THE attackers who stole US$81 million from the Bangladesh central bank probably hacked into software from the SWIFT financial platform that is at the heart of the global financial system, said security researchers at U.K. defense contractor BAE Systems.

    SWIFT, a cooperative owned by 3,000 financial institutions, confirmed that it was aware of malware targeting its client software. Its spokeswoman Natasha Deteran said SWIFT would release a software update to thwart the malware, along with a special warning for financial institutions to scrutinize their security procedures.

    The new developments now coming to light in the unprecedented cyber-heist suggest that an essential lynchpin of the global financial system could be more vulnerable than previously understood to hacking attacks, due to the vulnerabilities that enabled attackers to modify SWIFT’s client software.

    Deteran said Sunday that it was issuing the software update “to assist customers in enhancing their security and to spot inconsistencies in their local database records.”

    The software update and warning from Brussels-based SWIFT, or the Society for Worldwide Interbank Financial Telecommunication, come after researchers at BAE, which has a large cyber-security business, said that they believe they discovered malware that the Bangladesh Bank attackers used to manipulate SWIFT client software known as Alliance Access.

    BAE said it plans to go public with a blog post about its findings concerning the malware, which the thieves used to cover their tracks and delay discovery of the heist.

    The cyber criminals tried to make fraudulent transfers totaling US$951 million from the Bangladesh central bank’s account at the Federal Reserve Bank of New York in February. (SD-Agencies)