Cybersecurity

Senator asks Fed about SWIFT heist

Cyberattack, financial services

In February, cybercriminals stole $81 million from the Central Bank of Bangladesh with a malware scheme that manipulated the software the bank uses to process transactions via the Society for Worldwide Interbank Financial Telecommunication (SWIFT) system, which moves billions around the globe every day.

The attack involved siphoning funds from a Bangladesh account at the Federal Reserve Bank of New York. Sen. Tom Carper (D-Del.), ranking member of the Senate Homeland Security and Governmental Affairs Committee, has asked New York Fed President William Dudley what is being done to improve cybersecurity in the wake of one of the largest bank heists in history.

"It is my understanding that there is no evidence of any attempt to penetrate Federal Reserve systems or that any Federal Reserve systems were compromised in connection with these recent incidents," Carper said. "However, these cyberattacks raise important questions about the security of the SWIFT system and the ability of its members to prevent future attacks."

Carper asked about the Federal Reserve's protocols for sharing potential cyberthreat information, whether the Federal Reserve plans to amend its cybersecurity or internal control policies and whether it has provided technical assistance to improve SWIFT security. Carper also wants the Federal Reserve to describe what it has done to coordinate with affected entities since the attack.

He contacted SWIFT Managing Director Patrick Antonacci seeking similar information on SWIFT's protocols and plans, as well as the repercussions facing SWIFT members that do not adhere to security standards and the technical, operational, managerial and procedural controls members encounter when they access the organization's system.A SWIFT alert sent to users on May 13 disclosed that there had been a second instance of malware targeting banks in an effort to obtain the kind of authenticating information necessary to transfer funds out of member accounts.

"The attackers clearly exhibit a deep and sophisticated knowledge of specific operational controls within the targeted banks -- knowledge that may have been gained from malicious insiders or cyberattacks, or a combination of both," the release states.

Carper requested responses and briefings with his staff from both organizations by June 17.

About the Author

Chase Gunter is a former FCW staff writer.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.