SWIFT Software Bug Exploited by Bangladesh Bank Hackers

Phil Muncaster reports:

A bug in SWIFT banking software may have been exploited to allow hackers to make off with $81 million from Bangladesh’s central bank in February, according to reports.

Investigators at British defense contractor BAE Systems told Reuters that the malware in question, evtdiag.exe, had been designed to change code in SWIFT’s Access Alliance software to tamper with a database recording the bank’s activity over the network.

[…]

It may still be the case that security shortcomings at the Bangladesh Bank also contributed to the cyber theft.

Several reports claimed that the bank was using second-hand routers costing just $10m, and that key firewalls were missing from its security set-up.

Read more on InfoSecurity Magazine.

About the author: Dissent