SWIFT has delivered a strongly-worded statement that rejects the claims made by both Bangladesh Bank and Bangladesh Police’s Criminal Investigation Department over one of the biggest cyberheists in history.
The global provider of secure financial messaging services said that claims by the aforementioned, that its technicians are to blame, as reported by Reuters, are “false, inaccurate and misleading”.
SWIFT even went so far as to say that the “accusations have no basis in fact”, adding further uncertainty over who was responsible for February’s attack.
“SWIFT was not responsible for any of the issues cited by the officials, or party to the related decisions.”
It said: “SWIFT was not responsible for any of the issues cited by the officials, or party to the related decisions.
“As a SWIFT user like any other, Bangladesh Bank is responsible for the security of its own systems interfacing with the SWIFT network and their related environment.”
In an earlier interview with Reuters, Mohammad Shah Alam, who heads up the criminal investigation department at Bangladesh Police, had said that the fault lay with SWIFT.
This was backed up by a Bangladesh Bank official, who said that responsibility for ensuring that the system was secure belonged to the global financial network.
Last month, a BAE Systems’ security researcher revealed that malware had been used by cybercriminals to carry out the $81 million cyberheist.
Worryingly, Sergei Shevchenko said that the tools that are believed to have been deployed “could feasibly be used for similar attacks in the future”.
He added: “All financial institutions who run SWIFT Alliance Access and similar systems should be seriously reviewing their security now to make sure they too are not exposed.
“This attacker put significant effort into deleting evidence of their activities, subverting normal business processes to remain undetected and hampering the response from the victim.”
by Narinder Purba, ESET We Live Security