The traces of a recent wave of cyber bank robberies run from Dhaka to New York to Kiev. But they all cross at a tiny suburb of the Belgian capital city, Brussels.
La Hulpe is where you will find the Society for Worldwide Interbank Financial Telecommunication, or SWIFT. It’s an organization that sits at the very epicenter of the global financial system – a system that over the last few months has been increasingly under attack.
SWIFT could be considered the backbone of the entire financial industry. If you transfer money from your bank account to somebody else, the transaction will almost certainly run through SWIFT. Up to 30 million messages between financial firms and clients pass through on any given day.
Gottfried Leibbrandt, the chief executive of SWIFT, is a man who would prefer to stay out of the limelight. He rarely speaks to journalists. When contacted by Handelsblatt, he preferred to take questions and give answers in writing.
That doesn’t mean he’s any less aware of what’s at stake.
“Our community must step up its efforts, but threats of disconnection may have the opposite effect, and cause banks to retreat.”
“Recent events are a watershed moment for our industry – it’s a watershed because of the sums involved, because of the sophistication of the attacks, and because of what they are attacking: banks’ critical payment input points,” he wrote.
Cracks in the infrastructure came to light through a spectacular attack back in March, when cyber bank robbers got away with some $81 million in funds from the central bank of Bangladesh. They had hacked into the central bank, gained access to the SWIFT network and used it to send fake messages to the New York Federal Reserve, instructing it to transfer funds to private accounts.
It’s their most prominent success to date, but hardly the only one. Cyber criminals have attacked Ecuador, Vietnam and Ukraine to name a few. And those are just some of the ones that are known. Mr. Leibbrandt said it remains unclear exactly how many attacks there have been. U.S. Federal Reserve Chair Janet Yellen has called it a “significant threat” to the entire industry.
Investigations by SWIFT into exactly how the Bangladesh attack and others succeeded and what can be done about it are on-going. One thing seems clear: The system is only as strong as its weakest link.
Adrian Nish, an expert in cyber attacks for BAE Systems, likens it to the animal kingdom: “Hunters attack the weaker animals in the herd. They are easier prey.”
The computers of the Bangladesh central bank, for example, were hopelessly old. But unlike what some media have reported, Mr. Leibbrandt told Handelsblatt he rejects the notion that entire banks or central banks should be disconnected from the system.
“Hunters attack the weaker animals in the herd. They are easier prey.”
“Of course our community must step up its efforts, but threats of disconnection may have the opposite effect, and cause banks to retreat,” he warned.
“A temporary suspension might be necessary to safeguard an impacted entity, its counterparts and the network as a whole,” he added. “But disconnecting an impacted entity from SWIFT altogether would not necessarily solve the underlying security problem, since if the entity concerned didn’t sort out its security, the input fraud could still occur and still be carried through the system.”
In other words, Mr. Leibbrandt says this is an industry-wide challenge, and it has to be solved as such. “A standalone effort will not solve the problem,” he said.
Some have criticized SWIFT, including the organization’s former boss, Leonard Schrank, who said some time ago, “With the evolution of cyber criminality over the last 10 years, why hasn’t SWIFT and the community done more?” he said.
Mr. Leibbrandt rejected the accusation, saying SWIFT has always taken cyber crimes seriously, but he acknowledged the recent events have shown that more needs to be done by all sides.
Hinrich Völcker, who is responsible for information security at Deutsche Bank, said that SWIFT has made efforts since the attack to ask others in the private sector for help and advice. Mr. Völcker said it may help for SWIFT to compile templates of attacks that could be shared among market participants.
SWIFT has also recently become a customer of BAE Systems. Adrian Nish and his group should help identify the next attack before it’s too late. Mr. Nish says there’s still a lot of work to do.
“The SWIFT hack and others we’ve investigated recently have a new quality. Earlier, bank customers were the target, now banks and financial service providers have themselves become targets,” he said.
“The danger is that there are still many other groups out there that have the skills to implement such an attack,” he added. “We expect to see more of these cases emerging in the coming months.”
Michael Brächer is a banking and financial correspondent for Handelsblatt based in Frankfurt. To contact the author: email@example.com