of the world’s go-to banking system.
The $81 million Bangladesh Bank cyber heist from February made global headlines. A SWIFT advisory from the last fortnight revealed the second known case of a member bank falling victim to a heist that further underlined the dire state of cybersecurity measures enforced at global banks.
Now, a third case reveals that Banco del Austro (BDA) in Ecuador was the victim of a similar cyber heist, more than a year ago in January 2015. It’s official. The global banking system is under siege.
Reuters reports that the evening of January 12, 2015, a message from a supposedly secure computer terminal at the bank sent a message to Wells Fargo, a San Francisco-based bank to transfer money to bank accounts in Hong Kong.
The next 10 days saw Wells Fargo approve a total of at least 12 transfers, which amounted to a total of $12 million of BDA’s money, over the SWIFT system.
Now, in details revealed by a lawsuit filed against Wells Fargo by the Ecuadorian bank, both banks believe that the request for the funds were triggered and stolen by unidentified hackers.
BDA is suing Wells Fargo in claiming that the bank ought to have flagged the transactions as suspicious. In a counter, Wells Fargo claims that it is BDA’s own security, or lack thereof, that resulted in the losses.
SWIFT has revealed that it was unaware of the entire incident involving the two banks from January 2015. In a statement to Reuters, it stated:
We need to be informed by customers of such frauds if they relate our products and services, so that we can inform and support the wider community.
Notably, SWIFT does not have a clearly-set rule that requires member banks to report hacking attacks or thefts.
Therein lies the problem, where banking network that is the framework of the global banking system, is unaware of the details of a banking heist, even one from over a year ago.
SWIFT has published a statement today, urging member banks to inform the platform of any cyber thefts.
We specifically remind all users to respect their obligations to immediately inform SWIFT of any suspected fraudulent use of their institution’s SWIFT connectivity or related to SWIFT products and services.
Featured image from Shutterstock.