Delaware Senator Tom Carper (D) on May 19 sent letters to the head of the New York Federal Reserve Bank and the United States head of services for a global financial messaging services cooperative about the actions they are taking to protect banks around the world from cyber security threats in the wake a reports in March that cyber thieves stole $81 million from a foreign account at the New York bank.
“It is my understanding that there is no evidence of any attempt to penetrate Federal Reserve systems or that any Federal Reserve systems were compromised in connection with these recent incidents,” Carper wrote William Dudley, president of the Federal Reserve Bank of New York, and Pat Antonacci, managing director and the head of Services and Support for the Americas and United Kingdom Region of the Society for Worldwide Interbank Financial Telecommunications (SWIFT). “However, these cyber attacks raise important questions about the security of the SWIFT system and the ability of its members to prevent future attacks.”
Carper wants answers by June 17 on how the Federal Reserve and SWIFT are addressing the recent attack and the steps being taken to secure against potential threats.
In March news broke that cyber criminals stole credentials from the Bank of Bangladesh to transfer $81 million from the bank’s account with the Federal Reserve and transfer the funds via the SWIFT system to fraudulent accounts in the Philippines and Sri Lanka.
Carper also wants the Federal Reserve and SWIFT to brief his staff regarding their respective cyber security issues. Carper is the ranking member on the Senate Homeland Security and Governmental Affairs Committee and has been a leading advocate in Congress for cyber security legislation.
In his letters Carper also pointed to recent reports of cyber thieves using the financial messaging system to attack a bank in Vietnam. He said a May 13 letter that SWIFT sent to its users “apparently warned that this attack was part of a ‘wider and highly adaptive campaign targeting banks and that the ‘attackers clearly exhibit a deep and sophisticated knowledge of specific operations controls within the targeted banks…’”
The letters to Dudley and Antonacci were released by Carper’s office.