Posts Tagged ‘BAE Systems’

China’s Secret Weapon in South Korea Missile Fight: Hackers

April 21, 2017

China denies it is retaliating over the Thaad missile system, but a U.S. cybersecurity firm says they are

This 2015 handout photo from the U.S. Department of Defense shows a terminal High Altitude Area Defense interceptor being test launched on Wake Island in the Pacific Ocean.

This 2015 handout photo from the U.S. Department of Defense shows a terminal High Altitude Area Defense interceptor being test launched on Wake Island in the Pacific Ocean. PHOTO: AFP PHOTO / DOD / BEN LISTERMAN
.

April 21, 2017 5:20 a.m. ET

Chinese state-backed hackers have recently targeted South Korean entities involved in deploying a U.S. missile-defense system, says an American cybersecurity firm, despite Beijing’s denial of retaliation against Seoul over the issue.

In recent weeks, two cyberespionage groups that the firm linked to Beijing’s military and intelligence agencies have launched a variety of attacks against South Korea’s government, military, defense companies and a big conglomerate, John Hultquist, director of cyberespionage analysis at FireEye Inc., said in an interview.

No automatic alt text available.

The California-based firm, which counts South Korean agencies as clients, including one that oversees internet security, wouldn’t name the targets.

While FireEye and other cybersecurity experts say Chinese hackers have long targeted South Korea, they note a rise in the number and intensity of attacks in the weeks since South Korea said it would deploy Terminal High-Altitude Area Defense, or Thaad, a sophisticated missile-defense system aimed at defending South Korea from a North Korean missile threat.

China opposes Thaad, saying its radar system can reach deep into its own territory and compromise its security. South Korea and the U.S. say Thaad is purely defensive. The first components of the system arrived in South Korea last month and have been a key issue in the current presidential campaign there.

One of the two hacker groups, which FireEye dubbed Tonto Team, is tied to China’s military and based out of the northeastern Chinese city of Shenyang, where North Korean hackers are also known to be active, said Mr. Hultquist, a former senior U.S. intelligence analyst. FireEye believes the other, known as APT10, may be linked to other Chinese military or intelligence units.

China’s Ministry of Defense said this week Beijing has consistently opposed hacking, and that the People’s Liberation Army “has never supported any hacking activity.” China has said it is itself a major hacking victim but has declined to offer specifics.

Mr. Hultquist said the two hacking groups gained access to their targets’ systems by using web-based intrusions, and by inducing people to click on weaponized email attachments or compromised websites. He declined to offer more specific details.

HACK ATTACKS

Recent cyberattacks attributed to Chinese state-backed groups.

  • Since February Spear-phishing* and watering hole** attacks were conducted against South Korean government, military and commercial targets connected to a U.S. missile defense system.
  • February, March Attendees of a board meeting at the National Foreign Trade Council were targeted with malware through the U.S. lobby group’s website.
  • Since 2016 Mining, technology, engineering and other companies in Japan, Europe and North America were intruded on through third-party IT service providers.
  • 2014-2015 Hackers penetrated a network of U.S. Office of Personnel Management to steal records connected to millions of government employees and contractors.
  • 2011-2012 South Korean targets, including government, media, military and think tanks were targeted with spear-phishing attacks.
  • *Sending fraudulent emails made to look as if they come from a trusted party in order to trick a target into downloading malicious software.
  • **A strategy in which the attacker guesses or observes which websites a targeted group often uses and infects them with malware to infect the group’s network..
  • Sources: FireEye, Trend Micro, Fidelis, PricewaterhouseCoopers and BAE Systems, WSJ reporting

Mr. Hultquist added that an error in one of the group’s operational security provided FireEye’s analysts with new information about the group’s origins.

South Korea’s Ministry of Foreign Affairs said last month that its website was targeted in a denial-of-service attack—one in which a flood of hacker-directed computers cripple a website—that originated in China.

A spokesman said that “prompt defensive measures” ensured that the attacks weren’t effective, adding that it was maintaining an “emergency service system” to repel Chinese hackers.

