SWIFT tells banks to share information on hacks

London, May 20

International financial messaging service SWIFT told clients today to share information on attacks on the system to help prevent hackings, after criminals used SWIFT messages to steal $81 million from the Bangladesh central bank.

Earlier today, Reuters reported that Wells Fargo, Ecuador’s Banco del Austro (BDA) and Citibank, whose Managing Director, Franchise Risk & Strategy, Yawar Shah, is SWIFT’s chairman, did not inform SWIFT of an attack last year in which over $12 million was stolen from BDA.

The banks and Shah all declined to comment.

Banks use secure SWIFT messages for issuing payment instructions to each other. The network is considered the backbone of international finance but faith in its security has been rocked by the theft from Bank Bangladesh’s account at the Federal Reserve Bank of New York.

SWIFT said in a communication to users today that they should ‘immediately inform SWIFT of any suspected fraudulent use of their institution’s SWIFT connectivity or related to SWIFT products and services’.

SWIFT is especially concerned about use of malware to access interfaces with its network.

The Belgium-based co-operative, which is owned by its user banks, said it needed technical information from systems which have been compromised with malware to better understand risks of attack.

Malware was used in hacks on Bank Bangladesh in February and in BDA case in January 2015. “It is essential that you share critical security information related to SWIFT with us.”

SWIFT told clients it would notify them as soon as possible of cases where malware had been used to attack systems ‘so that you can better target your preventative and detective efforts’.

SWIFT did not inform clients about BDA theft as it was unaware of it, a spokeswoman said.