‘Cyber’ Tagged Posts

Before massive Bangladesh heist, New York Fed feared such cyber attacks

(Reuters) - In the years before hackers have stolen $ 81 million from a Bangladesh central bank account at the Federal Reserve Bank of New York, F...

 

Before massive Bangladesh heist, New York Fed feared such cyber attacks

(Reuters) – In the years before hackers have stolen $ 81 million from a Bangladesh central bank account at the Federal Reserve Bank of New York, Fed senior security officials examine the risk of such an attack – but judged it unlikely prospect, banking sources told Reuters.

The Fed managers ensure that lax security procedures and outdated technology could result in a certain foreign central banks to cyber-criminals on local computers comma deer and break foreign accounts at the US central bank, according to interviews with seven current and former New York Fed officials and a former US government official familiar with the bookings.

In a few years, New York Fed and Federal Bureau of Investigation officials discusses made the risk of attack by using the bank Systema ???? se kommunikasie network known as SWIFT, and according to Fed officials, who spoke on condition of anonymity.

???? The New York Fed is involved in numerous vulnerabilities, â ???? said the former government official. â ???? SWIFT was a them.A ????

But the Fed’s targeted security resources on other priorities, such as the prevention of money laundering and the enforcement of US economic sanctions, officials with knowledge of the Banka ???? security operations, told Reuters. Fed officials have consolation in the fact that SWIFTâ ???? security software has never been cracked, officials have said.

The immediate consequence of the rupture of the New York Fed is a requirement of the Bangladesh Bank for the payment of lost money and a potential lawsuit. Except that the raid showed that the US central bank long understood the potential systemic risk of a major global financial network, but was unable or unwilling to address it.

The New York Fed declined to comment on previous safety priorities or whether this has changed since the robbery. SWIFT declined to comment.

Before the raid, a New York Fed officials ordered consider the threat of fraudulent transfer by SWIFT a a ???? Riska tail ???? â ?? “A statistical term for events with a low probability but serious consequences, says a well-placed official with knowledge of the talks Februaryâ ???? se theft of Bangladesh Bank fits this description. – A fat cyber heist in which thieves try almost $ 1 billion withdraw dozens of requests.

the crime rattled the banking sector, as the channel for the theft was the SWIFT network, an acronym for the Society for Worldwide Interbank Financial Telecommunications. a cooperative under guard 20 of the ???? elite world’s largest central banks, fast connection over 11,000 financial institutions worldwide who use it to order transfers.

a ???? what everyone realize now is that no human being can never really appreciate it risk, â ???? said the person with direct knowledge of the New York Feda ???? ‘s deliberations.

SWIFT has said that the regime change involved Bangladesh Bank SWIFT software computers to prove fraud hide transfer. Last week, SWIFT acknowledges that the Bangladesh Bank attack was not an isolated incident, but one of a number of recent criminal schemes focused on the message platform. SWIFT refused to expand.

Two Bangladesh Bank officials told Reuters they believe both the New York Fed and SWIFT bear responsibility for the failure to prevent the attack. Officials earlier told Reuters that SWIFT Bangladesh Bank no prior warning about vulnerabilities, and the New York Fed to stop fraudulent orders when they reached New York.

The head of Bangladesh Bank is scheduled next week to meet with New York Fed President William Dudley and a senior executive of SWIFT to discuss the matter. SWIFT said the attack was related to an internal operational matter at Bangladesh Bank, and the New York Fed said it has no evidence that its systems compromised.

Richard dzina, head of the New York Feda? ??? s wholesale product office, in response to a banking conference yesterday, said Bank employees ???? acted properlyâ ???? in releasing the funds. The system is penetrated, he said, not because the hackers valid credentials obtained in the transfer order.

$ 80 billion per day

The New York Fed holds trillions of dollars in funds for central banks worldwide. It processes about $ 80000000000 in transfer funds in and out of their accounts every day, according to a New York Fed official.

Security handled by the New York Feda ???? the Central Bank and the International Account Services (CBIAS) division, a well-preserved operation inside the fort in Lower Manhattan. CBIAS know risk profil to individual countries and regions, the assessment of government stability, threats of terrorism and organized crime activity in deciding how money waiver to central banks and other official bodies, current and former Fed officials said.

In the months before the attack, the protection unit focuses on bulk up to protect its anti-money laundering, an initiative driven by the Board of Directors of the Feda ???? s Washington headquarters, according to two people familiar with the plan. Another priority is the Feda ???? protect private Fedwire payments system against cyber attacks, said several current and former Fed officials.

Most transfer requests are automatically approved after computer display. Only a few of about 2,000 daily transactions marked by employees, according to a New York Fed official.

Use one of the officers said automatic scanners for quick payments effective for the prevention of money laundering and the enforcement of economic sanctions was – but will not defend the bank against fraudulent transfers.