The ministry this week declined to comment further, or to say which cybersecurity firm it had employed or whether he thought the attacks were related to Thaad.

Another cybersecurity company, Russia’s Kaspersky Lab ZAO, said it observed a new wave of attacks on South Korean targets using malicious software that appeared to have been developed by Chinese speakers starting in February.

The attackers used so-called spear-phishing emails armed with malware hidden in documents related to national security, aerospace and other topics of strategic interest, said Park Seong-su, a senior global researcher for Kaspersky. The company typically declines to attribute cyberattacks and said it couldn’t say if the recent ones were related to Thaad.

The two hacking groups with alleged ties to Beijing have been joined by other so-called hacktivists—patriotic Chinese hackers acting independently of the government and using names like the “Panda Intelligence Bureau” and the “Denounce Lotte Group,” Mr. Hultquist said.

South Korea’s Lotte Group has become a particular focus of Chinese ire after the conglomerate approved a land swap this year that allowed the government to deploy a Thaad battery on a company golf course.

Last month, just after the land swap was approved, a Lotte duty-free shopping website was crippled by a denial-of-service attack, said a company spokeswoman, who added that its Chinese website had been disrupted with a virus in February. She declined to comment on its source.

China’s Ministry of Foreign Affairs didn’t respond to questions about the website attacks. The ministry has previously addressed Lotte’s recent troubles in China by saying that the country welcomes foreign companies as long as they abide by Chinese law.

The U.S. has also accused Chinese state-backed hacking groups of breaking into government and commercial networks, though cybersecurity firms say such activity has dropped since the two nations struck a cybersecurity deal in 2015.

The two Chinese hacking groups named by FireEye are suspected of previous cyberattacks.

FireEye linked Tonto Team to an earlier state-backed Chinese hacking campaign, identified by Tokyo-based cybersecurity firm Trend Micro Inc. in 2012, which focused on South Korea’s government, media and military. Trend Micro declined to comment.

Two cybersecurity reports this month accused APT10 of launching a spate of recent attacks around the globe, including on a prominent U.S. trade lobbying group. One of those reports, jointly published by PricewaterhouseCoopers LLP and British weapons maker BAE Systems, said the Chinese hacker collective has recently grown more sophisticated, using custom-designed malware and accessing its targets’ systems by first hacking into trusted third-party IT service providers.

Because of the new scrutiny from that report, FireEye said in a recent blog post that APT10 was likely to lay low, though in the longer run, it added, “we believe they will return to their large-scale operations, potentially employing new tactics, techniques and procedures.”

Write to Jonathan Cheng at jonathan.cheng@wsj.com and Josh Chin at josh.chin@wsj.com

 

.

Digital Clue Links North Korea to Theft at New York Fed

April 3, 2017

Kaspersky Lab says digital records show link to a computer with North Korean internet address

By ROBERT MCMILLAN
The Wall Street Journal
April 3, 2017 2:00 p.m. ET

.

A newly discovered digital clue links the hacking group blamed for a multimillion-dollar cyberattack on Bangladesh’s central bank to a computer in North Korea, according to the Russian cybersecurity company Kaspersky Lab ZAO.

Kaspersky announced Monday at its security conference on the Caribbean island of St. Maarten that its researchers had obtained digital records showing a European server used by the group to launch its attacks…

Cyberattacks on International Banks Show Links to Hackers Who Hit Sony

February 13, 2017

Hacks began late last year, installing unauthorized code on websites belonging to financial regulators

Researchers at Symantec and BAE Systems say that some of the software and internet infrastructure in the global hacking effort was also used in the Sony attack and—more recently—other attacks on banks in Asia.

Researchers at Symantec and BAE Systems say that some of the software and internet infrastructure in the global hacking effort was also used in the Sony attack and—more recently—other attacks on banks in Asia. PHOTO: DAVID BECKER/REUTERS
.

Updated Feb. 12, 2017 12:01 p.m. ET

Cybersecurity specialists have found evidence suggesting that recent attacks on institutions in Poland are part of an international hacking effort targeting financial institutions in the U.S., Mexico and the United Kingdom—an attack that shares traits with the 2014 attack on Sony Corp.

