SWIFT tells banks to share information on hacks

International financial messaging service SWIFT told clients on Friday to share information on attacks on the system to help prevent hacking, after criminals used SWIFT messages to steal $81 million from the Bangladesh central bank.

Earlier on Friday, Reuters reported that Wells Fargo, Ecuador's Banco del Austro (BDA) and Citibank, whose managing director, Franchise Risk & Strategy, Yawar Shah, is SWIFT's chairman, did not inform SWIFT of an attack last year in which more than $12 million was stolen from BDA.

The banks and Shah all declined to comment on why they did not inform SWIFT.

Banks use secure SWIFT messages for issuing payment instructions to each other. The network is considered the backbone of international finance but faith in its security has been rocked by the theft from Bank Bangladesh's account at the Federal Reserve Bank of New York.

 

SWIFT said in a communication to users on Friday that they should "immediately inform SWIFT of any suspected fraudulent use of their institution's SWIFT connectivity or related to SWIFT products and services."

SWIFT is especially concerned about the use of malware to access interfaces with the SWIFT network. The Belgium-based co-operative, which is owned by its user banks, said it needed technical information from systems which have been compromised with malware to better understand the risks of attack.

Malware was used in the hacks on Bank Bangladesh in February and in the BDA case in January 2015.

"It is essential that you share critical security information related to SWIFT with us, "SWIFT said.

SWIFT told clients it would notify them as soon as possible of cases where malware had been used to attack systems "so that you can better target your preventative and detective efforts".

 

SWIFT did not inform clients about the BDA theft because it was unaware of it, a spokeswoman told Reuters.

(Additional reporting by Elizabeth Dilts in New York; Editing by Greg Mahlich and Matthew Lewis)