???? There is a balance here that needs to be struck between allowing customers to make new payments and to carry out their activities in a timely manner, and also to avoid really unpleasant and obvious fraud, â ??? ? said Shehriyar Antia, a former senior New York Fed policy advisor and analyst in the CBIAS unit

The CBIAS system specifically checks for typographical errors -. and it was a thiefâ ???? s type of error, along with an unusually high number of requests for payments to private parties, which warned the Fed ???? The cyber attack Februaryâ, the bank sources told Reuters. Once alerted, the Fed suspended payments on most of the requests from the Bangladesh Bank, but not before the thieves withdrew $ 81000000.

The Bangladesh Bank, a Bangladeshi police and the FBI is investigating the attack.

A Bangladeshi policeman who departmenta ???? forensic training head earlier told Reuters that SWIFT servers at the central bank of Bangladesh were vulnerable to hackers due to the lack of a firewall and a lack of basic security protocols.

LOS CONTROLS

Three former officials said the New York Fed recently focused Ona loose control terminals and other access to the SWIFT network on foreign central banks, where bankers often ordered withdrawals for hundreds of millions of dollars.

The concern focused on the possibility that banks’ computers implanted with malware or attackers could steal or buy it for sale legal credentials of employees, said former US government official. An additional concern, according to two former Fed officials, the possibility was that a corrupt insider â ?? “Possibly a bank employee a ??” access to the SWIFT network and may have prompted a fraudulent payment.

Year of the management of foreign central bank bills have a number of Fed officials worry that some banks is poorly equipped to deal with the local safety due to a lack of infrastructure investment and other procedural issues. But the Fed does not have the ability to audit security protocols with correspondent central banks.

???? The vulnerability is that central banks, even in developing countries, has a very money proportion to their level of sophistication, â ???? said concerned officials with knowledge of the security. â ???? Ita ???? is not only Bangladesh.â ????

(Be by David Greising; Editing by Brian Thevenot and Edward Tobin)

Bangladesh gets FBI help on bank heist, cyber expert missing

 

Bangladesh gets FBI help on bank heist, cyber expert missing

Dhaka (Reuters) – Bangladesh police have an officer of the US Federal Bureau of Investigation (FBI) in Dhaka on Sunday to try to locate offenders in a bid to $ 951 million cyber-heist of the central bank of the country

The first investigations are aimed at the creation of an identifying transfer order for $ 81 million by the Federal Reserve Bank of New York are from Bangladesh Bank account there casinos in the Philippines, a senior police officer said.

The transfer, one of the largest cyber raids in history, was one of 35 requests that unknown hackers made for payments from the bank account of the New York Fed in early February.

Other requests from the account transfer, which Dhaka used for international settlements, believes blocked.

The former Finance Secretary Fazle Kabir took over yesterday as head of the central bank, after the former governor Atiur Rehman resigned amid complaints from the government that they just learned of the robbery a month later from the media.

Also on Sunday, the wife of a cybercrime expert, he said after he disappeared kidnapped an auto rickshaw in the early morning hours of Thursday. He met yesterday the police and the media he uses three user IDs for the robbery.

Senior police officer Mirza Abdullahel Baqui said after the meeting with the FBI agent criminals in six countries believe was involved in the robbery.

“It’s the biggest transnational organized crime have seen in Bangladesh and so we searched both technical and human assistance (FBI),” he said.

The officials also discussed how to proceed with their investigation, he added.

a public inquiry headed by former central bank governor, Mohammad Farash Uddin began his investigation into the raid on Sunday. “This is a call,” he said of the unprecedented breach in computer security of the bank.

A pilot Philippines Senate last week said that $ 30 million from $ 81 million in the distance delivered money to an ethnic Chinese casino dice gown gent operator in Manila. The remainder was transferred to two casinos in the Philippines.

According to his wife, was cybercrime expert Tanveer Hassan ZOHA blindfolded by unidentified people in plain clothes early Thursday before being taken away in a vehicle.

He went yesterday with a special police force to the central bank, where they spend a few hours. Afterwards he told reporters that he knew three of user IDs involved in the robbery.

Kamrun Nahar Chowdhury, ZOHA’s wife, said to investigate the police refused disappearance of her husband and she has to help the government appeals to release him. The police were not available for comment.

“We do not know why he picked up,” she told Reuters.

(Reporting by Serajul Quadir; Editing by Tom Heneghan)

For banks in cyber heist, how to get their money back?

 

For banks in cyber heist, how to get their money back?

Because the amounts were large and these attacks are relatively new, both banks of the Middle East influenced in a robbery of ATM $ 45 million face an uncertain path in an attempt to have their losses, experts make financial, insurance back and legal say.

Oman-based Bank Muscat has lost $ 40 million and the United Arab National Bank of Ras Al Khaimah PSC (RAKBANK) established Emirates lost $ 5 million in global heist, said U.S. prosecutors Thursday.

Hackers broke into other companies that processes transactions for prepaid debit cards issued by banks, prosecutors said. Then the gang in 27 countries withdrew their money from vending machines in two coordinated movements, on December 21 last year and the other on 19 February this year.

While the details of what happened are still sketchy, experts said banks could submit, or they can file claims with their insurers and processors. A complaint against the processing plants in the garden

“There are no hard and fast rule,” said Dan Karson, U.S. President Kroll Advisory Solutions. “We are a new cyber atmosphere finances and the allocation of responsibility is still in development.”

claims of banks to processors depending on the contract between the two parties, Karson and other experts. These contracts include safety standards in the industry, needed by the major payment networks with a credit card, in this case MasterCard.

