Swift slow on strong security say execs
Current and former executives and managers of Swift, say for years the organisation suspected there were weak points in the way smaller banks used its messaging terminals – but did not address the issues, according to Reuters.
In a lengthy investigation by Reuters, sources say that until February, “when hackers tried to steal nearly $1 billion dollars by breaking into the messaging system at Bangladesh’s central bank, Swift had not regarded the security of customer terminals as a priority”.
“The board took their eye off the ball,” says Leonard Schrank, who was chief executive of Swift from 1992 to 2007.
“They were focusing on other things, and not about the fundamental, sacred role of Swift, which is the security and reliability of the system.”
The managers told Reuters that top executives either did not receive information from member banks about specific attempts to hack the messaging network, or failed to spot those attempts themselves.
Prior to his report, Swift has been seeking stronger security. The initiative follows a spate of thefts when banks’ access to its network was used to execute the crimes. Recently, $10 million was stolen from an unnamed Ukrainian bank; and investigators were looking at more potential computer breaches following three attacks – the Bangladesh one; Vietnam’s Tien Phong Bank stopping an attempted wire fraud; and Ecuador’s Banco del Austro losing around $9 million.
In Swift’s annual reports and strategy plans from the past 17 years Reuters says it could find only one reference to it helping its users secure their systems. That was in June last year.
Schrank is not alone in the criticism. Former board member Arthur Cousins says Swift believed bank regulators were responsible for ensuring smaller banks’ security procedures were “robust enough to repel hackers”.
A Swift spokeswoman responds: “Swift and its board have prioritised security, continually monitoring the landscape and responding by adapting the specific security focuses as threats have evolved. Today’s security threats are not the same threats the industry faced five or ten years ago – or even a year ago – and like any other responsible organisation we adapt as the threat changes.”
Other voices in the report highlighted their concerns. People seem to be lining up to take pot shots.
Alessandro Lanteri, a former executive with Unicredit who served on Swift’s board between 1995 and 2000, says security challenges increased when smaller banks in emerging markets joined the network.
Martin Ullman, a Swift consultant, raised the inappropriate use of LinkedIn for technical advice. Hugh Cumberland, a former Swift executive, says he saw security risks back in ye olde 1993. While, Fritz Klein, a former Credit Suisse banker who served on Swift’s board from 1998 to 2002, says the length of tenure of some members doesn’t encourage fresh thinking.
Despite the report, Swift has been vocal in its ambitions to improve security. Back in June, Swift CEO Gottfried Leibbrandt warned banks with inadequate cyber defences they could find themselves booted off its payment network.