接連被盜 全球銀行面臨網絡攻擊風險
Thieves have again found their way into what was thought to be the most secure financial messaging system in the world and stolen money from a bank. The crime appears to be part of a broad computer attack on global banking.
盜賊再次入侵了據信是世界上最安全的金融電文系統,從一家銀行偷走了錢。盜賊似乎在對全球銀行開展廣泛的計算機攻擊,這起犯罪事件就屬其一。
New details about a second attack involving the system, Swift — used by thousands of banks and companies to move money around the world — are emerging as investigators try to solve an $81 million heist from the central bank of Bangladesh in February.
數以千計的銀行和公司使用Swift在世界各地調轉資金,這已經是第二起涉及該系統的攻擊,今年二月孟加拉國央行曾被盜走8100萬美元,隨着對該事件的調查深入,細節逐步浮現出來。
The second attack involves a commercial bank that Swift declined to identify. But in a letter Swift plans to share with its users on Friday, the messaging network warned that the two attacks had numerous similarities and were probably part of a “wider and highly adaptive campaign targeting banks.”
第二起攻擊涉及一家商業銀行,電文網絡Swift拒絕透露其名字。但Swift計劃在週五向用戶發佈公開信,警告大家這兩起攻擊事件有諸多相似之處,而且很可能從屬於一個“更廣泛的、適應力極強的銀行盜竊行動”。
The unusual warning from Swift — a copy of which was reviewed by The New York Times — shows how serious the financial industry is treating these attacks. Swift said the thieves, possibly acting with help from bank employees, got their hands on network credentials, initiated fraudulent transfers, and installed malware on bank computers to disguise their actions.
《紐約時報》看到了這封信的副本,Swift發出這樣的警告不同尋常,它顯示金融業對此類攻擊嚴陣以待。Swift說,盜賊可能與銀行內應勾結,獲得了網絡憑證,然後發送欺詐性匯款,並且在銀行的計算機裏安裝惡意軟件來掩飾盜竊行動。
“The attackers clearly exhibit a deep and sophisticated knowledge of specific operation controls within the targeted banks — knowledge that may have been gained from malicious insiders or cyberattacks, or a combination of both,” Swift said in its warning, which is expected to be posted on a secure part of its website Friday morning.
“情況很清楚,攻擊者非常瞭解目標銀行的業務控制細節——可能是來自於銀行內應,也可能是通過網絡攻擊方式獲得的,或者兩者皆有。”Swift在警告中說。這封信計劃於週五上午在其網站的安全版塊中發佈。
The security problems are not necessarily with the messaging network but with security controls at Swift’s bank customers. Criminals have found ways to exploit loopholes in bank security to gain computer access and dispatch fraudulent Swift messages.
安全問題不一定出在Swift身上,有可能是由於其銀行客戶的安全控制。罪犯已經找到了利用銀行安全漏洞的方式,可以訪問他們的計算機,併發送欺詐性的Swift電文。
