Monday, June 27, 2016

Sunday Globe Special: SWIFT Kick in the....

Get your money out of the bank.... NOW!!

"Hackers’ $81 million sneak attack on world banking" by Michael Corkery New York Times  April 30, 2016

NEW YORK — Tens of millions of dollars siphoned from the Federal Reserve Bank of New York. A shadowy set of casinos in the Philippines. A large bank in Bangladesh with creaky technology. An unknown, and perhaps uncatchable, group of thieves with sophisticated hacking skills.

What unites this mysterious mix of elements and enabled one of the most brazen digital bank heists ever is a ubiquitous and highly trusted international bank messaging system called SWIFT.

SWIFT — the Society for Worldwide Interbank Financial Telecommunication — is billed as a super-secure system that banks use to authorize payments from one account to another. “The Rolls-Royce of payments networks,” one financial analyst said.

But last week, for the first time since hackers captured $81 million from Bangladesh’s central bank in February, SWIFT acknowledged that the thieves have tried to carry out similar heists at other banks on its network by sneaking into the heart of the global banking system.

“There are many banks out there right now saying, ‘There but for the grace of God go us,’” said Gareth Lodge, a payments analyst at Celent, a financial consulting firm.

The admission that the attack was not a one-time event in a developing country but perhaps part of a broader threat has thrust SWIFT into a spotlight, raising questions about how securely money is being moved around the world. Some financial security experts point out the SWIFT system is only as safe as its weakest link.

The attack also reflects a growing sophistication among digital criminals, who for years have been breaching personal bank accounts and stealing credit card credentials.

The thieves in Bangladesh may have spent months lurking inside the central bank’s computers, studying how to steal the necessary credentials to gain access to SWIFT.

It is the digital version of the heist depicted in the movie “Ocean’s Eleven,” said Adrian Nish, head of the cyberthreat intelligence team at BAE Systems, a defense and security company.

“The trend is moving from opportunistic crime to Hollywood-scale attacks,” said Nish, whose firm has analyzed the malware believed to have been used in the Bangladesh breach. 

I'm starting to wonder if that is what we are being fed -- for the u$ual rea$ons.

In the United States, most banks take special precautions with their SWIFT computers, building multiple firewalls to isolate the system from the bank’s other networks and keeping the machines physically isolated in a separate locked room.

But elsewhere, some banks take far fewer precautions. And security experts who have analyzed the SWIFT breach said they had concluded that the Bangladesh bank may have been particularly vulnerable to an attack.

“SWIFT is a great organization,” said Chris Larsen, the founder of Ripple, a financial technology company that aims to speed up global money transmissions. “But the system is fractured and antiquated. The way it is set up, you cannot totally isolate problems in a place like Bangladesh from the whole network.”

Then go on over to the NSA. It's reputed that they had the telecoms store all the information. I mean, if they and the other Five Eyes can't find it that whole surveillance collection system is useless.

SWIFT’s growth in recent years — it set a record for messages in March — reflects the increasingly global and interconnected nature of finance. But it also shows the risk of so many financial instructions running through a single system made up of a patchwork of banks and companies with varying levels of online protection. 

I suppose the answer is some sort of higher level centralized bureaucracy, right?

Each bank on the SWIFT network is identified by a set of codes. And it was the codes assigned to the Bank of Bangladesh that were recognized — correctly — by the Federal Reserve Bank of New York when it transferred $81 million of the Bangladesh bank’s money to the Philippines, not knowing that someone had stolen the credentials of the Bangladesh bank and installed malware to cover his or her tracks.

To conceal the crime, the malware disabled a printer in the Bangladesh bank to prevent officials from reviewing a log of the fraudulent transfers.

The money was transferred to accounts in the Philippines and then into the Philippine casino system, which is exempt from many of the country’s anti-money-laundering requirements.

The New York Fed has been criticized for letting the $81 million slip out.

Representative Carolyn B. Maloney, Democrat of New York and member of the Financial Services Committee, has called for an investigation, warning that the breach “threatens to undermine the confidence that foreign central banks have in the Federal Reserve, and in the safety and soundness of international monetary transactions.”

The New York Fed said in a statement that “there is no evidence that any Fed systems were compromised” and that the transfer of the money had been “fully authenticated” by SWIFT.

