SWIFT has delivered a strongly-worded statement that rejects the claims made by both
Bangladesh Bank and Bangladesh Police’s Criminal Investigation Department over
one of the biggest cyberheists in history.
The global provider of secure financial messaging
services said that claims by the aforementioned, that its technicians are to
blame, as reported by Reuters, are “false, inaccurate and misleading”.
SWIFT even went so far as to say that the
“accusations have no basis in fact”, adding further uncertainty over who was
responsible for February’s attack.
“SWIFT was not responsible
for any of the issues cited by the officials, or party to the related
decisions.”
It said: “SWIFT was not responsible for any of the
issues cited by the officials, or party to the related decisions.
“As a SWIFT user like any other, Bangladesh Bank is
responsible for the security of its own systems interfacing with the SWIFT
network and their related environment.”
In an earlier interview with Reuters, Mohammad Shah
Alam, who heads up the criminal investigation department at Bangladesh Police,
had said that the fault lay with SWIFT.
This was backed up by a Bangladesh Bank official,
who said that responsibility for ensuring that the system was secure belonged
to the global financial network.
Last month, a BAE Systems’ security researcher revealed that malware had been used by cybercriminals to carry
out the $81 million cyberheist.
Worryingly, Sergei Shevchenko said that the tools
that are believed to have been deployed “could feasibly be used for similar
attacks in the future”.
He added: “All financial institutions who run SWIFT
Alliance Access and similar systems should be seriously reviewing their
security now to make sure they too are not exposed.
“This attacker put significant effort into deleting
evidence of their activities, subverting normal business processes to remain
undetected and hampering the response from the victim.”