back to article FOURTH bank hit by SWIFT hackers

A fourth bank, this time in the Philippines, has been attacked by hackers targeting the SWIFT inter-bank transfer system. Security researchers at Symantec reckon the same group blamed for the infamous $81m Bangladesh central bank mega-heist back in February also mounted an earlier assault in the Philippines last year, itself …

  1. Alexander J. Martin

    Really interesting, but how would such large thefts be cashed by the Norks?

    1. Charles 9

      The usual ways: smurfing, money laundering, and mules.

      1. Swarthy

        Account details where the money is stashed traded to former KGB officers with a few "missing" nukes, lease on a volcano lair, fluffy white cats...

        1. Triggerfish

          Do you have to money launder when you are a goverment?

    2. TheVogon

      "but how would such large thefts be cashed by the Norks?"

      Probably to finance Kim's personal DVD collection (20,000+ !)

      1. CPU

        Still smaller than mine ;-)

  2. Doctor_Wibble
    Trollface

    This is late! Finger-pointing was due last week!

    Blaming North Korea is supposed to be done with nice regular clockwork-like regularity. Instead it's been too long since the last one and we are now exposed as being a bunch of total amateurs on the world stage, clearly having no proper schedule for these things.

    So why are the Norks nicking foreign money anyway, can't they just print more of their own or did they see the advert for shpock and are now desperate to have a go for themselves in an attempt to remedy their unpublicised shortage of handbags and bicycles?

  3. Version 1.0 Silver badge

    Lil' Kim Jong-un

    I was skeptical of NORK involvement initially but this is starting to look like a nation/state project and the NORKs are the best candidate given the apparent evidence in the code and the relative prosperity of the DPRK in spite of the increasing embargoes on trade. If this is actually the case then it's likely that we're only hearing of a small proportion of the thefts.

    1. Alan Brown Silver badge

      Re: Lil' Kim Jong-un

      " in spite of the increasing embargoes on trade."

      The Russia/NK corridor and railway line is going gangbusters at the moment, with foreigners still kept at least 30 miles away from the border on the russian side.

      Remember: NK was created by Stalin. The chinese only put up with it because it acts as a buffer between them and the west, plus they don't want millions of refugees coming north.

      If SK and China ever start talking about how to handle the refugee issue, NK's days are numbered.

  4. g00se
    WTF?

    Vectors?

    What i can't understand is, in these malware tales, why the malware vectors are almost never identified. Maybe someone can explain?

    1. Anonymous Coward
      Anonymous Coward

      Re: Vectors?

      After installing their main route for ongoing operations the second thing an attacker should do is remove the initial attack vector. That way if they get shut out by being noticed or by accident they can reuse a similar attack to get back in again.

  5. Bob Rocket

    It's behind you.

    'SWIFT still maintains that the problems lie with the affected banks - it has said that their systems must have been compromised and credentials stolen – while acknowledging that it needs to do more to fight fraud.'

    It is SWIFT stealing the money and blaming the customers for using an obvious PIN.

  6. Speltier

    Supernotes

    Maybe the Norks will route the money to the Swiss to buy some shiny new intaglio presses before the Great Satan (and the Seven Lesser Satans in Europe) upgrade their money printers to fend off the latest round of supernotes (which are only $100 bills, apparently Brussels is quiet on the Nork counterfeit 500 euro notes shortly to become obsolete due to "tax evasion" as a convenient cover to disrupting the Norks). The Swiss are always willing to sell anything to anyone who can flash enough cash. The barrier to entry for the next round of note printing is hundreds of millions, and the best place to get big cash is from central banks.

    Anything left over supposedly buys cognac from France, Mercedes from Germany, Rolex watches, and probably Jesus Phones... no communist dictatorship is complete unless the first among equals are well greased and comfortable.

  7. Christian Berger

    Attribution is near impossible

    You cannot tell where software comes from... or to be more precise you can always fake that. Just install a Chinese version of your development platform and compile your software there.

    We will see how this is used. If the banks now simply increase their actual security, for example by banning "Office" software, HTML-mail and using other cheap but effective tricks, it may have been criminals.

    If instead people use this to lobby for more Cyberwar, it is very likely a false flag operation. After all passive defense is simple and cheap, war is much more profitable.

  8. Anonymous Coward
    Joke

    Worm infesting needless data on whole system

    https://www.youtube.com/watch?v=qJ4KbXRrd00

  9. herman Silver badge

    Totally unsurprising

    I have had money disappear in transit. The experience convinced me that money could therefore also appear out of nowhere in the same way. The system of international transfers is insecure with no/little end to end checks.

    So while crooks at the moment concentrate on diverting money, wait till they figure out how to create money out of thin air, because then since nobody lost anything, they will likely get away with it scotfree.

  10. Anonymous Coward
    Anonymous Coward

    Symantec? Ok Stupid question.

    Q. Since Symantec is doing the cleanup analysis, does this mean they provided protection to all involved parties?

  11. CPU
    Holmes

    Follow the money

    If someone shoots you with a Glock, you don't say it was Austria that must have done it ¬_¬

    As the only two recovered transfers were both from 'a bloke in China' one might assume the Chinese are at it? Yet the finger is pointed at Norks simply because it utilised some of their code from the Sony Job (like the Italian Job, but with less European flair and Michael Caine). And the Sony Job was also mix of code from different sources. Stop looking at re-used code that anyone in Black Market can get and follow the money.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like