By Tom Bergin and Nathan Layne LONDON/CHICAGO (Reuters) - Shortly after 7 p.m. on January 12, 2015, a message from a secure computer terminal at Banco del Austro (BDA) in Ecuador instructed San Francisco-based Wells Fargo to transfer money to bank accounts in Hong Kong. Wells Fargo complied. Over 10 days, Wells approved a total of at least 12 transfers of BDA funds requested over the secure SWIFT system. The SWIFT network - which allows banks to process billions of dollars in transfers each day - is considered the backbone of international banking. In all, Wells Fargo transferred $12 million of BDA's money to accounts across the globe. Both banks now believe those funds were stolen by unidentified hackers, according to documents in a BDA lawsuit filed against Wells Fargo in New York this year. The two banks declined requests for comment from Reuters. BDA is suing Wells Fargo on the basis that the U.S. bank should have flagged the transactions as suspicious. Wells Fargo has countered that security lapses in BDA’s own operations caused the Ecuadorean bank’s losses. Hackers had secured a BDA employee’s SWIFT logon credentials, Wells Fargo said in a February court filing. SWIFT, an acronym for the Society for Worldwide Interbank Financial Telecommunication, is not a party to the lawsuit. Neither bank reported the theft to SWIFT, which said it first learned about the cyber attack from a Reuters inquiry. "We were not aware,” SWIFT said in a statement responding to Reuters inquiries. “We need to be informed by customers of such frauds if they relate to our products and services, so that we can inform and support the wider community. We have been in touch with the bank concerned to get more information, and are reminding customers of their obligations to share such information with us." SWIFT says it requires customer to notify SWIFT of problems that can affect the "confidentiality, integrity, or availability of SWIFT service.” SWIFT, however, has no rule specifically requiring client banks to report hacking thefts. Banks often do not report such attacks out of concern they make the institution appear vulnerable, former SWIFT employees and cyber security experts told Reuters. The Ecuador case illuminates a central problem with preventing such fraudulent transfers: Neither SWIFT nor its client banks have a full picture of the frequency or the details of cyber thefts made through the network, according to more than dozen former SWIFT executives, users and cyber security experts interviewed by Reuters. The case - details of which have not been previously reported - raises new questions about the oversight of the SWIFT network and its communications with member banks about cyber thefts and risks. The network has faced intense scrutiny since cyber thieves stole $81 million in February from a Bangladesh central bank account at the Federal Reserve Bank of New York. It’s unclear what SWIFT tells its member banks when it does find out about cyber thefts, which are typically first discovered by the bank that has been defrauded. SWIFT spokeswoman Natasha de Terán said that the organization “was transparent with its users” but declined to elaborate. SWIFT declined to answer specific questions about its policies for disclosing breaches. On Friday, following the publication of this Reuters story, SWIFT urged all of its users to notify the network of cyber attacks. "It is essential that you share critical security information related to SWIFT with us," SWIFT said in a communication to users. Reuters was unable to determine the number or frequency of cyber attacks involving the SWIFT system, or how often the banks report them to SWIFT officials. The lack of disclosure may foster over confidence in SWIFT network security by banks, which routinely approve transfer requests made through the messaging network without additional verification, former SWIFT employees and cyber security experts said. The criminals behind such heists are exploiting banks’ willingness to approve SWIFT requests at face value, rather than making additional manual or automated checks, said John Doyle, who held a variety of senior roles at SWIFT between 1980 and 2005. “SWIFT doesn’t replace prudent banking practice” he said, noting that banks should verify the authenticity of withdrawal or transfer requests, as they would for money transfers outside the SWIFT system. SWIFT commits to checking the codes on messages sent into its system, to ensure the message has originated from a client’s terminal, and to send it to the intended recipient quickly and securely, former SWIFT executives and cyber security experts said. But once cyber-thieves obtain legitimate codes and credentials, they said, SWIFT has no way of knowing they are not the true account holders. The Bank for International Settlements, a trade body for central banks, said in a November report that increased information sharing on cyber attacks is crucial to helping financial institutions manage the risk. “The more they share the better,” said Leo Taddeo, chief security officer at Cryptzone and a former special agent in charge with the FBI's cyber crime division in New York. SYSTEMIC RISK SWIFT, a cooperative owned and governed by representatives of the banks it serves, was founded in 1973 and operates a secure messaging network that has been considered reliable for four decades. But recent attacks involving the Belgium-based cooperative have underscored how the network's central role in global finance also presents systemic risk. SWIFT is not regulated, but a group of ten central banks from developed nations, led by the National Bank of Belgium, oversee the organization. Among its stated guidelines is a requirement to provide clients with enough information to enable them “to manage adequately the risks related to their use of SWIFT.” However, some former SWIFT employees said that the cooperative struggles to keep banks informed on risks of cyber fraud because of a lack of cooperation from the banks themselves. SWIFT’s 25-member board of directors is filled with representatives of larger banks. “The banks are not going to tell us too much,” said Doyle, the former SWIFT executive. “They wouldn’t like to destabilize confidence in their institution.” Banks also fear notifying SWIFT or law enforcement of security breaches because that could lead to regulatory investigations that highlight failures of risk management or compliance that could embarrass top managers, said Hugh Cumberland, a former SWIFT marketing executive who is now a senior associate with cyber security firm Post-Quantum. Cases of unauthorized money transfers rarely become public, in part because disagreements are usually settled bilaterally or through arbitration, which is typically private, said Salvatore Scanio, a lawyer at Washington, D.C.