Saturday, February 10, 2007

SWIFT: A Security Researcher Gets Offered The Big Score

Larry Greenemeier writes on InformationWeek:

The stakes can get pretty high in the hacker economy.

A few years ago, a security researcher living overseas was contacted by a man with an intriguing offer: The researcher would get 2.2 million euros (more than $2.8 million) for each financial services firm he helped the man and his group of cybercriminals infiltrate. All the researcher had to do was provide the group with Windows Terminal Services access with administrative privileges for each bank, which the thieves would then penetrate via the Swift network. Swift, the Society for Worldwide Interbank Financial Telecommunication, manages a network owned by about 8,000 banks in 206 countries and territories to facilitate electronic transfers.

The thieves seemed to have deep knowledge of the Swift system and how it could be manipulated. After pilfering funds from a number of banks, the thieves planned to create a shell game that would transfer the money from one financial institution to another until they could shake the trail of anyone investigating the theft and access the money. Cracking into the Swift systems was made easier, the researcher claims, by the presence of a critical Microsoft bug that at the time left vulnerable Internet Information Services servers running Secure Sockets Layer transactions.

More here.

Background here, here, and here.

0 Comments:

Post a Comment

<< Home