Sri Lankan police have arrested two people after a Taiwanese bank said hackers stole about $60 million and wired the cash to accounts in Asia and the U.S., the latest cyberheist to afflict the global financial system.
Far Eastern International Bank’s computer systems were attacked by malware that affected several transactions and has since been removed, the Taipei-based lender said in a statement. The money was sent via the Swift network to accounts in Cambodia, Sri Lanka and the U.S., and about $46 million has been recovered, Chief Executive Vice President Lin Jiann-jong said by phone on Thursday. Any losses are unlikely to exceed $500,000, Lin said.
- Far Eastern International Bank says most money recovered
- Follows hacking of Bangladesh’s central bank last year
Sri Lankan police arrested a suspect last week when he tried to withdraw funds, spokesman RuwanGunasekera said by phone. Further investigations revealed that the suspect passed on money to another person, who surrendered to police this week in possession of 2 million Sri Lankan rupees ($13,000), Gunasekera added.
The incident follows the theft of $81 million from Bangladesh’s central bank last year, which prompted Swift — the interbank messaging system used for money transfers — to develop measures to help lenders defend against cyberattacks.
Two Taiwanese investigators and an official from Far Eastern International arrived in Sri Lanka on Wednesday night to probe the matter, according to Gunasekera. Taiwan’s Criminal Investigation Bureau believes hackers may have controlled the bank’s systems through servers in nations including the Netherlands and the U.S., the bureau said in a statement on Wednesday.
“We have no indication that our network and core messaging services have been compromised,” Swift, whose full name is the Society for Worldwide InterbankFinancial Telecommunication, said in an emailed response to questions on the incident.
Far Eastern International said it will strengthen internal controls relating to its transactions using Swift and appoint external information-technology consultants to review the security of current systems and suggest any improvements.