No money missing or anything? Hmmm.


I've said it for years: the biggest hackers on the planet are the U.S. government, the untouchable Jewish mafia, and the software security companies that benefit, not the enemy du jour, be that Russia, China, Iran, Syria, North Korea, whoever!

Occasionally authority and it's mouthpiece media admit offensive operations, but that usually goes right down the old memory hole.

Following the leads to Bangladesh:

"Two men stabbed to death in Bangladesh" Associated Press  April 25, 2016

NEW DELHI — Unidentified assailants fatally stabbed two men in Bangladesh’s capital Monday night, including a gay rights activist who also worked for the U.S. Agency for International Development, police said, in the latest in a series of attacks targeting atheists, moderates and foreigners.

AID = CIA. That means they are flying under the cover of the rainbow flag and it explains why it is such a prevalent issue in the ma$$ media. 

Regardless, I'm no for the killing of anyone for any reason. Live and Let Live.

Police said they suspected radical Islamists in the attack, which occurred two days after a university professor was hacked to death. There was no immediate claim of responsibility. 

The tying of the two together is clearer now after Orlando. This type of stuff laid the groundwork.

The victims were identified as USAID employee Xulhaz Mannan, who previously worked as a U.S. Embassy protocol officer, and his friend, Tanay Majumder, according to Mohammed Iqbal, a police officer in Dhaka’s Kalabagan area. Mannan was also an editor of Bangladesh’s first gay rights magazine, Roopbaan, as well as a cousin of former Foreign Minister Dipu Moni of the governing Awami League party.

The U.S. ambassador condemned the killing, just weeks after the U.S. government and numerous rights groups urged the government of the Muslim-majority country to better protect its citizens and secure free speech.

‘‘I am devastated by the brutal murder of Xulhaz Mannan and another young Bangladeshi this evening in Dhaka,’’ Ambassador Marcia Bernicat said in a statement. ‘‘Xulhaz was more than a colleague to those of us fortunate to work with him at the U.S. Embassy. He was a dear friend.’’

Security guard Mohammed Parvez told reporters that five or six young men posing as employees of a courier service entered the six-story building where Mannan lived and went upstairs to his unit. He said they hit him with knives later when they left. He was treated at Dhaka Medical College Hospital for his injuries.

A man who told local broadcaster Somoy TV that he had witnessed the attack also said at least five young men took part in the killing. He said they chanted ‘‘Allahu Akbar,’’ or ‘‘Allah is Great’’ as they left the scene.

It all reeks of a false flag or worse, a staged and scripted even or drill. 

Bangladesh has been riven by a wave of deadly attacks on foreigners, religious minorities and secular bloggers, raising fears that religious extremists are gaining a foothold in the country, despite its traditions of secularism and tolerance.

Then tell the U.S. and its allies to stop supporting them.

Prime Minister Sheikh Hasina’s government has cracked down on domestic radical Islamists. Although the Islamic State group has claimed responsibility for several attacks, including the killing Saturday of university professor Rezaul Karim Siddique in a northwestern city, Hasina’s government dismisses the claims and insists the extremist group has no presence in the South Asian country.

The U.S. government earlier this month said it is considering granting refuge to a select number of secular bloggers facing imminent danger in Bangladesh.

I'm happy to see my government offers sanctuary to bloggers, and you certainly can see why I remain anonymous.

‘‘We abhor this senseless act of violence and urge the government of Bangladesh in the strongest terms to apprehend the criminals behind these murders,’’ Bernicat said in her statement.

The rights group Amnesty International also pressed the Bangladeshi government to do more, with its South Asia director, Champa Patel, saying that Monday’s attack ‘‘underscores the appalling lack of protection being afforded to a range of peaceful activists in the country.’’

The group noted that homosexual relations are considered a crime under Bangladeshi law, making it harder for gay activists to report any threats against them.

‘‘There have been four deplorable killings so far this month alone. It is shocking that no one has been held to account for these horrific attacks, and that almost no protection has been given to threatened members of civil society,’’ Patel said.


"Al Qaeda says it killed Bangladesh gay activist, friend" AP  April 26, 2016

NEW DELHI — The Bangladeshi branch of Al Qaeda claimed responsibility Tuesday for the killing of a gay rights activist and his friend, undermining the prime minister’s insistence just hours earlier that her political opponents were to blame for the attack and for a rising tide of violence against secular activists and writers.

