Tag Archives: hacking groups

The Heist: hacking central banks

federal reserve bank ny, Image from wikipedia

Hackers broke into the Bangladesh central bank’s computer systems in early February, 2016, according to the news service, which cited anonymous officials at the financial institution. The attackers stole the credentials needed to authorize payment transfers and then asked the Federal Reserve Bank of New York to make massive money transfers — nearly three dozen of them — from the Bangladeshi bank’s account with the Fed to accounts at other financial institutions overseas.  Four transfers to accounts in the Philippines, totaling about $80 million, worked. But then a fifth request, for $20 million to be sent to an apparently fictitious Sri Lankan nonprofit group, was flagged as suspicious by a routing bank because of the “fandation” error.

Bangladesh’s central bank was able to stop that transaction after the routing bank asked for confirmation. “The Sri Lankan bank did not disburse it immediately, and we could recover the full amount,” the central bank told the Financial Times.  The requests waiting to be processed — amounting to a total of between $850 million and $870 million, according to an unnamed official cited by Reuters — were also halted. So if it weren’t for that typo, the attackers might have escaped with a bigger payday. Bangladesh’s finance minister has blamed the incident on the Federal Reserve and said his government will “file a case in the international court against” the financial institution, according to the Dhaka Tribune. A New York Fed spokesman denied the accusation, telling The Washington Post in a statement that “there is no evidence of any attempt to penetrate Federal Reserve systems in connection with the payments in question” or that the institution’s systems were compromised. The spokesman said the payment instructions were “fully authenticated” using standard methods.

Excerpts from Andrea Peterson Typo thwarts hackers in $1 billion cyber heist on Bangladesh central bank, Washington Post, Mar. 11, 2016

How to Tear Down a Power Grid

pylons. image from wikipedia

In Ukraine on Dec. 23, 2015 the power suddenly went out for thousands of people in the capital, Kiev, and western parts of the country. While technicians struggled for several hours to turn the lights back on, frustrated customers got nothing but busy signals at their utilities’ call centers….Hackers had taken down almost a quarter of the country’s power grid, claimed Ukrainian officials.  Specifically, the officials blamed Russians for tampering with the utilities’ software, then jamming the power companies’ phone lines to keep customers from alerting anyone….Several of the firms researching the attack say signs point to Russians as the culprits. The malware found in the Ukrainian grid’s computers, BlackEnergy3, is a known weapon of only one hacking group—dubbed Sandworm by researcher ISight Partners—whose attacks closely align with the interests of the Russian government. The group carried out attacks against the Ukrainian government and NATO in 2014…

The more automated U.S. and European power grids are much tougher targets. To cloak Manhattan in darkness, hackers would likely need to discover flaws in the systems the utilities themselves don’t know exist before they could exploit them. In the Ukrainian attack, leading security experts believe the hackers simply located the grid controls and delivered a command that shut the power off. Older systems may be more vulnerable to such attacks, as modern industrial control software is better at recognizing and rejecting unauthorized commands, says IOActive’s Larsen.

That said, a successful hack of more advanced U.S. or European systems would be a lot harder to fix. Ukrainian utility workers restored power by rushing to each disabled substation and resetting circuit breakers manually. Hackers capable of scrambling New York’s power plant software would probably have to bypass safety mechanisms to run a generator or transformer hotter than normal, physically damaging the equipment. That could keep a substation offline for days or weeks, says Michael Assante, former chief security officer for the nonprofit North American Electric Reliability.

Hackers may have targeted Ukraine’s grid for the same reason NATO jets bombed Serbian power plants in 1999: to show the citizenry that its government was too weak to keep the lights on. The hackers may even have seen the attack as in-kind retaliation after sabotage left 1.2 million people in Kremlin-controlled Crimea without lights in November 2015. In that case, saboteurs blew up pylons with explosives, then attacked the repair crews that came to fix them, creating a blackout that lasted for days. Researchers will continue to study the cyber attack in Ukraine, but the lesson may be that when it comes to war, a bomb still beats a keyboard.

Excerpts How Hackers Took Down a Power Grid, Bloomberg Business Week, Jan. 14, 2016