Image for post
Image for post

Pushing SWIFT into the 21st Century

SWIFT selects Blockchain over Ripple

We cannot underplay the role that our global finance infrastructure plays in our ever day lives, and any risks of it collapsing would cause major damage across the world. And so we should all know that the SWIFT network has major problems — often its trustworthiness is based on sequences of numbers — and must increase its overall trust. At the core of this must be a strong cryptography infrastructure and a fast consensus mechanism, along side the integration into a Merkle Tree.

Image for post
Image for post

Where’s there’s money and flaws, there’s crime

Where there’s money, you will find criminals, and the SWIFT network is often a target for those who want to get rich quick. There are thus few crimes that have such a high financial reward, and for such little chance of being caught. While SWIFT has provided a way for us to integrate our banking infrastructure over the world, it has been an increasing targeted hacks, and a recent one on 13 August 2018 focused on the core SWIFT/ATM infrastructure of the Cosmos Bank. In the end, it is thought that $13.5 million was taken.

  • Last year, Wells Fargo transferred $12 million from Banco del Austro in Ecuador but it is now believed that these funds have been stolen by hackers.
  • A week ago, Tien Phong Bank, a Vietnamese lender, outlined that it stopped a theft of over $1 million on the Swift network.

Cosmos Bank Hack

The researchers at Securonix have now identified that the attack that was built with a layer approach(a progressive attack) and they pinpointed North Korean hackers (possibly from the Lazarus Group). In investigating the crime, they found that the hackers breached an ATM switch within the SWIFT network and then created two routes which allowed the money to be siphoned off.

The SWIFT Network

The headquarters of SWIFT is in Belgium, and it supports a global network (SWIFTNet) of over 9,000 financial organisations in order to transfer of funds between banks using Business Identifier Codes (BICs), which are also known as “SWIFT codes”. At present there are around 15 million messages per day, and where the network does not hold any of the account details of its members, nor does it clear the transaction. For this it sends payment orders which are then settled by the target of the transaction. Any company which uses the SWIFT network must have a business relationship with an associated member.

Spoofing

The announcement around the Bangladesh bank hack said that there had been a number of fraudulent messages, as the hack involved modifying Swift’s software on back office computers within the Bangladesh central bank, in order to hide the transaction.

Image for post
Image for post

Only as strong as the weakest link

Swift connects 11,000 banks across the world and carries more than 25.8 million messages per day, with around half of these being money transfers. BAE reported that they have found malware that could have been used for the Bangladesh Bank in an online malware repository. It is reported that intruders setup a transfer of $951 million from Bangladesh’s central bank holding at the New York Federal Reserve to the Philippines and Sri Lanka.

Ripple

Ripple, created in 2012 by Chris Larsen and Jed McCaleb, has increased its value to around $13.2 billion.

Image for post
Image for post
Image for post
Image for post
Image for post
Image for post

Adoption of Ripple

Many banks including UBS, RBS, Merrill Lynch, Santander, BBVA, UniCredit, and Standard Chartered have adopted the Ripple Network and are actively using it to transfer transaction fees. With its growth in popularity, the largest cryptocurrency exchange in the US — Coinbase — is likely to add it to its currency portfolio of bitcoin (BTC), ethereum (ETH), and litecoin (ŁTC) trading. This will make it easier for users to purchase them. The exchanges where XRP is currently traded are:

  • GMOCoin — This is a Japan-based exchange.
  • Huobi.pro — This is a Singapore-based exchange.

Risks of Ripple?

As with many cryptocurrencies, there are associated risks. In 2015, Peter Todd analysed Ripple and found a number of potential attacks, and rated them in terms of cost, scope, duration, and probability:

  • Transaction Flood. This is where a large number of transactions are generated, and the network is unable to process the valid ones within a given time constraint.
  • Coercion of Validators. This is an attack on specific nodes, in order for them to fail to process their transactions.
  • Software Backdoor. This is where a trusted user adds a backdoor in the software distribution.
  • Theft of Validator Secret Keys. This is where the secret keys for the infrastructure are leaked.
  • Simulated Ledger. This is where nodes can simulate the required signature and create a fake ledger.

Conclusions

The current risks around the SWIFT network puts our financial stability at risk. We now are faced with serious risks to our financial infrastructure, and something needs to change soon, otherwise we risk large-scale damage to the financial infrastructure of countries (and possibly to the world). In a matter of an hour, hackers can make 10s of millions of dollars.

Professor of Cryptography. Serial innovator. Believer in fairness, justice & freedom. EU Citizen. Auld Reekie native. Old World Breaker. New World Creator.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store