The hacks began late last year, installing unauthorized code on websites belonging to financial regulators, then using those to attack computers belonging to a select list of global financial institutions, according to researchers who have examined the attacks at security vendors Symantec Corp. and BAE Systems PLC.

It is unclear to the researchers exactly how many banks were compromised or whether any suffered financial losses. But the researchers say it appears to be part of a well-organized and broad hacking effort that shares links to other attacks including the devastating 2014 hack that destroyed systems and exposed email messages at Sony Pictures Entertainment. U.S. officials have said North Korea was responsible for that attack. North Korea has denied that, though said its supporters might have done it.

Researchers at BAE Systems and Symantec say that some of the software and internet infrastructure in the global effort was also used in the Sony attack and—more recently—other attacks on banks in Asia. Security researchers call the North Korea-linked group they believe is behind these attacks “Lazarus.” It has been active since 2009, according to Kaspersky Lab ZAO, a Russian cybersecurity company.

If the recent attacks are indeed by Lazarus, it suggests the group is broadening its banking attacks. The group’s bank hacking previously had focused on Asia, said Eric Chien, technical director of Symantec’s Security Technology and Response division. “We never saw them do anything, for example, to the U.S., let alone Europe,” he said. “Now we see them targeting the U.S. and Europe.”

In November the Federal Bureau of Investigation warned U.S. financial institutions that it was “monitoring emerging reports indicating that well-resourced and organized malicious cyber actors have intentions to target the U.S. financial sector.”

The FBI didn’t respond to requests for comment about the latest attacks.

The attacks started in October by compromising the website of the Polish Financial Supervision Authority, an incident that was reported last week by the Badcyber.com blog. The hackers programmed that website to attack banking computers that visited the site, the researchers say.

Security investigators call this technique a “watering hole.” It lets criminals use one common access point to break into a range of other organizations. In this case, by infecting a website commonly visited by banking employees, the hackers could hope to spread malicious software onto computers within the financial institutions on their list, said Adrian Nish, head of BAE Systems’ Threat Intelligence team.

A Polish Financial Supervision Authority spokesman confirmed that the regulator had “identified an external attempt to interfere in the operating IT system,” and had turned over evidence of the incident to law enforcement after restoring the website. The Polish National Police Agency didn’t immediately respond to a request for comment Friday.

The hackers programmed the hacked web servers to attack computers only if they originated from a short-list of approximately 75 institutions—an apparent effort to keep a lower profile and help evade detection, the researchers say.

This list includes 19 financial institutions in Poland, 15 in the U.S., nine in Mexico, and seven in the U.K., said BAE Systems, which declined to name the institutions.

The attacks also compromised a website belonging to Mexico’s financial regulator, the National Banking and Securities Commission, and a state-run bank in Uruguay, Dr. Nish said. A spokeswoman for the National Banking and Securities Commission said that it has seen no evidence that its computers were compromised. “During the past weekend, we received notice of a coordinated attack addressed to banking institutions world-wide,” she said. “Our Security Operations Center performed a thorough inspection, from which no abnormal behavior was detected.” The Commission’s investigation is continuing she said.

The attacks, with their use of the “water hole” technique, appear to be more sophisticated than previous Lazarus attacks, Dr. Nish and Mr. Chien said. In the shadowy world of cybersecurity, code can be stolen and reused, which makes the business of linking attacks to specific actors time consuming and often inexact. Dr. Nish, at BAE, said he has a “high confidence” that the group involved is Lazarus. “We know the tools that they’re using very well and we know the infrastructure they’re using and their tactics,” Dr. Nish said. “And we can strongly confirm that the tools that have been found on the bank networks and in these [website] attacks are part of the group’s tool kit.”

Mr. Chien said that Symantec hadn’t yet done analysis required to definitively make the connection, but that the tools used in these latest attacks are linked to Lazarus tools used in the past.

