By: CHIARA ALBANESE, DANIELE LEPIDO AND GILES TURNER Bloomberg News
The hacking collective “Anonymous,” known for its activism against big corporations, security forces, and governments, is specifically targeting central banks, according to two people with direct knowledge of the group’s activities, who asked not to be identified.
While the people wouldn’t say which banks are being targeted, they said the group has been busy recruiting new hackers to aid it in its forays, and renewed its attack against a number of central banks in February.
The group last year attacked at least eight monetary authorities, including the Dutch Central Bank, the Bank of Greece, and the Bank of Mexico, the two people said. In a change of tack, it is also considering plans to sell on any confidential information it obtains, according to one of the people.
The actions by non-state hacking and hacktivist groups such as Anonymous “are a wake-up call that should alert us to the critical weaknesses of global financial systems,” said Stefano Zanero, a professor of computer security at Italian university Politecnico di Milano.
A successful cyber-security attack on the U.S. banking system is “one of the most significant risks our country faces,” Federal Reserve Chair Janet Yellen said in testimony before the congressional Joint Economic Committee in November.
The most notable hack on a central bank so far resulted in a manhunt involving Interpol and the FBI, launched last year, to help solve the cyber-heist from Bangladesh’s central bank, where hackers used Swift, the inter-bank messaging system, to steal $81 million.
“The Bangladeshi bank case last year really brought the focus on payments systems within central banks,” said Adrian Nish, head of threat intelligence at BAE Systems. “The realization that central banks can be targeted this way for profit has become a greater concern since Bangladesh.”
Poland’s financial regulator was targeted in January by a suspected “watering hole” attack, where hackers target an often-used website, according to research from BAE Systems. In this instance, the hack originated from the website of Polish Financial Supervision Authority (KNF), where code was planted that would serve malware to certain visitors of the site. The malicious code was selectively targeted at financial institutions, and multiple banks were compromised via their users simply browsing the KNF website.
The authority said last month in a statement that it had identified external attempts to hack its website and it was in contact with representatives of supervised industries.
Similar code was also believed to be present on the website of the state-owned Banco de la República Oriental del Uruguay, and the National Banking and Stock Commission of Mexico in late 2016, according to analysis from BAE Systems and U.S. software company Symantec Corp.
Banco de la República Oriental del Uruguay and the National Banking and Stock Commission of Mexico did not respond to requests for comment.
“Cyber attacks have become military attacks,” said Biagio De Marchis, senior vice president in the security and information systems division of Italian defense and security company Leonardo SpA, which offers cyber-security services to clients which span from financial institutions to large companies to the NATO alliance.
In response, central banks and related agencies have been busy attempting to stem the increasing number of attacks. In June, Swift hired BAE Systems and U.K. cybersecurity adviser NCC Group Plc in a bid to improve its security defenses. BAE has since helped Swift analyze whether it needs to flag potential issues to correspondent banks.
The number of warning flags raised due to concerns about a potential security issue BAE Systems has examined are in the “double digits.” The problems range from system crashes due to software update errors, to intruders hacking into banking platforms.