Cybercriminals recently attempted to make fraudulent transfers of money totaling nearly a billion dollars out of the Bangladesh Central Bank's account at the Federal Reserve Bank of New York. While most of the payments were detected as problematic and, therefore, blocked, approximately $81 million was successfully stolen – transferred to accounts in the Philippines from which it was funneled through local casinos.

A report from BAE Systems indicates that the crooks likely hacked not only into the bank but also into the international money transfer platform owned together by 3,000 financial institutions called SWIFT. SWIFT confirmed this week that it was aware of an ongoing malware attack targeting its infrastructure via its client software, and issued a special warning for financial institutions to be especially vigilant.

What is fascinating, however, is not just how significant the Bangladesh theft is becoming on a global scale, but how poor the bank’s information security apparently was at the time of the breach. According to an investigator at the bank, the bank was especially vulnerable because it did both not have firewalls and used second-hand, inexpensive switches to connect computers to the SWIFT global payment network.

​You read that correctly: No firewalls. $10 used switches. To protect systems connected to a global funds transfer network.

The aforementioned two security weaknesses obviously put the bank at risk by making it much easier for hackers to break into the bank and attempt to make fraudulent money transfers using the bank’s SWIFT credentials – something that may end up putting people all over the world at risk as well.

This episode raises an important question: Would you have thought that a bank handling billions of dollars could be operating without well-configured firewalls – never mind without necessary firewalls altogether?
There is a tremendous lesson to be learned: Don’t assume anything when it comes to information security.
Loved the article? Can’t wait to take on the world of Information Security? Get a professional certification to position yourself at the front of the pack – and we’ve got special rates for our readers!

About the Author

Joseph SteinbergJoseph Steinberg

The author is the CEO of SecureMySocial, is a renowned cyber security thought leader and author of several books on the topic, including (ISC)2’s official study guide for the CISSP-ISSMP exam. Recognized by Onalytica as one of the top cyber-security influencers in the world, he is also the inventor of several IT Security technologies widely-used today; his work is cited in over 100 published US patent filings. He is also one of only 28 people worldwide to hold the suite of advanced information-security certifications, CISSP, ISSAP, ISSMP, and CSSLP, indicating that he possesses a rare, robust knowledge of information security that is both broad and deep.

View More
  • Disclaimer
  • PMP, PMI, PMBOK, CAPM, PgMP, PfMP, ACP, PBA, RMP, SP, and OPM3 are registered marks of the Project Management Institute, Inc.