接连被盗 全球银行面临网络攻击风险
Thieves have again found their way into what was thought to be the most secure financial messaging system in the world and stolen money from a bank. The crime appears to be part of a broad computer attack on global banking.
盗贼再次入侵了据信是世界上最安全的金融电文系统,从一家银行偷走了钱。盗贼似乎在对全球银行开展广泛的计算机攻击,这起犯罪事件就属其一。
New details about a second attack involving the system, Swift — used by thousands of banks and companies to move money around the world — are emerging as investigators try to solve an $81 million heist from the central bank of Bangladesh in February.
数以千计的银行和公司使用Swift在世界各地调转资金,这已经是第二起涉及该系统的攻击,今年二月孟加拉国央行曾被盗走8100万美元,随着对该事件的调查深入,细节逐步浮现出来。
The second attack involves a commercial bank that Swift declined to identify. But in a letter Swift plans to share with its users on Friday, the messaging network warned that the two attacks had numerous similarities and were probably part of a “wider and highly adaptive campaign targeting banks.”
第二起攻击涉及一家商业银行,电文网络Swift拒绝透露其名字。但Swift计划在周五向用户发布公开信,警告大家这两起攻击事件有诸多相似之处,而且很可能从属于一个“更广泛的、适应力极强的银行盗窃行动”。
The unusual warning from Swift — a copy of which was reviewed by The New York Times — shows how serious the financial industry is treating these attacks. Swift said the thieves, possibly acting with help from bank employees, got their hands on network credentials, initiated fraudulent transfers, and installed malware on bank computers to disguise their actions.
《纽约时报》看到了这封信的副本,Swift发出这样的警告不同寻常,它显示金融业对此类攻击严阵以待。Swift说,盗贼可能与银行内应勾结,获得了网络凭证,然后发送欺诈性汇款,并且在银行的计算机里安装恶意软件来掩饰盗窃行动。
“The attackers clearly exhibit a deep and sophisticated knowledge of specific operation controls within the targeted banks — knowledge that may have been gained from malicious insiders or cyberattacks, or a combination of both,” Swift said in its warning, which is expected to be posted on a secure part of its website Friday morning.
“情况很清楚,攻击者非常了解目标银行的业务控制细节——可能是来自于银行内应,也可能是通过网络攻击方式获得的,或者两者皆有。”Swift在警告中说。这封信计划于周五上午在其网站的安全版块中发布。
The security problems are not necessarily with the messaging network but with security controls at Swift’s bank customers. Criminals have found ways to exploit loopholes in bank security to gain computer access and dispatch fraudulent Swift messages.
安全问题不一定出在Swift身上,有可能是由于其银行客户的安全控制。罪犯已经找到了利用银行安全漏洞的方式,可以访问他们的计算机,并发送欺诈性的Swift电文。