Otherwise known as Al-CIA-Duh.

The claim by Ansar-al Islam — which said it targeted the two men on Monday night because they were ‘‘pioneers of practicing and promoting homosexuality’’ — raised doubts about Prime Minister Sheikh Hasina’s repeated assurances that authorities have the security situation under control.

Maybe they need the U.S. fleet to stop by and dispatch some troops.

The victims of the attack were identified as Xulhaz Mannan, an activist who also worked for the US Agency for International Development, and his friend, theater actor Tanay Majumder. Mannan, a cousin of former foreign minister Dipu Moni of the governing party, was also an editor of Bangladesh’s first gay rights magazine, Roopbaan. Majumder sometimes helped with the publishing, local media said.

At the White House, press secretary Josh Earnest took note of Mannan’s advocacy for lesbian, gay, bisexual, and transgender causes and said there were ‘‘reports that indicate that he was targeted because of his advocacy for these human rights and that makes his death even more tragic than it seems.’’ He said the US government had been in touch with the government of Bangladesh to make clear that a thorough criminal investigation should be a priority. 

I would say all deaths are tragic, including those ground down by the AmeriKan war machine. Beyond that I would say I'm offended by the notion that some deaths are more important than others, especially when they are being pushed by the same mass-murdering war criminals.

Just hours before the claim of responsibility, the prime minister had pointed the finger at her political opponents, the fundamentalist Jamaat-e-Islami group and its ally, the opposition Bangladesh Nationalist Party.

‘‘Everybody knows who are behind these killings,’’ Hasina told policy makers in her secular Awami League party Monday night, repeating her government’s allegation that the opposition was orchestrating the attacks to destabilize the country.

Yeah, we do.

The opposition said that they are being scapegoated for Hasina’s failure to maintain security and placate the country’s desire for Islamic rule.


"3 detained in Bangladesh after stabbing death of Hindu man" Associated Press  May 01, 2016

NEW DELHI — The Islamic State group-affiliated Aamaq news agency issued a statement.

The killing was similar to other recent attacks in Bangladesh on atheist bloggers, academics, religious minorities, and most recently a gay rights activist by Muslim extremists.

Five have been killed this year, including the attacks last Monday of Xulhaz Mannan, a US Agency for International Development employee and gay rights activist, and Tonmoi Mahbub, a theater actor. Two days earlier, on April 23, a university professor, A.F.M. Rezaul Karim Siddique, was hacked to death. Nine others were killed last year.

While there have been some arrests — mostly of low-level operatives — there have been no prosecutions so far, and authorities have struggled to make any headway in naming those planning the attacks. 

Smelling like, you know....

Nearly all the attacks have been claimed by international Islamist extremist groups, including the Islamic State and various affiliates of Al Qaeda. The government, however, has denied that these groups have a presence in Bangladesh and has blamed the violence on the political opposition.


They did make some arrests:

"Bangladesh arrests over 5,000 in crackdown on extremists"Associated Press  June 12, 2016

DHAKA, Bangladesh — Police in Bangladesh said Sunday that they have arrested more than 5,000 criminal suspects in the past few days as they continue a nationwide crackdown to try to stop a growing wave of brutal attacks on minorities and activists.

Since the crackdown began on Thursday, police have arrested 5,324 people, including 85 suspected Islamist radicals, said police spokesman Kamrul Ahsan. The majority of those arrested have petty criminal records. More arrests are expected through this week.

At least 18 people, including atheist bloggers, foreign aid workers, and religious minorities, have been killed in attacks over the last two years. In incidents last week, two Hindus were fatally attacked.

The attacks have alarmed the international community and raised questions about whether Bangladesh’s secular government can protect minorities and secular writers and intellectuals in the Muslim-majority nation.

The crackdown began four days after the wife of a police superintendent who led drives against Islamist militants and drug cartels was shot and stabbed to death in the southeastern city of Chittagong. The killing caused a furor among Bangladesh’s political establishment, many of whom considered her as one of their own. Days after that attack, Prime Minister Sheikh Hasina vowed to root out radicals and defeat their bid to establish Islamic rule in the country.


Looks like Bangladesh is at a crossroads.

How are those factory inspections coming anyway?

