Monday, May 2, 2016

GIZMODO: Hackers Who Got Caught by a Typo Were Trying to Take Over the World




Hackers Who Got Caught by a Typo Were Trying to Take Over the World (Updated)

http://gizmodo.com/bangladesh-bank-hackers-created-malware-to-target-the-g-1772834299

The hackers behind a large-scale Bangladesh bank hack went further than simply stealing money. Now it turns out that they created malware that could compromise the internationally used SWIFT payment system.

BAE Systems researchers tell Reuters that the hackers who took the central bank of Bangladesh for a ride compromized the SWIFT system using malware. SWIFT has confirmed to Reuters that it’s “aware of malware targeting its client software.” The organization plans to issue an update for its software some time today to protect the payment systems from attack.

The malware, called evtdiag.exe, allowed the hackers to change records on SWIFT databases in order to hide what they were up to. The criminals could delete records of transfer requests, intercept messages about payments and manipulate the displayed account balances to cover their tracks.

The software was apparently specifically written to attack the Bangladesh bank, but the theory could, according to the researchers, be applied elsewhere. Adrian Nish from BAE Systems told Reuters that it was one of the most elaborate malware hacks he’d ever come across.


An $80M Bank Hack Has Been Blamed on $10 Routers

Sometimes it pays to spend. The central bank of Bangladesh has found that out the hard way, as police are blaming its loss of $80m during a hack on crappy $10 routers.

You might remember that a team of hackers tried to steal vast quantities from the bank earlier this year. Their attempts were brought to a halt because they managed to misspell “foundation” as “fandation”—a typo that was noticed by Deutsche Bank, ultimately bringing the heist to an abrupt end. The criminals did, however, manage to make off with $80 million before they were found out.

Now, Reuters reports that the Forensic Training Institute of the Bangladesh police’s criminal investigation department has carried out an investigation into what went wrong. The team found that the bank was using second-hand $10 network switches without a firewall to link its computers. Perhaps no surprise, then, that it proved incredibly easy to hack. Sadly those computers were connected to the SWIFT global payment system, which meant the hackers were able to gain access to the credentials required to make high-value transfers straight into their own accounts.
Perhaps just as amusing—sorry, alarming—is the fact that the lack of sophisticated hardware is also apparently making it harder to trace the origin of the hacks. While the police has found 20 people who received payments as part of the heist, it admits it’s yet to find the hackers themselves.

A good reminder, if ever there was one, that sometimes you really do get what you pay for.



A Basic Spelling Error Cost These Hackers Nearly $1 Billion

Most spelling mistakes are innocent, fleeting, and only mildly embarrassing. Then there are the… Read more

The Bangladesh bank hack until now seemed like a farcically amusing comedy of errors. First, the hackers were brought to a halt because they managed to misspell “foundation” as “fandation”—a typo that was noticed by Deutsche Bank, ultimately bringing the heist to an abrupt end. The criminals did, however, manage to make off with $80 million before they were found out.

Then, just last week, a forensic analysis of the hacks found that the bank had been using second-hand $10 network switches without a firewall to link its computers. Those computers were connected to the SWIFT global payment system, which meant the hackers were able to gain access to the credentials required to make high-value transfers straight into their own accounts.

Reuters claims that the attackers actually targeted a very specific piece of SWIFT software known as Alliance Access. So while the SWIFT system is used by thousands of banks and financial institutions, not all of them are affected by the malware.

Update: This article has been updated to reflect comment we received from SWIFT, explaining that:
SWIFT is aware of a malware that aims to reduce financial institutions’ abilities to evidence fraudulent transactions on their local systems. This malware has no impact on SWIFT’s network or core messaging services. 
We understand that the malware is designed to hide the traces of fraudulent payments from customers’ local database applications and can only be installed on users’ local systems by attackers that have successfully identified and exploited weaknesses in their local security.

Sometimes it pays to spend. The central bank of Bangladesh has found that out the hard way, as police are blaming its loss of $80m during a hack on crappy $10 routers.

You might remember that a team of hackers tried to steal vast quantities from the bank earlier this year. Their attempts were brought to a halt because they managed to misspell “foundation” as “fandation”—a typo that was noticed by Deutsche Bank, ultimately bringing the heist to an abrupt end. The criminals did, however, manage to make off with $80 million before they were found out.

Now, Reuters reports that the Forensic Training Institute of the Bangladesh police’s criminal investigation department has carried out an investigation into what went wrong. The team found that the bank was using second-hand $10 network switches without a firewall to link its computers. Perhaps no surprise, then, that it proved incredibly easy to hack. Sadly those computers were connected to the SWIFT global payment system, which meant the hackers were able to gain access to the credentials required to make high-value transfers straight into their own accounts.

Perhaps just as amusing—sorry, alarming—is the fact that the lack of sophisticated hardware is also apparently making it harder to trace the origin of the hacks. While the police has found 20 people who received payments as part of the heist, it admits it’s yet to find the hackers themselves.

A good reminder, if ever there was one, that sometimes you really do get what you pay for.


http://gizmodo.com/a-basic-spelling-error-cost-these-hackers-nearly-1-bil-1764021766

A Basic Spelling Error Cost These Hackers Nearly $1 Billion

Sophie Kleeman
3/10/16 10:20am

Most spelling mistakes are innocent, fleeting, and only mildly embarrassing. Then there are the ones that result in a loss of over $800 million during a bank heist. Those ones suck.

Reuters reports that a basic spelling error prevented an almost billion-dollar theft from Bangladesh’s central bank last month. Hackers managed to break through the bank’s internal security and made off with the credentials needed to make transfers. They then took that information to the Federal Reserve Bank of New York, where they made more than 30 requests to transfer funds to “entities in the Philippines and Sri Lanka.”

Though about $80 million made it through—making this one of the biggest bank heists on record, according to Reuters—a request to send $20 million to a non-profit organization in Sri Lanka raised red flags.

The reason? Hackers reportedly misspelled “foundation” as “fandation.” Whoops!

Deutsche Bank, which was conducting the transfer, asked the Bangladesh central bank about the mistake, leading to a realization that something was off. Meanwhile, the abundant number of transfer requests to the New York Fed also raised suspicions, and the American wing also contacted the Bangladeshi bank.

According to one official, the money saved added up to between $850 million and $870 million.

Of course, the Bangladesh central bank still lost a painfully large sum of money, and according to Vice, they’re going after the Fed to get it back. “The Fed had the responsibility to keep the money safe,” Shamim Ahamad, the press minister at the American Bangladesh Embassy, told Vice. “We are suspecting that Chinese hackers have done it.”

The country’s finance minister, Abul Maal Abdul Muhith, had even stronger words, according to the Dhaka Tribune. “The fault that caused the hacking was in the Federal Reserve of United States, so we will file a case in the international court against the US Fed,” he said.

The Fed, meanwhile, is basically shrugging. “To date, there is no evidence of any attempt to penetrate Federal Reserve systems in connection with the payments in question,” said a spokesperson said in a statement. “There is no evidence that any Fed systems were compromised.”

Note to hackers (and self): Use spellcheck more often.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.