A little while ago the news got out that the Bangladeshi Federal Reserve bank lost 81 million dollars due to hack. They could have lost close to one billion dollars ($1,000,000,000) if the hackers didn't make a silly spelling booboo in the recipient's name...
The fact that these large sums aren't transferred without a decent verification is worth a discussion on its own, but in this case I'd like to discuss the hardware protection of the bank... I almost don't feel sorry anymore.
But why, what happened to the bank?
I learned this week from our friends at the hacker news that a $10 secondhand networking switch was used to protect the system that was connected to the SWIFT network. This is the network that controls the payments made to all accounts in the world.
I can't grasp my mind about the fact that someone actually thought it was a good idea to buy and use this switch in a global network like SWIFT... I even can't start to think about what the arguments must have been towards the manager or CISO who approved the use of this network switch...
Ow wait, I made an assumption here... I assumed that a manager or the CISO was involved in this process. I'm afraid they didn't have the slightest clue that this switch sat there in their network, waiting to be hacked.
Can this happen again?
I'd like to say this is a single indecent, but the truth is that I see these types of boo boos a lot! Employees who don't have decent Wi-Fi coverage at their work and bringing their own Wi-Fi router, setting it up with no encryption or a weak web encryption, leaving the corporate network open for the public, despite $100,000 firewalls protection the front door.
My educated guess is that the hackers have been in for a long time, and that they have prepared their battle well. Their spelling error though is a horrible script kiddie mistake, one they won't forget.
How can we prevent this from happening?
There are a few options I think. First and foremost, know what's in your network. Have a clear and backed up company policy when it comes to network equipment. Ensure that all devices in your network are known to you and are under secured patch management.
Second, identify core critical machines and connections in your network. In this case, the SWIFT network being available in one hop from the world is unimaginable to me. Set up multiple layers of protection, especially if you can make multimillion transactions automatically. I would love to see the identity and access management scenarios for this bank and this machine. It makes me wonder about the system itself. Does it trust anything it's being told? Why aren't we using 2 factor authentication for this, or dual authorization for that matter?
Last but not least, I strongly believe in monitoring. If the solution, digital protection services, had been deployed with help of the network sweep services, unknown equipment would have been detected instantly. This would have prevented this hack from happening.
Would you like to learn how we can test and protect your networks, drop a line! Nobody wants to hit the news with a statement that a $10 secondhand device was the cause of the billion dollar heist...