Now let's SWIFTly return to where we started:

"The Federal Deposit Insurance Corp. on Monday retroactively reported to Congress that five additional ‘‘major incidents’’ of data breaches have occurred since Oct. 30. FDIC also is launching ‘‘a new initiative to enhance security.’’ The incidents involved the breach of taxpayers’ personally identifiable information, The Washington Post has learned. In each case, employees with legitimate access to the information were leaving the agency when they inadvertently downloaded the data along with personal files. The individuals involved provided affidavits saying the data was not shared. FDIC considers these to be low-risk cases, but they each meet the threshold of 10,000 records inappropriately exposed. They are being retroactively reported now because the cases were closed before an FDIC Office of Inspector General decision in February to define ‘‘major incident’’ as one that involves at least 10,000 records."

"Global network exploited again in bank breach" by Michael Corkery New York Times  May 13, 2016

Thieves have again found their way into what was thought to be the most secure financial messaging system in the world and stolen money from a bank. The crime appears to be part of a broad online attack on global banking.

Really makes you feel safe about all the apps and everything, the whole world going digital and all, huh?

New details about a second attack involving SWIFT — the messaging system used by thousands of banks and companies to move money around the world — are emerging as investigators are still trying to solve the $81 million heist from the central bank of Bangladesh in February. In that robbery, the attackers were able to compel the Federal Reserve Bank of New York to move money to accounts in the Philippines.

This may well be setting the stage for a massive hack that will crash the system entirely, therefore providing cover for the managers and political slaves here while directing it at some foreign enemy (likely Russia and China now).

The second attack involves a commercial bank, which SWIFT declined to identify. But in a letter SWIFT plans to share with its users on Friday, the messaging network warned that the two attacks bore numerous similarities and were very likely part of a “wider and highly adaptive campaign targeting banks.”

The unusual warning from SWIFT, a copy of which was reviewed by The New York Times, shows how serious the financial industry regards these attacks to be. Some banking experts say they may be impossible to solve or trace. SWIFT said the thieves somehow got their hands on legitimate network credentials, initiated the fraudulent transfers and installed malware on bank computers to disguise their movements.

“The attackers clearly exhibit a deep and sophisticated knowledge of specific operation controls within the targeted banks — knowledge that may have been gained from malicious insiders or cyberattacks, or a combination of both,” SWIFT said in its warning, which is expected to be posted on a secure part of its website on Friday.

Security experts who have studied the attacks said the thieves probably were lurking inside the bank systems for months before they were detected.

Best way to rob a bank is to work there.

In its warning, SWIFT pointed to another worrying situation: that the gang of thieves may have been able to recruit bank employees to hand over credentials and other key details.

In both cases, the core messaging system of SWIFT was not breached; rather, the criminals attacked the banks’ connections to the SWIFT network. Each bank is responsible for maintaining the security of its connection to SWIFT. Digital criminals have found ways to exploit loopholes in bank security to obtain login credentials and dispatch fraudulent SWIFT messages.

The attacks have been a major headache for the ubiquitous and publicity-shy SWIFT, an acronym for the Society for Worldwide Interbank Financial Telecommunication. Based in Belgium, Swift is partly owned and overseen by the world’s biggest banks.



"A group claiming to be Anonymous called for a shutdown of bank and financial institution sites across the globe earlier this month and asked supporters to “throw a wrench into the machine.”

They may be Anonymous, but they smell like government to me. 

Who benefits when they wrench something? 

We always get greater cries for more surveillance.

"As businesses spend billions to protect data from hacking, they face another threat close to home: data theft by their employees. That’s one finding in a survey to be published by the management consultant Accenture and HfS Research on Monday. Of 208 organizations surveyed, 69 percent “experienced an attempted or realized data theft or corruption by corporate insiders” in the past 12 months, compared to 57 percent that experienced similar risks from external sources. Media and technology firms, and enterprises in the Asia-Pacific region reported the highest rates — 77 percent and 80 percent, respectively. Despite high-profile breaches at Sony, Target, and the US Office of Personnel Management, many corporations do not yet consider cybersecurity a top priority, Accenture found. Seventy percent of respondents said they lacked adequate funding for technology, training, or personnel."

UPDATEBombing at Bangladesh’s Largest Eid Gathering Kills at Least 3