The Financial Supervisory Commission (FSC) on Thursday shed further light on information security shortcomings at Far Eastern International Bank (遠東商銀) that led to what could have been a US$60 million cyberheist.
The lender’s systems were breached because it did not complete required standard operating procedures, the commission said, citing findings from a preliminary investigation shortly after the hack was reported.
The bank had failed to abide by the principal of least privilege, a fundamental concept in information security entailing that user accounts should be given the minimum level of clearance to perform the tasks that they have been assigned.
Instead, the bank’s system administrators granted more “superuser” accounts than necessary out of day-to-day convenience, the commission said.
That made it easier for hackers to compromise the system, as they had more targets to infiltrate to gain high-level access on the system.
In addition, the lender did not have adequate network segmentation for their connection node to the Society for Worldwide Interbank Financial Telecommunication (SWIFT) messaging system, which is used by financial institutions to send and receive financial transaction information across the globe.
While guidelines required network segmentation for both workstation computers and servers, the bank only had fulfilled the requirement for its workstations, the commission said.
In the absence of network segmentation, the hackers were able to distract the bank with attacks to its system’s running services — such as online banking, ATMs and credit cards — while their intended target was the lender’s connection to the SWIFT system, the commission said, adding that lapses in internal control measures, such as transaction approvals, also slowed detection of the cyberattack.
Criminal Investigation Bureau section chief Chiu Shao-chou (邱紹洲) yesterday told a news conference in Taipei that Sri Lankan police arrested two of the five suspects allegedly involved in the cyberheist and that 99.74 percent of the lost money had either been recovered or at least frozen.
DOLLAR CHALLENGE: BRICS countries’ growing share of global GDP threatens the US dollar’s dominance, which some member states seek to displace for world trade US president-elect Donald Trump on Saturday threatened 100 percent tariffs against a bloc of nine nations if they act to undermine the US dollar. His threat was directed at countries in the so-called BRICS alliance, which consists of Brazil, Russia, India, China, South Africa, Egypt, Ethiopia, Iran and the United Arab Emirates. Turkey, Azerbaijan and Malaysia have applied to become members and several other countries have expressed interest in joining. While the US dollar is by far the most-used currency in global business and has survived past challenges to its preeminence, members of the alliance and other developing nations say they are fed
LIMITED MEASURES: The proposed restrictions on Chinese chip exports are weaker than previously considered, following lobbying by major US firms, sources said US President Joe Biden’s administration is weighing additional curbs on sales of semiconductor equipment and artificial intelligence (AI) memory chips to China that would escalate the US crackdown on Beijing’s tech ambitions, but stop short of some stricter measures previously considered, said sources familiar with the matter. The restrictions could be unveiled as soon as next week, said the sources, who emphasized that the timing and contours of the rules have changed several times, and that nothing is final until they are published. The measures follow months of deliberations by US officials, negotiations with allies in Japan and the Netherlands, and
Foxconn Technology Group (富士康科技集團) yesterday said it expects any impact of new tariffs from US president-elect Donald Trump to hit the company less than its rivals, citing its global manufacturing footprint. Young Liu (劉揚偉), chairman of the contract manufacturer and key Apple Inc supplier, told reporters after a forum in Taipei that it saw the primary impact of any fresh tariffs falling on its clients because its business model is based on contract manufacturing. “Clients may decide to shift production locations, but looking at Foxconn’s global footprint, we are ahead. As a result, the impact on us is likely smaller compared to
TECH COMPETITION: The US restricted sales of two dozen types of manufacturing equipment and three software tools, and blacklisted 140 more Chinese entities US President Joe Biden’s administration unveiled new restrictions on China’s access to vital components for chips and artificial intelligence (AI), escalating a campaign to contain Beijing’s technological ambitions. The US Department of Commerce slapped additional curbs on the sale of high-bandwidth memory (HBM) and chipmaking gear, including that produced by US firms at foreign facilities. It also blacklisted 140 more Chinese entities that it accused of acting on Beijing’s behalf, although it did not name them in an initial statement. Full details on the new sanctions and Entity List additions were to be published later yesterday, a US official said. The US “will