SWIFT Network – “that’s where the money is” (Slick Willie Sutton)

Recent headlines tout breaches in the SWIFT transfer network: Now It’s Three: Ecuador Bank Hacked via Swift (19 May 2016)

The best technical commentary I have found on SWIFT attacks is TWO BYTES TO $951M by Sergei Shevchenko (25 April 2016). (Bangladesh Bank’s (BB) SWIFT payment system attack.)

Sergei reports on malware used in the February 2016 attack on Bangladesh Bank’s (BB) SWIFT payment system. Malware thought to be part of a larger attack toolkit is identified, analyzed along with how the fraud was concealed.

I have gone through approximately thirty (30) reports that cite one or more of the malware file names and I have found no information beyond Sergei’s report. Avoid the duplication and repetition, start and end with Sergei’s report. (At least for now, new technical reports may emerge.)

For a public glimpse inside the world of SWIFT transfers, see Cyber thieves exploit banks’ faith in SWIFT transfer network by Tom Bergin and Nathan Layne. Bergin and Layne cover an earlier SWIFT breach, this one involving the Banco del Austro (BDA) in Ecuador, Wells Fargo and the transfer of approximately $12 million in 2015.

In an amusing twist, SWIFT found out about the breach from a Reuters query about the breach. Apparently banks are no better at sharing information among themselves than they are with the public.

Banco del Austro (BDA) filed suit in New York State Court and Wells Fargo removed that case to the Federal District Court for the Southern District of New York. The original complaint appears as Exhibit A of the removal notice. (full text) The docket number in Federal District Court is: 1:2016-cv-00628.

You may not be experienced in reading legal pleading but you should take a look at Exhibit A. Wells Fargo is said to have “boosted,” “assured,” etc. In addition to being a fun read, you will gain some insight into the operation of SWIFT.

While writing this up, I discovered other resources you may find useful:

ARNE Solutions has reportedly posted Bangladesh Bank’s #‎Malware‬ SWIFT decrypted config file. I say “reportedly” because I have not verified the file.

SWIFT homepage

SWIFT Security Notices

The Swift Codes has a complete listing of SWIFT codes.

The Bangladesh heist was in part the result of $10 network switches and no firewall. There are 11,000 banks and other institutions that use SWIFT.

What do you think the odds are that other vulnerable banks exist with access to the SWIFT network?

You can find all sorts of things related to SWIFT on the internet. Remittance Instructions Transportation Security Administration (TSA) Security Fees, which helpfully recites:


for example.

One step towards evaluating the security of SWIFT, is to collect and collate all the public information about SWIFT. Not a freebie, anyone interested purchasing/sponsoring such a collection?

Comments are closed.