Class Presentation: Swift Attack on Bangladesh Bank:

Swift

Swift is a secure communication channel and built for banks. It’s also used to uniquely to identify banks and financial institutions globally - it says who and where they are.

Attack Summary

  • There was an attempt to steal $951 million dollars.
  • NYFD stopped the transaction but over $81 million dollars is still missing after being transferred to the Philippines.
  • There is an ongoing lawsuit between Bangladesh Central Banks and NY Federal Reserve Lawsuit
  • The FBI claims that North Korea is behind the attack.
How it could have been prevented
  • Better AntiVirus
  • Better Hardware
  • A Better Security Scheme built into SWIFT to avoid easy forgery of SWIFT authentication Codes.

Guest Lecture by Anothony Sellers on CFAA

  • The Computer Fraud and Abuse Act was created at (1982/83)

  • The movie WarGames motivated Congress to create & pass this law.

CFAA Summary:

1.) Access a computer w/o authorization and stealing classified information.

2.) Obtaining information from any protected computer.

3.) Accessing any non public computer of the U.S. government with intent to defraud.

4.) Knowingly accessing a protected computer without authorization or exceeding authorized access, with intent to defraud

5.) Damaging a Computer that does not belong to oneself.

6.) Accessing a computer without legitimate authorization.

7.) Obtain information from a computer without authorization.

Legal Definition of a Computer:

The term “computer” means an electronic, magenetic, optical, electrochemical, or other high speed data processing device performing logical, arithmetic or storage functions, and includes any data storage facility or communications facility directyl related to or operating in conjunction with such device, but such term does not include an automated typewriter or typesetter, a portable hand held calculator, or any other similar device;

Legal Defination of a Protected Computer:

  • Exclusively for use of a financial institution or the United States Government or
  • Which is used in or affecting interstate or foreign commerce, or communication, including a computer located outside the reason for this is because of how the constitution limits the power of the federal government.

Authorization Questions:

  • You are at work with your work laptop and you check espn.com. Are you authorized to do so?
    • Yes, you are authorized because leisure is necessary to maintain a healthy mind.
  • You are at your job and you have access to a database of people’s private information. Out of curiosity you check out your neighbours info.
    • This is not authorized, as this was not required of you to do your actual work. If it was required for a particular situation then it is authorized.
  • Your company has a list of clients. Your friend is starting a company, can an employee share this with a the friend to have a list of potential customers?
    • Unauthorized because it is a companies private data that may lead a company to lose profit to competitors.

You can Contact Anothony Sellers if you have any legal concerns about any project you are doing relating Computer Security.