Write to Robert McMillan at Robert.Mcmillan@wsj.com

 

Donald Trump pledges to cut military budget after criticising ‘out of control’ F-35 aircraft program

December 12, 2016

.

f-35

F-35B Lightning II, the first of Britain’s new supersonic ‘stealth’ strike fighters CREDIT:BRITISH MINISTRY OF DEFENCE/EPA

Donald Trump on Monday criticized Lockheed Martin’s F-35 fighter jet program as too expensive, the latest attack by the U.S. President-elect on large defense contractors.

The aerospace giant’s shares dropped 4 percent after Trump’s tweet, while shares of several other defense contractors also weakened.

“The F-35 program and cost is out of control,” Trump said on Twitter. “Billions of dollars can and will be saved on military (and other) purchases after January 20th.”

Last week, he also used Twitter to target Boeing Co for its “out of control” costs on a new fleet of Air Force One planes.

Boeing is building a brand new 747 Air Force One for future presidents, but costs are out of control, more than $4 billion. Cancel order!

Lockheed Martin’s F-35 program leader, Jeff Babione, responded by saying the company understands concerns about affordability and has invested millions of dollars to reduce the jet’s price.

Babione said Lockheed’s goal was to reduce the price of the F-35 by 70 percent from its original estimates. “We project it to be about 85 million dollars in the 2019 or 2020 time frame,” he told reporters in Israel.

A week before Trump won the Nov. 8 presidential election, the U.S. Defense Department and Lockheed Martin concluded negotiations on their ninth contract for 90 F-35 fighter jets after 14 months of negotiations, the Pentagon said.

Lockheed won the contract, valued at up to $7.18 billion, in late November and has received an interim payment.

Trump interview
Donald Trumps is interviewed by Chris Wallace of Fox News CREDIT: AP

Trump campaigned on a promise to cut waste in federal government.

Lockheed and its key partners, Northrop Grumman Corp , Pratt & Whitney and BAE Systems, are developing and building three variants of the F-35s for the U.S. military and 10 allies including Britain, Australia, Norway, Denmark, the Netherlands, Italy, Turkey, Israel, Japan and South Korea.

After Trump’s Monday morning tweet, shares of Northrop Grumman were down 4.5 while shares of BAE Systems were 2.4 percent lower in London.

Shares of General Dynamics, Raytheon, and United Technologies were all lower Monday, as were shares of Boeing.

f-35
F-35 aircraft

United Technologies Corp , which had a run-in with the President-elect over a plan to ship 2,100 jobs to Mexico from Indiana operations of its Carrier air conditioning unit. The company last week agreed with Trump to keep about 800 of the threatened manufacturing jobs in Indiana, and retain another 300 headquarters jobs, in return for state tax incentives.

The attacks on Boeing and Lockheed Martin raise concerns that the incoming Trump administration will threaten defense contractors’ profit margins.

“His emerging habit of using Twitter as a bully pulpit could become a threat to controversial high profile programs,” Cowen analysts wrote last week after Trump criticized the cost of Boeing’s Air Force One replacement program. “Even if Trump only launches a bombastic Twitter shout-out, this more aggressive approach to contractor relations could impact the stocks.”

Earlier this month, the Pentagon’s chief arms buyer said he was hopeful that Lockheed F-35 block buy will proceed.

Europe, Russia arms groups gain market share

December 5, 2016

AFP

© AFP/File | A Lockheed Martin F-35 Lightning II fighter jet — the defence contractor took $36.4 billion in revenue in 2015

STOCKHOLM (AFP) – Arms manufacturers in Europe and Russia gained market share in 2015, but international sales were still dominated by their US competitors, the Stockholm International Peace Research Institute (SIPRI) said Monday.

For Russian industrialists, the growth underlined “the ministry of defence’s commitment to fund military procurement despite the economic difficulties,” said the research centre, which consists of experts on defence issues.

But although Russian exports increased by 6.2 percent over 2014, the rate was “significantly slower than the 48.4 percent growth rate between 2013 and 2014,” it said.

SIPRI ranks the world’s top 100 arms and military service merchants, excluding China, which does not deliver reliable data.

