When I first started in cyber security we looked to the Society for Worldwide Interbank Financial Telecommunication (SWIFT) as the gold standard for how to keep a system secure. It had two things going for it (1) Incentive: it was the transfer of money and money was always a target (2) Good Policy: policy that was followed with high standards. Given the happenings of late, we can wonder about that system. Syed Zain Al-Mamood and Katy Burne wrote today of the discovery of a second theft from the state-owned Sonali Bank in 2013. This is, of course, on top of the $81 million in the current investigation of the Bangladesh central bank.
The comment I loved the most was this: "A senior Sonali Bank official said the bank had informed Swift about the breach of its system in June 2013. Abu Muhammad Mustafa Kamal, secretary of the Anti-Corruption Commission, which investigated the Sonali Bank theft, said his agency “hadn’t been asked” to share information on the incident. The investigation found that the passwords of the Swift server were hacked, he said." That is not the way SWIFT is supposed to work. It means there are a lot more thefts that have gone undetected, or unreported. Somebody is making billions off of this and it isn't SWIFT.
There is time for a reconing. The international banking system cannot afford this kind of theft. It leads to the instability of the whole banking infrastructure, something the countries harboring these people really need. Maybe they don't think so, but no country can live with the inability to trade and finance through international banks.
No comments:
Post a Comment