SWIFT systems of three Indian banks compromised to create fake trade documents
Since last year’s revelation that attackers have compromised SWIFT software of Bangladesh’s central bank and used it to perform fraudulent transfers worth tens of millions, news about similar attacks – both successful and not – have become a regular occurrence.
Attackers usually use banks’ compromised SWIFT system to send information about fraudulent financial transactions, but in attacks aimed at three government-owned banks in India, they chose to create fake trade documents such as letters of credit and guarantees.
A letter of credit allows the sellers to be sure that they will get paid once they prove that the sold goods have been provided, as the buyer’s bank – the institution that issued the letter of credit – is obliged to release the money, even if the buyer is unable to make payment.
Bank guarantees are documents that guarantee that the bank will release an agreed-upon sum either to the seller or the buyer in case the other party ultimately can’t provide the goods or the cash.
A source close to the investigation told Economic Times that there have been no monetary losses or ransom demands as of yet.
He or she posits that the hackers were planning to use the forged documents to get cash from offshore banks or carry out trade of prohibited or illegal commodities.
It’s still unknown how the compromises were effected, and it’s possible that other Indian banks have been hit as well.
The Reserve Bank of India has been notified of the breaches, and it has directed several banks to check whether the trade documents they sent via SWIFT have a match in their core banking system.