A widely used banking payment network was not breached in the $81 million hack of the Bangladesh central bank, the company’s chief executive said Thursday.
{mosads}”At the end of the day, we weren’t breached. It was, from our perspective, a customer fraud,” Gottfried Leibbrandt, CEO of the Society for Worldwide Interbank Financial Telecommunication (SWIFT), said at a financial conference in Frankfurt, according to Reuters.
Security researchers with the British defense contractor BAE Systems said last month that hackers exploited a flaw in a client messaging software known as Alliance Access.
The software comes from the Brussels-based SWIFT, a collective owned by over 3,000 financial institutions. Banks across the world use the system to exchange information about financial transactions.
In February, unknown hackers stole $81 million from the Bangladesh account at the Federal Reserve Bank in New York in what is considered the largest cyber heist in history.
According to BAE, the thieves used the malware to hide evidence and delay discovery of the attack, including erasing records of illicit transfers.
The Bangladesh police and a central bank official told Reuters that SWIFT technicians left certain security holes when they connected the messaging network to the Bangladesh bank’s system.
The bank is also weighing a lawsuit against the New York Fed for failing to catch the suspicious transfers.
SWIFT has said it is aware of a certain kind of malware targeting Alliance Access. But in a letter issued May 3, it told bank customers they are responsible for securing computers connected to the messaging network.
Leibbrandt said Thursday that more such attacks are likely.
“I don’t think it was the first, I don’t think it will be the last,” he said.