-based Ludwig & Robinson. Scanio said he consulted on a dispute involving millions of dollars of stolen funds and the sending of fraudulent SWIFT messages similar to the BDA attack. He declined to name the parties or provide other details. Theoretically, SWIFT could require its customers, mainly banks, to inform it of any attacks - given that no bank could risk the threat of exclusion from the network, said Liven Lambert, the head of human resources at SWIFT for a year-and-a-half through May 2015. But such a rule would require the agreement of its board, which is mainly made up of senior executives from the back office divisions of the largest western banks, who would be unlikely to approve such a policy, Lambert said. FIGHT OVER LIABILITY This week, Vietnam's Tie Thong Bank said its SWIFT account, too, was used in an attempted hack last year. That effort failed, but it is another sign that cyber-criminals are increasingly targeting the messaging network. In the Ecuadorean case, Wells Fargo denies any liability for the fraudulent transfers from BDA accounts. Wells Fargo said in court records that it did not verify the authenticity of the BDA transfer requests because they came through SWIFT, which Wells called "among the most widely used and secure" systems for money transfers. BDA is seeking recovery of the money, plus interest. Wells Fargo is attempting to have the case thrown out. New York-based Citi bank also transferred $1.8 million in response to fraudulent requests made through BDA’s SWIFT terminal, according to the BDA lawsuit against Wells Fargo. Citi bank repaid the $1.8 million to BDA, according to a BDA court filing in April. Citi bank declined to comment. For its part, Wells Fargo refunded to BDA $958,700 out of the $1,486,230 it transferred to an account in the name of a Jose Mariano Castillo at Wells Fargo in Los Angeles, according to the lawsuit. Reuters could not locate Castillo or verify his existence. ANATOMY OF A CYBER HEIST The BDA-Wells Fargo case is unusual in that one bank took its correspondent bank to court, thus making the details public, said Scanio, the Washington attorney. BDA acknowledged in a January court filing that it took more than a week after the first fraudulent transfer request for BDA to discover the missing money. After obtaining a BDA employee’s SWIFT logon, the thieves then fished out previously canceled or rejected payment requests that remained in BDA’s SWIFT out box. They then altered the amounts and destinations on the transfer requests and reissued them, both banks said in filings. While Wells Fargo has claimed in court filings that failures of security at BDA are to blame for the breach, BDA has alleged that Wells could easily have spotted and rejected the unusual transfers. BDA noted that the payment requests were made outside of its normal business hours and involved unusually large amounts. The BDA theft and others underscore the need for banks on both sides of such transactions – often for massive sums – to rely less on SWIFT for security and strengthen their own verification protocols, Cumberland said. “This image of the SWIFT network and the surrounding ecosystem being secure and impenetrable has encouraged complacency,” he said. (Additional reporting by Jim Finkle in Boston and Alexandra Valencia in Quito; Editing by David Greising and Brian Thevenot)
- The Week
Trump inadvertently boosts Biden's stimulus messaging with another statement raging against McConnell
Former President Donald Trump has released a new post-presidency statement, and Democrats might just be glad he did. The former president, who remains permanently banned from Twitter, released a statement Thursday once again raging against Senate Minority Leader Mitch McConnell (R-Ky.), blasting him as the "most unpopular politician in the country" while blaming him for Republicans' Senate losses in Georgia — losses for which Trump himself has been blamed by other Republicans. One of the reasons Republicans lost the two Georgia Senate runoffs in January, Trump argues, was "Mitch McConnell's refusal to go above $600 per person on the stimulus check payments when the two Democrat opponents were touting $2,000 per person in ad after ad." The statement offered "quite the pre-stimulus political gift to Democrats," wrote National Journal's Josh Kraushaar, while The Washington Post's Dave Weigel noted that Trump "remarkably" used this opportunity to "validate Biden's messaging on the $1,400 checks instead of whacking him and Democrats for curtailing them." Remarkably, Trump also uses this statement to validate Biden's messaging on the $1400 checks instead of whacking him and Democrats for curtailing them. "The $2000 will be approved anyway by the Democrats." https://t.co/M9dXoX13VS — Dave Weigel (@daveweigel) March 4, 2021 Indeed, Trump writes that "the $2,000 will be approved anyway by the Democrats," while offering no comment on the fact that the new checks are actually for $1,400, nor on Biden's recent compromise that narrows the eligibility. Politico's Gabby Orr observed that Trump "could have put out a statement saying the income phase-outs in the Biden stimulus bill are going to mean he gave checks to more Americans," but "instead he's still targeting his own party with stuff like this." This was just Trump's latest statement in this vein after he released another one last month describing McConnell as an "unsmiling political hack." He also mentioned McConnell in a recent Conservative Political Action Conference speech, in which he took credit for McConnell's recent re-election. McConnell told Fox News he "didn't watch" the speech and that "we're dealing with the present and the future, not looking back to the past." More stories from theweek.comThe Republican grievance perpetual motion machine7 scathingly funny cartoons about Trump's CPAC appearanceWhy the Dr. Seuss 'cancellation' is chilling
- The Independent
Trump considering ditching Pence for 2024 run and picking someone Black or female as running mate, report says
South Dakota governor Kristi Noem and South Carolina senator Tim Scott rumoured for position
- The Independent
NAACP accuses Trump of disenfranchising Black voters and trying to ‘destroy democracy’
It is hard to overstate just how unusual Prince Harry and Meghan Markle's media war with Buckingham Palace is
A series of extraordinary confrontations have seen the Queen's household accused of a smear capaign and Markle accused of bullying.