Western nations monopolise the top 12 places in the ranking with US defence contractor Lockheed Martin leading with $36.4 billion in revenues, US defence and aerospace giant Boeing with $28 billion, and Britain’s BAE Systems with $25.5 billion.

Total sales fell by 0.6 percent, dropping for the fifth consecutive year, but reached $370.7 billion, SIPRI said.

North American arms manufacturers remained dominant but their turnover fell by 2.9 percent because of ongoing limitations on government spending, including military spending and the strength of the US dollar that weighed on exports.

But groups in Western Europe saw an upsurge with growth of 6.6 percent, reversing a negative trend. Such firms control 25.8 percent of the market compared with 8.1 percent held by the Russians.

“Major arms export deals in 2015, such as those to Egypt and Qatar, have increased French arms companies’ sales,” said Aude Fleurant, Director of Research on Armaments and Military Expenditures.

The growth of six French firms in the top 100 companies, among them Dassault, Thales and Safran, pushed up arms sales by 13.1 percent, outpacing German manufacturers who notched up an increase of 7.4 percent and British companies with 2.8 percent.

India signs $750m deal for BAE howitzers

December 1, 2016

AFP

© AFP/File | India has signed an agreement to buy 145 BAE Systems’ M777 ultra-lightweight howitzers for its military

NEW DELHI (AFP) – India has signed a $750 million agreement with the United States to buy 145 howitzer artillery guns from BAE Systems, an official said Thursday, its first such deal in three decades.

India, the world’s number one defence importer, is updating its military capabilities with hardware worth tens of billions of dollars in the face of long-standing tensions with regional rivals China and Pakistan.

It has been in discussions since 2012 to buy BAE Systems’ M777 ultra-lightweight guns through the US Foreign Military Sales programme.

“India has signed the letter of acceptance which formalises the contract between India and the US for the howitzer guns,” a defence official told AFP in New Delhi.

The deal, worth nearly 50 billion rupees, will see 25 guns being delivered in ready-to-use condition with the rest being assembled in India, the official said on condition of anonymity.

The howitzers, with a maximum range of 30 kilometres (17 miles), will be used by the army’s mountain artillery divisions along India’s high-altitude frontiers.

India has fought three wars with arch-rival Pakistan since independence in 1947, but China is increasingly seen as the main focus of its ambitious military modernisation and procurement policy.

India last purchased howitzers for the army in 1986, when it bought 410 field guns from the Swedish arms giant AB Bofors.

The Bofors deal became mired in corruption allegations and cost then Congress Prime Minister Rajiv Gandhi the 1989 national elections.

BAE Systems said in February it had chosen India’s Mahindra group to build a plant for assembling the artillery guns.

Prime Minister Narendra Modi has said he wants foreign manufacturers that win lucrative hardware deals to invest in India by partnering with local firms.

“The first two howitzers should be delivered within the next six months,” the official said.

Japan’s military seeks record spending to counter North Korea, China moves

August 31, 2016

Reuters

Tue Aug 30, 2016 11:12pm EDT

Cameron says UK must stay close to the EU after Brexit

July 11, 2016
.
Reuters
Mon Jul 11, 2016 2:04pm BST

Prime Minister David Cameron said it was in Britain’s fundamental interest to remain very close to the European Union when it renegotiates a new relationship with the bloc it voted to leave in a referendum last month.

Speaking to global aerospace executives at the Farnborough airshow, Cameron said Britain must accept the reality of the vote and must make it work, including forging a new relationship with its European partners.

“The big strategic decisions are for the next prime minister but the groundwork is under way,” he said on Monday.

“All I would say about the outcome is this: I believe it is in our fundamental national and economic interest to remain very close to the European Union, for trade, for business, for security, for cooperation. So let that be our goal.”

Cameron announced his resignation the day after his campaign to remain in the European Union was defeated in the referendum.

He said Britain had already had a taste of the turbulence in global markets and in term of the value of the pound that he had warned would follow a leave victory.

