This article states that the systems related to SWIFT transfers were supposed to be on an isolated network, but were not. Specifically that cheap unmanaged switches were used rather than expensive managed switches that would have allowed network isolation. Of course anyone who understands network security would point out that to rely on switch-based isolation alone is too risky. Switches can be compromised and mis-configured and sometimes don't provide the expected level of isolation even when correctly configured.
This is totally unsurprising to anyone that has seen in person the state of "enterprise" IT at a large organization in India, Pakistan or Bangladesh.
I have a feeling, but not evidence, that this bank's security was this bad on purpose to aid the thieves. Someone in the middle or on top might be getting a cut. Has anyone looked into that angle?<p>And does anyone have an I.P. address to another Bangladesh bank with $10 routers and stuff on SWIFT network? Just so I can try to SMTP a warning to that address to help them avoid being hit, too.
Short of building/installing your own router how can a highly sensitive business protect themselves from things like this? Obviously you don't want to be running random vulnerable hardware that is never updated. But what else?<p>I was thinking about having multiple layers (<i>security loves onions!</i>) with interchangeably components that you roll over at random. That way any given attack vector at one point might be mitigated by a different interface below it. Literally unplugging and plugging things in to shake things up.
Managed switch or linksys router how the hell is it so easy to push that much money around even if I work in that "room" and give you access to my computer for a hour there should have been some software to notice somethings going on. The switch is could have been a $10,000 switch and it still sounds to easy. I'd say inside job unless scanning the up range screamed out the company name and some easy vulnerabilities/old software versions which could have also been the case.
"Most of the payments were blocked but $81 million was routed to accounts in the Philippines "
Given that in most of the countries "Know Your Customer" (or its variations) is strictly followed, I wonder what makes it so difficult for multi nation police( involving interpol) to reverse track the hacker - from money receiving accounts -> account holders -> beating the s<i></i>t out of them to reveal senders name.