Cyber Monday Deal: Up to 60% off InvestingProCLAIM SALE

Slovenian bank was recipient named in failed Vietnam cyber-heist

Published 17/05/2016, 09:02
© Reuters. A woman rides a bicycle past the building of the State Bank of Vietnam in Hanoi
BAES
-
FPT
-

By Martin Petty and Mai Nguyen

HANOI (Reuters) - Cyber-criminals unsuccessfully tried to send 1.2 million euros (937,290 pounds) from a Vietnamese bank to a Slovenian bank via the SWIFT network last December, but there have been no other cases of fraudulent transfers in Vietnam, a top central bank official said on Tuesday.

Le Manh Hung, head of the State Bank of Vietnam's (SBV) Information Technology Department, told Reuters the Dec. 8 transfer was the only attempt to steal funds detected by Tien Phong Bank (TPBank).

Other Vietnamese banks and the SBV have not been hit, and the name of the Slovenian bank was not known, he said. It was not also clear how many accounts were listed as recipients.

Unlisted TPBank revealed the interrupted cyber heist in response to Reuters inquiries on Sunday. It involved the use of bogus SWIFT messages, the technique at the heart of February's massive theft from the Bangladesh central bank.

Swift, the linchpin of the global financial system, is used by about 11,000 banks and financial institutions for transactions. The two attacks on banks will likely increase scrutiny on the security of its network.

Interpol was immediately informed of the attack via its representative in Vietnam, Hung said.

"TPBank immediately informed SWIFT and its bank partner to immediately stop that 1.2 million-euro transaction so there was no financial loss," Hung said. He said TPBank found the bogus transfer through its own reconciliation system.

TPBank has not said which bank the funds were headed to and Hung said he did not know the identity of the Slovenian partner.

"TPBank also reported to Vietnamese legal authorities, SBV and Interpol to coordinate and hunt down the criminals," he said.

Hung said TPBank was hit because a third-party vendor it had used to connect to the SWIFT money transfer system was likely infected with malware. The vendor's Internet servers were based in Singapore, he said, adding he did not know the identity of the vendor provider.

OTHER METHODS

SWIFT has declined comment on TPBank's claims. On Thursday, it had said a unnamed commercial bank was targeted by a malware attack similar to the one at Bangladesh Bank.

However, SWIFT said the malware it had found was used to remove traces of fraudulent transactions, not to conduct the transactions.

In a May 13 statement, it said the attackers had used other methods to compromise the bank's security and send the fraudulent transfer requests. It did not say what those methods were.

Hung said it was the vendor that had been compromised, rather than TPBank's own systems. TPBank has declined Reuters requests for further comment.

TPBank, founded in 2008 by Vietnam's top technology firm FPT Corp (HM:FPT), is considered one of the communist country's most modern and tech-savvy banks and it this month received the "Best Internet Banking" prize from The Asian Banker.

Cybersecurity firm BAE Systems (L:BAES) last week said malware was used to target a Vietnamese commercial bank using fraudulent SWIFT messages.

Hung said that revelation had initially worried the SBV because it thought more Vietnamese banks had been hit but after enquiries it discovered BAE was referring to the December attack on TPBank.

It checked with Singapore-based IT consultants BLITZ, an authorised SWIFT partner in Vietnam, which he said had upgraded software of all local banks.

"The SBV was very cautious thinking this may be a new attack," he said.

"But this updated version (software) has many new functions that enable better security to users against hackers."

In February, in one of the world's biggest ever cyber-heists, hackers tried to steal nearly $1 billion from Bangladesh Bank's account at the New York Federal Reserve. Most orders were blocked but $81 million was transferred to accounts in the Philippines and most of the money remains missing.

© Reuters. A woman rides a bicycle past the building of the State Bank of Vietnam in Hanoi

Latest comments

Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
© 2007-2024 - Fusion Media Limited. All Rights Reserved.