Senior Democrat Wants Answers on Cyber Heist Targeting Central Banks

A top Senate Democrat is probing the response to recent hack attacks against a global interbank transaction network that some institutions fear could compromise the U.S. financial system.

On Thursday, Reuters reported that a Bangladeshi central bank official's hacked computer was the source of fraudulent transactions at the U.S. Federal Reserve that siphoned off $1 billion.

In one of the biggest-ever cyber robberies, unknown attackers sent fraudulent messages, ostensibly from the central bank in Dhaka, on the "SWIFT" messaging system, to the New York Fed seeking to transfer the money from Bangladesh Bank's account there.

Most of the transfers were blocked but about $81 million was sent to a bank in the Philippines. 

Sen. Tom Carper, D.-Del., ranking member on the Homeland Security and Governmental Affairs Committee, wants more information on what the Fed and SWIFT are doing to protect the worldwide banking network. 

There is no evidence currently that the assailants attempted to compromise the Fed's technology, "however these cyberattacks raise important questions about the security of the SWIFT system and the ability of its members to prevent future attacks," Carper said in letters to the head of each organization sent today. 

Following revelations of the Bangladesh heist, Vietnam's Tien Phong Bank told Reuters it thwarted a similar hack attack late last year that Bloomberg reports might have been a practice run for the big theft. The Vietnamese bank said the attempted transfer of $1 million was made through the infrastructure of an outside vendor hired to connect the bank to the SWIFT messaging system. The bank did not identify the company, but said it has discontinued working with that vendor and switched to a new system that enables it to connect directly with SWIFT.

As for why a lawmaker that oversees U.S. agencies is getting involved, Carper says in his letters, "Congress has a responsibility to continue to strengthen our nation’s cybersecurity, including ensuring that the system used by our banks to engage in cross-border transactions is secure."

Her wants written answers and a briefing in response to his inquiry. Given the bad guys tried to rob the Vietnamese bank several months before the assault on the Bangladesh institution, he questions the information-sharing practices that the New York Fed had in place regarding cyber threats targeting SWIFT-member banks. 

There are security standards for banks that use the network but the protocols are not mandatory. Carper asks SWIFT Managing Director Patrick Antonacci what the consequences are for members who do not follow the security standards. He asks New York Fed President William Dudley if the Fed has helped any foreign or commercial bank users lock down the SWIFT exchange tighter. 

Coordination among SWIFT, the Central Bank of Bangladesh, and the departments of Treasury and Homeland Security also are of interest to Carper.