Ukraine: US$ 10 Million Stolen From Unnamed Bank via Swift

Published: 28 June 2016

SWIFT Logo (Photo Credit: Wikipedia)

By Igor Spaic

An independent IT monitoring organization revealed that cyber criminals exploited the SWIFT international banking system to steal US$ 10 million from a Ukrainian bank, reported the Kyiv Post Sunday.

The revelations reportedly stem from the Ukrainian branch of the Information Systems Audit and Control Association (ISACA), which, according to the International Business Times, stated the theft was conducted in a way similar to the one the Bangladesh central bank experienced earlier this year – when cyber criminals stole about US$ 81 million from the bank.

According to the Kyiv Post, the theft surfaced after a Ukrainian bank hired ISACA to conduct an investigation. An ISACA member told the newspaper that “dozens of banks (mostly in Ukraine and Russia) have been compromised, from which has been stolen hundreds of millions of dollars”.

According to the International Business Times, the bank in question will likely not be named until it chooses to go public with the information, as analysts abide by strict non-disclosure agreements.

According to media reports, ISACA stated the cyber criminals most likely used tools and information that are publicly available. The organization reportedly said thefts like this one usually take months to complete – the cyber criminals break into the internal networks of a financial institution and study its internal processes and controls, only to start submitting fraudulent money orders to webs of offshore companies and siphoning off millions of dollars.

In April, SWIFT  (The Society for Worldwide Interbank Financial Telecommunication) stated that it was aware of a number of cyber incidents – criminals who gained access to the credentials of those authorized to create and approve messages were able to send fake messages via computers that interface with the SWIFT system, which enables financial institutions to exchange information on transaction details.

Such fake transfer requests were also used in an attempt to steal more than US$ 1.1 million from the Tien Phong Bank in Vietnam in May.

This story has been clarified to better explain the sources of the breaches of the network.