“There will be other problems ahead – but I want to be clear: we will deal with them from a position of strength, with a growing economy, a greatly reduced deficit, lower inflation and more jobs and businesses than ever before in our country,” he said.

“Above all though, we must recognise we are in a new reality now, we must accept it and we must make it work.”

He said Britain needed to “think big and think radically” to ensure the best outcome in the new circumstances, including a much bigger push on trade and investment targeting fast-growing economies like India and China.

The bosses of Britain’s two biggest defence companies, BAE Systems and Rolls-Royce, said earlier on Monday that they would cope with the fallout from Brexit, but they needed government to play its part.

Also speaking at Farnborough, the U.S. Pentagon chief arms buyer Frank Kendall said Britain’s vote to leave the European union was not expected to fundamentally alter its ties with the U.S. military or weapons-related trade.

(Reporting by Paul Sandle, Kate Holton and Karin Strohecker; editing by Stephen Addison)

Before massive Bangladesh heist, New York Fed feared such cyber attacks — Bangladesh Central Banker to Meet With Fed’s William Dudley and Top Swift Officials

May 8, 2016

In the years before hackers stole $81 million from a Bangladesh central bank account at the Federal Reserve Bank of New York, senior Fed security officials examined the risk of such an attack – but judged the prospect unlikely, bank sources told Reuters.

The Fed managers worried that lax security procedures and outdated technology at some foreign central banks could allow cyber-criminals to commandeer local computers and breach foreign accounts at the U.S. central bank, according to interviews with seven current and former New York Fed officials and a former U.S. government official familiar with the discussions.

Over several years, New York Fed and Federal Bureau of Investigation officials discussed the risk of an attack made using the banking system’s communications network, known as SWIFT, according to Fed and government officials, who spoke on condition of anonymity.

“The New York Fed was concerned with lots of vulnerabilities,” said the former government official. “SWIFT was one of them.”

Bangladesh bank heist

But the Fed focused security resources on other priorities, such as preventing money-laundering and enforcing U.S. economic sanctions, officials with knowledge of the bank’s security operations told Reuters. Fed officials took some comfort in the fact that SWIFT’s security software had never been cracked, the officials said.

The immediate result of the breach for the New York Fed is a claim from the Bangladesh Bank for payment of lost funds and a potential lawsuit. Beyond that, the heist showed that the U.S. central bank long understood a potentially systemic risk to a vital global finance network, but was unable or unwilling to address it.

The New York Fed declined to comment on past security priorities or on whether it had made changes since the heist. SWIFT declined to comment.

Before the heist, some New York Fed officials considered the threat of fraudulent transfers ordered through SWIFT a “fat tail risk” – a statistical term for events with low probability but dire consequences, said one well-placed official with knowledge of the discussions. February’s theft from the Bangladesh Bank fit that definition – a bold cyber heist in which thieves attempted to withdraw nearly $1 billion in dozens of requests.

The crime rattled the banking industry because the conduit for the theft was the SWIFT network, an acronym for the Society for Worldwide Interbank Financial Telecommunication. A cooperative overseen by 20 of the world’s largest central banks, SWIFT connects about 11,000 financial institutions globally that use it to order money transfers.

“What everyone is realizing right now is that no one has ever really appreciated the risk,” said the person with direct knowledge of the New York Fed’s deliberations.

SWIFT has said that the scheme involved altering SWIFT software on Bangladesh Bank computers to hide evidence of fraudulent transfers. Last week, SWIFT acknowledged that the Bangladesh Bank attack was not an isolated incident but one of a number of recent criminal schemes aimed at its messaging platform. SWIFT has declined to elaborate further.

Two Bangladesh Bank officials have told Reuters they believe both the New York Fed and SWIFT bear some responsibility for the failure to prevent the attack. The officials previously told Reuters that SWIFT gave Bangladesh Bank no prior warning about vulnerabilities, and the New York Fed failed to stop fraudulent orders when they reached New York.