The European Union is planning to extend its export authorisation scheme for COVID-19 vaccines to the end of June, two EU sources told Reuters on Thursday, as a shipment of AstraZeneca shots from the EU to Australia was blocked. Extending controls could reignite tensions with countries who rely on shots made in the EU. Under the scheme, companies must get an authorisation before exporting COVID-19 shots, and may have export requests denied if they do not respect their supply commitments with the EU.
- The Independent
Bill to prevent discrimination against LGBT+ people passed House last week
Scottish leader Nicola Sturgeon on Wednesday defended her handling of sexual harassment complaints against her predecessor Alex Salmond in high-stakes testimony on an issue that threatens to scupper her dream of leading Scotland to independence. Describing the feud with Salmond as "one of the most invidious political and personal situations" she had ever faced, Sturgeon denied Salmond's accusations that she had plotted against him and misled the Scottish parliament. The feud between the pair, once close friends and powerful allies in the cause of Scottish independence, has reached fever pitch in recent weeks, threatening the electoral prospects of the Scottish National Party (SNP) at a crucial time.
- Associated Press
North Korea may be trying to extract plutonium to make more nuclear weapons at its main atomic complex, recent satellite photos indicated, weeks after leader Kim Jong Un vowed to expand his nuclear arsenal. The 38 North website, which specializes in North Korea studies, cited the imagery as indicating that a coal-fired steam plant at the North’s Yongbyon nuclear complex is in operation after about a two-year hiatus. This suggests “preparations for spent fuel reprocessing could be underway to extract plutonium needed for North Korea’s nuclear weapon,” the website said Wednesday.
Wall Street ended sharply lower on Thursday, leaving the Nasdaq down nearly 10% from its February record high, after remarks from Federal Reserve Chair Jerome Powell disappointed investors worried about rising longer-term U.S. bond yields. A decline of 10% from its February record high would confirm the Nasdaq is in a correction. The benchmark 10-year Treasury yield spiked to 1.533% after Powell's comments, which did not point to changes in the Fed's asset purchases to tackle the recent jump in yields.
- Business Insider
Tesla's operating profit will be $20 billion in 2025, the analysts estimate, but only half will come from sales of its electric vehicles.
Buckingham Palace is investigating claims that the duchess bullied royal staff ahead of Prince Harry and Meghan Markle's interview with Oprah.
- The Independent
‘I’m always up for a good fight,’ says Trump ally
A lawyer for an accused Oath Keeper Capitol rioter says the group's 'quick reaction force' of weapon suppliers was actually just one guy
The Oath Keepers were one of the most prominent far-right militia groups the FBI said was involved in the January 6 Capitol riot.
'Star Wars' actress Kelly Marie Tran left social media after racist and sexist trolls drove her to therapy
"If someone doesn't understand me or my experience, it shouldn't be my place to have to internalize their misogyny or racism," Tran said.
- Business Insider
Alexandria Ocasio-Cortez blasts Democrats' last-minute compromise on stimulus checks as an 'own-goal'
Other progressives criticized "Senate silliness." Biden struck a deal with Senate Democrats pushing to lower income thresholds for direct payments.
- The Independent
Texas governor blames Covid spread on undocumented immigrants, while criticising Biden’s ‘Neanderthal’ comment
Greg Abbott accuses federal government of ‘recklessly releasing hundreds of illegal immigrants who have Covid into Texas communities’
- Associated Press
About 300 refugees from a Christian minority community from Myanmar held a demonstration in India's capital on Wednesday against last month’s military takeover in their country and demanded the immediate release of Aung San Suu Kyi and other Myanmar leaders. The demonstration was held at Jantar Mantar, an area of New Delhi close to Parliament that is often used for protests.
Israel accused Iran on Wednesday of being linked to a recent oil spill off its shores that caused major ecological damage, calling the incident environmental terrorism. The spill was caused by an oil tanker that was carrying pirated cargo from Iran to Syria last month, Israeli Environmental Protection Minister Gila Gamliel said. The vessel sailed through the Gulf and the Red Sea without radio contact, switching its tracking devices back on before passing through Egypt's Suez Canal, Gamliel told reporters.
- The Independent
Analysis: US Capitol Police trying a measure of transparency for a change
Monique Coleman was 25 when she played high school student Taylor McKessie in the hit movie.