In most cases of security breach, makes the processor in question does not fully meet the standards, said Doug Johnson, vice president of risk management policy of the American Bankers Association.

But even if the processor has failed to comply with safety standards, banks can not still be able to get their money back. This is because the contracts between processors and banks, including the credit card companies like to make Visa or MasterCard conditions, generally limit the liability of the processor.

“They can not all together, or they will be out of business,” said Michael Klaschka of Integro Insurance Brokers, which many financial institutions as clients. “Have the bank may have little recourse against the credit card processor.”

kick in the Bank of Muscat, the processor is enStage Inc., based in Cupertino, California, a source close said at the Bank of Muscat.

In a statement Sunday, Bank Muscat said that given the opportunities to get the money back. “We confirm that we all possibilities of recovery in order to protect the interests of shareholders and to bring if the height markets are important in this context” developments, the statement said.

enStage officials did not respond to requests for comment Saturday. EnStage CEO Govind Setlur said in a statement in the Times of India that his company safety improvements had been carried out since the attack.

In RAKBANK, the processor is Electra Card Services India, according to people familiar with the situation. Electra Card The department said in a statement Sunday that the data appear to be compromised beyond its “processing environment.

MasterCard said it was working with police in the investigation and said its systems have not been affected by the attacks.

Banks can always try to sue for negligence or other claims processors but their success can be limited by their contracts, regulations specific fines and arbitration procedures mandated by arguing among corporate credit card.

These actions have proved difficult to win, according to Joseph Burton firm Duane Morris in San Francisco, an expert dispute in finance. U.S. federal courts have generally, but not unanimously, found that the banks are limited to contractual remedies.

In a major case , card issuing banks filed a class action lawsuit against Heartland Payment Systems after the processor announced in 2009 that hackers the data of more than 100 million credit cards were compromised.

A federal judge in Houston, Texas, rejected almost all of the claims in 2011, and notes that the banks were by their contract, which included set by Visa and MasterCard rules that determine how bound banks can redress may also request after a breakup. Banks call.

Bank of Muscat and RAKBANK payment from their insurers under their conditions.

Some banks also have a blanket of security for cybercrime, but experts say the market for such a policy is still relatively immature. We do not know whether the Bank of Muscat or RAKBANK made cyber insurance.

insurers in turn also their support claims against the processors, or processors own insurer.

“It is certainly possible that the bank could be left to the poor,” said Rivera Frederick law firm Perkins Coie , an expert in financial services disputes in the United States.

A complicating factor is that the banks are in the Middle East, while one of the processors is based in India, making it difficult to know which court jurisdiction in disputes. But experts say the requirements that credit card companies require banks and processors are global in nature.

federal prosecutors will also seek compensation for banks suspect arrested in the case, although the amount of funds available will probably not stolen the approach of the total amount of money.

The U.S. Department of Justice has indicted eight people he said money had retired, in New York and prosecutors seized hundreds of thousands of dollars in cash and bank accounts, as well as watches luxury SUV and a Mercedes.

But the cell in New York was just one part of a comprehensive and coordinated heist. U.S. prosecutors have not said where the leaders of the band were based.

Prosecutors said that the gang focused on prepaid debit cards issued by the two banks, using the pirates companies payment processing robberies to increase withdrawal cards. account balances and limits

The robbery is not compromised the accounts of all individual customers, unlike the case of identity theft. In these cases customers usually together with their financial institution or credit card companies, who in turn try to be the company that has been raped.

cure

Cyber attack stops access to JPMorgan Chase site

 

Cyber attack stops access to JPMorgan Chase site
The site

consumer banking at JPMorgan Chase & Co. is not available for some users Tuesday that the company has tried to deal with a denial of service cyber delayed access for some customers.

The latest trouble if Chase.com intelligence officials said for the first time Tuesday that cyber attacks and cyber espionage terrorism surpassed as the top security threat to the United States States.

JPMorgan and other large U.S. banks, including Bank of America Corp. and Citigroup, have recently warned their investors that their sites are attacked and that the attacks would continue.

JPMorgan spokesman Michael Fusco said the company continued to work on Tuesday to restore normal service. He declined to say how long the site was down Chase.com during the day.

Attempts by Reuters journalists access to the site worked mobile applications, but efforts to a personal computer via lifted a message that the site was down.

Evaluation of cyber-attacks came in an annual “global threat” briefing and was reinforced by the testimony of James Clapper, director of national intelligence, the U.S. Senate Intelligence Committee.

Cyber ​​attacks on

companies, especially U.S. banks are getting worse, the army of General Keith Alexander, head of the U.S. Army Cyber ​​Command, told a separate hearing of the Senate Armed Services Committee.

From September, a militant group called the pirate Izz ad-Din al-Qassam Fighters Cyber ​​said he big banks cyber attacks denial of service. Attacks can disrupt service to flood sites with high traffic.

December, customers of Wells Fargo & Co. had trouble using the website of the bank at least four days.