Page 7 - Cyber Warnings
P. 7
This means that you can “wire” instructions to use your funds, and then send them to specific
destinations via the SWIFT inter-bank system.
Even if a highly ambitious and skilled cyber attacker wanted to hit the Federal Reserve, it would
be extremely tricky. The central system where the money is managed isn’t open to outsiders, so
it can be hard to research, penetrate and roam around.
However, that central system does allow individual account holders to access their accounts.
For this reason, hackers don’t really need to hit the bank; they can just target one of the bank’s
customers. In this case, the country of Bangladesh. This would be akin to hitting an online
banking customer by putting a Trojan on their machine: it’s not a breach of the bank’s network,
but rather an end-user attack. Only in our case the end-user has a budget the size of Arizona.
Selecting an end-user target
One of the interesting questions is – why Bangladesh? Is it because it’s not a country known for
tight cyber security? Is it because the hackers were from South East Asia and that’s where they
have set up the cash out operation?
How specific was the selection – did the hackers pick Bangladesh intentionally, and then make
their way into the network of the nation’s central bank? Or maybe they tried several end-users,
and Bangladesh was the most promising venue?
Could it be an opportunistic attack, meaning, that a smart botnet operator found that one of the
compromised machines pinging home comes from the Bank of Bangladesh’s network – and
simply sold it to a cyber crime gang who then staged the operation? It is difficult to say at this
point, but it may be revealed during the ongoing investigation, or it could come up as part of the
defense pitch in the lawsuit between the State of Bangladesh and the Federal Reserve.
Finding the right employee
Once they selected the Central Bank of Bangladesh as the end-user target in the Federal
Reserve System, they had to acquire some pretty specific real estate in order to stage the
attack.
It was essential for them to find a way to access a computer from which a bank employee could
initiate a money transfer – likely a specific PC or server – and steal the credentials used to
authenticate Bank of Bangladesh to the Federal Reserve when using the SWIFT network.
For this they had to have located the relevant Bank of Bangladesh employee, spear phish
them, and establish a foothold on their PC. They also had to have selected their target
employee carefully. Depending on the specific control used, they needed to find a person who
was authorized to move around such a significant sum of money.
7 Cyber Warnings E-Magazine – April 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
