Connect with us

Hi, what are you looking for?



Are Attacks Against SWIFT Acts of Cyberwar?

The attacks against the global banking system via SWIFT, which appear to be via a state-sponsored group, poses an important question: is such an act actually an act of cyberwar?

The attacks against the global banking system via SWIFT, which appear to be via a state-sponsored group, poses an important question: is such an act actually an act of cyberwar?

BAE Systems investigation into the Bangladeshi SWIFT theft of $81 million has unearthed ‘a wider campaign’. This led to the discovery of a second bank compromise in a commercial bank in Vietnam – but a reasonable inference from finding ‘multiple bespoke tools’ in ‘SWIFT based systems running in banks’ is that there is yet more to follow.

In a report posted today, BAE Systems warns of the difficulty in making positive attribution to cyber attacks. Nevertheless, it gives enough cluves for any reader to point the finger ultimately at North Korea. For example, BAE Systems first suggests a very strong likelihood that the same group is behind both the Bangladeshi and Vietnam breaches using malware based on msoutc.exe. This it then links to ‘a larger toolkit described in US-CERT Alert TA14-353A.’

Cyber Attacks

“The US-CERT alert mentions ‘a major entertainment company’ and is widely believed to describe the toolkit used to conduct destructive cyber-attack which took place in late 2014. Further details of this same toolkit were disclosed in the ‘Op Blockbuster’ report in February 2016.”

This is a clear reference to the destructive Sony attack. And that attack was firmly blamed on North Korea by the US government.

Meanwhile, Rep James A Hines yesterday introduced Bill HR5220 to the 114th Congress. The purpose is “To direct the President to develop a policy on when an action in cyberspace constitutes a use of force against the United States, and for other purposes.” 

This follows Sen Mike Rounds introduction of Bill S2905 on Monday to “require the President to develop a policy for determining when an action carried out in cyberspace constitutes an act of war against the United States, and for other purposes.”

Advertisement. Scroll to continue reading.

In both cases the text of the bills is yet to be published. Nevertheless they demonstrate a growing desire to formalize what is and what is not an act of cyberwar. This will not be easy, even if it is possible; and Jason Healey, a senior research scholar in cyber conflict studies at Columbia University, considers it unhelpful. “After all,” he says in the Daily Dot , “there is no definition of what an ‘act of war’ is for any kind of kinetic conflict either. An ‘act of war’ depends entirely on the circumstances as well as the decision of the head of government — it is not just a national security decision, but ultimately a political decision.”

Mike Rounds presented his reasoning behind S2905 in an opinion piece in the Wall Street Journal, Sunday 8 May.

Rounds concludes, “America needs a clear and concise definition of when an attack in cyber space constitutes an act of war. The executive branch needs such a definition so it can fully formulate policies governing, for example, when it might be appropriate for the U.S. to undertake offensive operations against a cyber adversary.”

Three days later, at the CentrifyConnect 2016, former head of the National Security Agency and director of the Central Intelligence Agency, U.S. Air Force General Michael Hayden described the issue very differently. He mentioned Sony and North Korea and noted that there was no legal form of words to define the attack. Rather than have government define acts in cyberspace, however, he believes that the users of cyberspace should do so. In this area, he suggested, government should follow industry – noting that FaceBook and Zuckerberg would shape the definition of privacy more effectively than could Congress.

Nevertheless, however unlikely, it is possible that the US President could be forced by law to define an act of cyberwar. If that were to happen, it becomes an open question whether a state-sponsored attack against the global banking system would fall within that definition. That will make security researchers even more reticent in attributing cyberattacks to specific actors.

In February it was announced that the US is already conducting a cyber war against Daesh (IS). A formal definition of a cyber act of war might force the Pentagon into a greater range of retaliatory cyber activity.

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet


On the first anniversary of Russia’s invasion of Ukraine, cybersecurity companies summarize the cyber operations they have seen and their impact.


The war in Ukraine is the first major conflagration between two technologically advanced powers in the age of cyber. It prompts us to question...


Ask any three people to define cyberwar and you will get three different answers. But as global geopolitics worsen and aggressive cyberattacks increase, this...


Russian espionage group Nomadic Octopus infiltrated a Tajikistani telecoms provider to spy on 18 entities, including government officials and public service infrastructures.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...