Now for more bad news (from Reuters):
The disclosure came as law enforcement authorities in Bangladesh and elsewhere investigated the February cyber theft of $81 million from the Bangladesh central bank account at the New York Federal Reserve Bank. SWIFT has acknowledged that the scheme involved altering SWIFT software on Bangladesh Bank's computers to hide evidence of fraudulent transfers.At the time, I told an associate that they would find that access was gained through social engineering. This does nothing to lessen this suspicion:
BAE's evidence suggested that hackers manipulated SWIFT's Alliance Access server software, which banks use to interface with SWIFT's messaging platform, to cover their tracks.BAE said it could not explain how the fraudulent orders were created and pushed through the system. Bit SWIFT provided some evidence about how that happened in its note to customers, saying that in most cases the modus operandi was similar. It said that the attackers obtained valid credentials for operators authorized to create and approve SWIFT messages, then submitted fraudulent messages by impersonating those people.Yes there are entirely technical means to accomplish this, but why pick the lock when you can kick down the door?