Exclusive: UK banks ordered to review cyber security after SWIFT heist

Members of the public walk past the Bank of England in central London June 3, 2008.

Reuters/Alessia Pierdomenico

The Bank of England ordered UK banks to detail steps taken to secure computers connected to the SWIFT bank messaging network about two months after a still-unidentified group used the system to steal $81 million from Bank Bangladesh, according to three people familiar with the effort.

The central bank sent the request to update cyber security measures to all banks it regulates in mid-to-late April, according to these people, who were not authorized to discuss the confidential communications.

The previously unreported action marks the earliest known case of a central bank in a major economy to order its member banks to conduct a formal security review in response to the Bangladesh theft, which has shaken the global system for transferring money among both commercial and central banks. 

The Bank of England, one of the G10 central banks that oversee Brussels-based SWIFT, said it had no immediate comment.

The FBI, authorities in Dhaka and private forensic experts are investigating the February cyber heist in Bangladesh where thieves raided a central bank account kept at the Federal Reserve Bank of New York, stealing $81 million. They installed malware inside the bank’s Dhaka headquarters that hid traces of their attack in a bid to delay discovery so they could access the funds, according to police and private security firms.

The Bank of England told banks to conduct a “compliance check” to confirm whether they are following security practices recommended by SWIFT, which the firm recently reissued to members in the wake of the February heist, one of the people said.

SWIFT declined to comment. The group has previously declined to release those guidelines, which were issued in private communications.

The checks called for by the Bank of England include conducting what are known as user entitlement reviews, which ensure that only authorized staff have access to SWIFT applications and the service’s messaging gateway, that person said.

Banks were also told to review computer logs for digital evidence known as “indicators of compromise,” including IP addresses and email addresses linked to recent attacks.

Those indicators include technical details included in reports from several private cyber security firms, including Britain’s BAE Systems PLC.

The communication from the Bank of England asked banks to respond by early May and provide details about plans for installing a security update to SWIFT Alliance Access software, according to the person. The messaging group last month released the update and asked members to install by May 16

Meanwhile, Sweden’s Riksbank on Wednesday called on all users of the central bank’s RIX payments system for large transaction to follow the SWIFT recommendations, a central bank spokesman told Reuters.

Earlier this week, Singapore’s central bank asked banks to maintain a high level of security for their critical IT systems following recent cyber attacks using the SWIFT financial messaging system.

In the Philippines, a senior central bank official said on Tuesday that regulators were crafting regulations to help banks and other financial institutions fend off cyber heists and minimize damage after any systems breach.

(Reporting by Andrew MacAskill in London, Jim Finkle in Washington; Additional reporting by Daniel Dickson in Stockholm; editing by Edward Tobin)