Scribd
Upload
256 views

Question Classify The Different Concepts in Preventing Accidental Compromise of Data

1) The document discusses security concepts for preventing accidental data compromise based on the "Bangladesh Bank Heist" cyberattack. 2) It analyzes how small errors or delays in detection could have enabled the attackers to steal $1 billion if certain checks had not caught the fraudulent transactions in time. 3) A similar successful attack against a European or American bank could potentially go undiscovered for months due to greater automation, posing an even bigger risk.

Uploaded by

Crystal Marie Jordan Aguhob
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
256 views

Question Classify The Different Concepts in Preventing Accidental Compromise of Data

1) The document discusses security concepts for preventing accidental data compromise based on the "Bangladesh Bank Heist" cyberattack. 2) It analyzes how small errors or delays in detection could have enabled the attackers to steal $1 billion if certain checks had not caught the fraudulent transactions in time. 3) A similar successful attack against a European or American bank could potentially go undiscovered for months due to greater automation, posing an even bigger risk.

Uploaded by

Crystal Marie Jordan Aguhob
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 1

Question: Based from the video clip ‘The Bangladesh

Bank Heist’’ classify the different concepts in preventing


accidental compromise of Data
If the hackers had indeed managed to get away with the terrifyingly large amount of 1
billion USD, this would have easily been the biggest bank heist in history, not to mention cyber
heist.
Interestingly, these kinds of attacks will be increasingly common and if banks aren't
updating their security processes and maintaining their network infrastructures, and the success
rates of these attacks will only go up. Worse still, if hackers have access to banks and can
manipulate funds, any businesses that partner with those banks is also at risk.
Imagine the following, if the worm had functionned correctly and not blocked the printer,
if the Deutsche bank didn't find the typo, if the Fed didn't become suspicious because of the
Jupiter keyword, the attack might have been a complete success. Not only the attackers would
have successfully withdrawn almost one billion US dollars from the Bangladesh bank VOSTRO
account at the Fed, but the attack might have been noted only weeks or months after the facts.
Finally, imagine that the same attack succeeds against a american or an european bank. In
the US and in Europe, the SWIFT interfaces are integrated in an STP (Straight Through
Processing) way. There is no such thing as manual reconciliation from some papers printed on a
printer. The handling of confirmations and position reconciliation is mostly completely
automated.

As such, the same attack succeeding in Europe for instance might take months to be
discovered and uncovered, only a the moment the big position reconciliations between NOSTRO
and VOSTRO accounts in correspondent banks are triggered.
And this is where it gets really funny. Everybody always had the illusion that SWIFT was
so secure, so sure. It gave banking institutions worldwide the illusion that everything related to
SWIFT is just as secure. But if the network itself is pretty secure indeed, the specific bridges and
interfaces linking the Banking Information Systems to SWIFT can be very weak, as shown by
the Bangladesh Heist.
Today european and US banking institutions and central banks are very worried and
investigating transaction monitoring and security solutions to prevent such misadventure to
happen to them.
Again the same attack in Europe would be a much bigger disaster.
Now another funny story to conclude this article: imagine a similar hack between two
banks in Europe and imagine that one of them suspects something ... They would use SWIFT
again to reconcile their views of the truth (MT109 and MT999).

You might also like