Cybersecurity

Senator asks Fed about SWIFT heist

Cyberattack, financial services

In February, cybercriminals stole $81 million from the Central Bank of Bangladesh with a malware scheme that manipulated the software the bank uses to process transactions via the Society for Worldwide Interbank Financial Telecommunication (SWIFT) system, which moves billions around the globe every day.

The attack involved siphoning funds from a Bangladesh account at the Federal Reserve Bank of New York. Sen. Tom Carper (D-Del.), ranking member of the Senate Homeland Security and Governmental Affairs Committee, has asked New York Fed President William Dudley what is being done to improve cybersecurity in the wake of one of the largest bank heists in history.

"It is my understanding that there is no evidence of any attempt to penetrate Federal Reserve systems or that any Federal Reserve systems were compromised in connection with these recent incidents," Carper said. "However, these cyberattacks raise important questions about the security of the SWIFT system and the ability of its members to prevent future attacks."

Carper asked about the Federal Reserve's protocols for sharing potential cyberthreat information, whether the Federal Reserve plans to amend its cybersecurity or internal control policies and whether it has provided technical assistance to improve SWIFT security. Carper also wants the Federal Reserve to describe what it has done to coordinate with affected entities since the attack.

He contacted SWIFT Managing Director Patrick Antonacci seeking similar information on SWIFT's protocols and plans, as well as the repercussions facing SWIFT members that do not adhere to security standards and the technical, operational, managerial and procedural controls members encounter when they access the organization's system.A SWIFT alert sent to users on May 13 disclosed that there had been a second instance of malware targeting banks in an effort to obtain the kind of authenticating information necessary to transfer funds out of member accounts.

"The attackers clearly exhibit a deep and sophisticated knowledge of specific operational controls within the targeted banks -- knowledge that may have been gained from malicious insiders or cyberattacks, or a combination of both," the release states.

Carper requested responses and briefings with his staff from both organizations by June 17.

About the Author

Chase Gunter is a staff writer covering civilian agencies, workforce issues, health IT, open data and innovation.

Prior to joining FCW, Gunter reported for the C-Ville Weekly in Charlottesville, Va., and served as a college sports beat writer for the South Boston (Va.) News and Record. He started at FCW as an editorial fellow before joining the team full-time as a reporter.

Gunter is a graduate of the University of Virginia, where his emphases were English, history and media studies.

Click here for previous articles by Gunter, or connect with him on Twitter: @WChaseGunter

Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.