The head of Bangladesh Bank is scheduled to meet next week with New York Fed president William Dudley and a senior executive from SWIFT to discuss the matter. SWIFT has said the attack was related to an internal operating issue at Bangladesh Bank, and the New York Fed has said it has no evidence that its systems were compromised.

Richard Dzina, head of the New York Fed’s wholesale product office, in remarks at a banking conference Tuesday said bank workers “acted properly” in releasing the funds. The system was penetrated, he said, because the hackers had acquired valid credentials to order the transfers.

 

$80 BILLION A DAY

The New York Fed holds trillions of dollars in funds for central banks worldwide. It processes about $80 billion in fund transfers in and out of their accounts each day, according to a New York Fed official.

Security is handled by the New York Fed’s Central Bank and International Account Services (CBIAS) division, a closely-guarded operation inside its fortress in lower Manhattan. CBIAS assigns risk profiles to individual countries and regions, assessing government stability, terrorism threats, and organized crime activity when deciding how to dispense cash to central banks and other official institutions, current and former Fed officials said.

In the months before the attack, the security unit was focused on bulking up its anti-money laundering protections, an initiative driven by the Board of Governors at the Fed’s Washington, D.C. headquarters, according to two people familiar with the plan. Another priority was protecting the Fed’s own Fedwire payments system from cyber attacks, several current and former Fed officials said.

Most transfer requests are approved automatically after computer screening. Only a few of about 2,000 daily transactions are flagged for review by employees, according to a New York Fed official.

One of the officials said automated scanners used for SWIFT payments were effective for preventing money laundering and enforcing economic sanctions – but would not defend the bank against fraudulent money transfers.

“There is a balance here that has to be struck between allowing customers to make new payments and to conduct their business in a timely manner, and also to prevent really obnoxious or obvious cases of fraud,” said Shehriyar Antia, a former senior New York Fed policy advisor and analyst in the CBIAS unit.

The CBIAS system specifically checks for typographical errors – and it was a thief’s typo, along with an unusually high number of requests for payments to private entities, that alerted the Fed to February’s cyber attack, banking sources have told Reuters. Once alerted, the Fed suspended payments on most of the requests coming from the Bangladesh Bank, but not before the thieves extracted $81 million.

The Bangladesh Bank, Bangladesh police and the FBI are investigating the attack.

A Bangladesh police official who heads the department’s forensic training institute previously told Reuters that SWIFT servers at Bangladesh’s central bank were vulnerable to hackers because of the absence of a firewall and a lack of basic security protocols.

 

LOOSE CONTROLS

Three former officials said that the New York Fed had recently focused on loose controls over terminals and other access points to the SWIFT network at foreign central banks, where bankers often order withdrawals for hundreds of millions of dollars.

The concerns focused on the possibility that banks would purchase computers implanted with malicious software or that attackers could steal or buy legitimate credentials from employees, said the former U.S. government official. An additional worry, according to two former Fed officials, was the possibility that a corrupt insider — possibly a bank employee — might have access to the SWIFT network and submit a fraudulent payment request.

Years of managing foreign central bank accounts gave some Fed officials concern that certain banks were ill-equipped to handle local security because of a lack of infrastructure investment and other procedural problems. But the Fed does not have the ability to audit the security protocols at correspondent central banks.

“The vulnerability is that central banks, even in developing countries, have a lot of money relative to their level of sophistication,” said the official with knowledge of the security concerns. “It’s not just Bangladesh.”

 

(Writing by David Greising; editing by Brian Thevenot and Edward Tobin)

