InfoSec 2016: Mikko Hypponen says SWIFT heists 'never seen before'

The SWIFT heists, according to Hypponen, represent unprecedent movements in cyber-crime and international affairs
The SWIFT heists, according to Hypponen, represent unprecedent movements in cyber-crime and international affairs

The SWIFT attacks represent a series of unprecedented developments in cyber-criminality according to Mikko Hypponen, chief research officer at F-Secure.

He made the comments at last week's Infosec conference, Europe's largest cyber-security trade show, as he traced the history of cyber-crime. The heists on SWIFT affiliates are perhaps the most ground-breaking phenomenon in recent memory, upturning the way we think of cyber-crime.

SWIFT is a financial messaging system by which countless sums are transferred globally every day. Over the last year, users of the system have been hit with a number of devastating cyber-heists, the ill gotten gains of which may soon number in the hundreds of millions.

Hypponen told the audience although there are only a handful that have been publicly disclosed, he suspects that there have been more which embarrassed financial institutions are reluctant to admit to.

The first hit was the Bangladesh Central Bank and the thieves made off with over £56 million ($81 million). Those ill gotten gains were then filtered through casinos in the Philippines.

Once it got to that casino, said Hypponen, the money was washed by playing cards with it, losing it and thus handing it over to the other conspirators at the poker table. The money perhaps once traceable was now just casino winnings.

One theory, according to Hypponen, is that a group of Filipino-Chinese businessmen were trying to get funding to overthrow the government.

But a clearer picture is slowly emerging of what happened. Several analysists have traced the malware used by the group back to the Lazarus group. The APT group is perhaps best known for having its fingerprints all over the Sony Hacks of 2012, in which the major studio had masses of its internal documents leaked.

The Lazarus group is widely believed to be a proxy of North Korea. Takings in the hundreds of millions might seem like a small amount for a national budget, but, added Hypponen, remember that the annual budget of North Korea is tiny, compared to others. Its so tiny, it can barely afford to feed its own population.  

A country using cyber-crime to finance itself? “It's the first time in history”, said Hypponen, “we've never seen this before.”

Cyber-arms pose a radical new intervention in geopolitics, he concluded. “We've just got out of the nuclear arms race”, the force which defined much of the twentieth century, and gone “head long into the next arms race”.

There are however, sharp differences. The nuclear arms race, for one “was all about deterrence”. We know who has nuclear arms and have known for a long time. There is however no such thing as cyber-arms testing, in fact cyber-arms are lost in the fog of war. While we might known what the nuclear capability of Pakistan is  but “what is the offensive cyber capability of Brazil, or Australia?”

They are in essence, the perfect weapons - cheap deniable and effective - and perhaps the new means for litigating geopolitical conflicts.

Sign up to our newsletters