Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
15 views9 pages

Case

Uploaded by

dhakadb1510
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
15 views9 pages

Case

Uploaded by

dhakadb1510
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 9

Name; Balkishan Dhakad

M.Tech Iscf
Reg. No. 2412023010025

Case Study: SWIFT Network Hack –


The Bangladesh Bank Heist (2016)

Purpose Of Study;
The purpose of this study is to analyze the Bangladesh Bank
SWIFT hack (2016) in order to:
1. Understand attack methodology – Examine how
cybercriminals infiltrated the bank’s systems, exploited
weaknesses in the SWIFT network, and executed large-
scale fraudulent transfers.
2. Identify security vulnerabilities – Highlight the internal
control failures, lack of network segmentation, and poor
endpoint monitoring that enabled the attack.
3. Assess financial and operational impact – Study how the
heist resulted in financial loss, reputational damage, and
global concerns over banking cybersecurity.
4. Explore mitigation strategies – Review the corrective
measures taken by SWIFT and banking institutions
worldwide, such as stronger authentication, network
isolation, and anomaly detection.
5. Draw lessons for the future – Provide insights for banks,
financial institutions, and regulators to strengthen
cybersecurity policies and prevent similar large-scale
heists.

Techniques Used by the Attackers


1. Initial Compromise – Phishing & Malware
 Attackers likely sent phishing emails with malicious
attachments.
 Once opened, malware was installed on the bank’s
internal computers.
 This gave attackers remote access into the bank’s local
network.

2. Privilege Escalation & Lateral Movement


 After entry, attackers escalated privileges to gain
administrator-level access.
 They moved laterally inside the network until reaching
the SWIFT Alliance Access servers.

3. Exploitation of Weak Security


 No firewall between internal network and SWIFT
terminals allowed free movement.
 Outdated Windows systems were exploited (weak
patching, no strong endpoint protection).

4. Manipulation of SWIFT Messages


 Once inside the SWIFT terminal, attackers created
fraudulent SWIFT messages to instruct the Federal
Reserve Bank of New York to transfer money.
 They generated 35 fraudulent transfer requests totaling
$951M.

5. Log & Evidence Manipulation


 Installed custom malware on SWIFT systems to:
o Alter printer output (so fraudulent transfers would
not print).
o Modify transaction databases to hide malicious
entries.
o Delay detection by bank staff.

6. Money Laundering
 Successfully transferred $81M into accounts in the
Philippines.
 Laundered funds through casinos and shell companies,
making recovery difficult.
How They Detected the Attack
1. Printer Malfunction
o Normally, every SWIFT transaction request prints
out automatically at Bangladesh Bank for record-
keeping.
o The attackers had installed malware that disabled
the printer or modified the printouts, so fraudulent
transactions wouldn’t be noticed.
o Bank staff noticed that the printer was not working
properly, which raised suspicion.

2. Suspicious SWIFT Messages


o After checking system logs manually, employees
found unusual SWIFT transfer requests they hadn’t
authorized.
o These were hidden by malware but eventually
surfaced when staff investigated the printing issue.

3. Failed Transaction (Spelling Error)


o One fraudulent SWIFT request tried to send $20M
to a fake NGO in Sri Lanka.
o The request contained a spelling mistake: “Shalika
Fandation” instead of “Foundation.”
o This mistake triggered suspicion at Deutsche Bank
(an intermediary bank), which flagged it and
contacted Bangladesh Bank.

4. Unusual Activity Reports from Federal Reserve


o The Federal Reserve Bank of New York also became
suspicious when multiple large transfer requests
(totaling nearly $1B) came in at once.
o They held back some of the transactions pending
clarification.

Techniques to Prevent SWIFT-Like Attacks


1. Network Security & Segmentation
 Isolate SWIFT terminals from the general bank network
(no direct internet access).
 Use firewalls, VLANs, and DMZs so that malware
spreading in office systems can’t reach SWIFT.

2. Strong Authentication & Access Control


 Multi-Factor Authentication (MFA) for SWIFT access.
 Restrict access to SWIFT servers to authorized personnel
only.
 Apply least privilege principle (admins should not use
the same accounts for normal work).

3. Endpoint & Malware Protection


 Regularly patch and update systems connected to SWIFT.
 Use Endpoint Detection & Response (EDR) solutions to
detect malicious behavior.
 Block installation of unauthorized software.

4. Transaction Monitoring & Anomaly Detection


 Deploy real-time fraud detection systems that flag:
o Unusually large transfers.
o Transfers to new/unknown accounts.
o Transfers outside normal business hours.
 AI/ML-based monitoring to detect suspicious transaction
patterns.

5. Secure Logging & Printer Monitoring


 Maintain secure audit logs that cannot be tampered
with.
 Use redundant monitoring systems so a single
compromised printer or log cannot hide fraudulent
transfers.
6. SWIFT Customer Security Program (CSP)
After the hack, SWIFT enforced its CSP guidelines, which
include:
 Security awareness training.
 Mandatory penetration testing of SWIFT infrastructure.
 Shared responsibility between SWIFT and member
banks for cybersecurity compliance.

7. Incident Response & Threat Intelligence


 Banks now practice cyber incident response drills.
 Share threat intelligence about malware and attack
patterns across global banking networks.
 Early warning systems for suspicious SWIFT messages.

Lessons Learned
1. Even “secure” global systems are vulnerable through
weak links
o The SWIFT network itself wasn’t directly hacked —
attackers exploited the Bangladesh Bank’s poor
local security.
o Lesson: Every participant in a financial system must
maintain strong local defenses.
2. Basic security hygiene is critical
o No firewall, outdated Windows systems, and lack of
monitoring made the attack possible.
o Lesson: Simple measures like patching, network
segmentation, and access control can block
advanced attacks.
3. Defense-in-depth is necessary
o Relying only on SWIFT authentication failed.
o Lesson: Banks need multiple layers of defense —
monitoring, anomaly detection, and secure logging.
4. Human error can be a weak point — and a lifesaver
o The attack was partly uncovered due to a spelling
mistake (“fandation” instead of “foundation”).
o Lesson: Human review + automated detection both
matter in cybersecurity.
5. Cybersecurity in finance is global risk management
o The theft affected trust in international banking.
o Lesson: Cybersecurity is not just an IT issue — it is
tied to economic stability, regulations, and global
cooperation.

Conclusion
The Bangladesh Bank SWIFT hack highlighted how
sophisticated cybercriminals can exploit weak internal
defenses to compromise critical financial systems.
Despite using a secure global network like SWIFT, the
attackers succeeded by targeting endpoint vulnerabilities and
bypassing monitoring mechanisms.
The heist underscored the urgent need for:
 Stronger internal cybersecurity practices in banks.
 Global enforcement of security standards like SWIFT’s
Customer Security Program.
 Continuous monitoring, employee awareness, and
incident response readiness.
Ultimately, the case proves that in today’s interconnected
financial world, cybersecurity is not optional but essential to
safeguard trust, stability, and national security.

You might also like