Japan interested in joining NATO missile consortium

July 10, 2015
.
A RIM-7P NATO Sea Sparrow Missile being launched from the Nimitz-class aircraft carrier USS Abraham Lincoln (CVN 72) during a stream raid shoot exercise. AFP photo
.
Reuters
.
Japan is interested in joining a NATO missile building consortium that would give Tokyo its first taste of a multinational defense project, a move the U.S. Navy is encouraging because it could pave the way for Japan to lead similar partnerships in Asia, sources said.
.
The 12-country NATO consortium oversees development and shares the costs of the SeaSparrow missile, an advanced ship-borne weapon designed to destroy anti-ship sea-skimming missiles and attack aircraft.
.
The missile is made by U.S. weapons firms Raytheon and General Dynamics.
.
In May, Japanese naval officers traveled to a North Atlantic Treaty Organization meeting in The Hague to learn more about the consortium, Japan’s navy and a U.S. source familiar with the trip told Reuters.
.
Two Japanese sources familiar with the initiative said discussions in Tokyo were at an early stage, although joining the consortium would dovetail with Prime Minister Shinzo Abe’s more muscular security agenda, which included the lifting last year of a decades-old ban on arms exports.
.
The sources declined to be identified because they were not authorized to speak to the media.
.
The consortium, established in 1968 by four countries including the United States, is set to develop an upgraded version of the SeaSparrow in the coming years.
.
Having Japan on board would spread the project’s costs, but Washington also sees a role for Japan in leading multinational military industrial partnerships in Asia at a time when China’s military modernization and assertiveness is alarming many countries in the region, said the U.S. source.
.
Such partnerships, which are rare in Asia, would create a network of security ties beyond formal military alliances that mostly involve Washington and its various regional allies.
.
“We think this project will allow Japan to lay the groundwork for further defense export programs in the future,” the U.S. source said. “We would welcome this kind of security cooperation activity by Japan in the region.”
.
Asked to comment, a spokesman for the Japanese navy said in an email: “The U.S. Navy is keeping us informed about the SeaSparrow project. With the aim of improving the procurement efficiency of our ship-based surface to air missiles we are gathering information to make the necessary choice.”
.
The U.S. Navy said it was not immediately able to comment. NATO declined to comment.
.
Tokyo already beefing up Asia ties
.
Japan has one of the most advanced military industrial bases in the world, but companies such as Mitsubishi Heavy Industries have long made weapons only for the Self Defense Forces because of the arms export ban.
.
Since lifting those curbs, Abe has begun boosting security cooperation across Southeast Asia, where several countries with tight budgets are worried by China’s creation of man-made islands in the disputed South China Sea.
.
In June, Abe agreed with Philippine President Benigno Aquino on an exchange of military technology and hardware. Abe in May also agreed to start talks on transfers of defense equipment and technology with Malaysia.
.
And Australia is considering Japan as the possible builder of its next generation submarines, something U.S. naval commanders have publicly encouraged because doing so would deepen ties between two of Washington’s closest allies in Asia.
.
None of these initiatives, however, are multinational.
.
Some concerns in Tokyo
.
Japan’s navy already uses the SeaSparrow missile, which is assembled locally by Mitsubishi Electric under a co-production agreement with NATO and the U.S. manufacturers.
.
That would make the transition to a full consortium partner easier, said the U.S. source.
.
One of the Japanese sources said some concerns had been raised in Tokyo over diminished control over production by being a member, even though sharing of costs would be welcomed.
.
“The concern is what it would mean to security by having to rely on other nations,” the Japanese source said, referring to the possibility supplies of munitions and equipment from other countries could be disrupted more easily than those made at home, especially during any conflict.
.
It could also become a political issue since Japanese firms that supply parts for the SeaSparrow missiles made in Japan could miss out if Tokyo joined a consortium where work was spread among participating nations.
.
The U.S. Navy’s desire to see Japan in the consortium comes after a proposal for Mitsubishi Heavy to join Lockheed Martin Corp’s F-35 stealth fighter program fizzled out last year.
.
Japanese defense bureaucrats had hoped working on the F-35 as a subcontractor to rear fuselage maker BAE Systems of Britain would have given Mitsubishi Heavy exposure to global arms markets.
.
But it proved impossible for Mitsubishi Heavy to compete on pricing of components given the advantage enjoyed by contractors in the initial nine countries due to their governments’ funding of specialized tooling for the program.
.
“Japan recognizes that it should join these international groups to help amortize purchases and make their industry more competitive,” said a U.S. executive who works closely with the Japanese government and industry.
.
“You’re going to see them engaged in more and more bilateral, trilateral and multilateral groups in coming years.”