I suspect there's a lot more successful attack that resulted in monetary loss than meets the media. When I was at a venture-funded startup back in 2011, we had just raised $15M and on a fri late afternoon, our CFO received an email that looked like it came from our bank. He clicked on it and was immediately phished. Between 4-5pm they transferred $3M out of the account in multiple chunks. The company hasn't set up alerts and the bank, which was a regional one, did not have sophisticated filters to catch them. Long story short, it quickly went Dubai, Hong Kong and London. By the time Mon comes around, some of the money has been re-tranferred again to Asia and Eastern Europe.
Super difficult. We recovered 40% from banks who were willing to look at our evidence. Turns out there was no international banking law that deals with stuff like this. Banks basically make their own decision whether who's right/wrong. The banks in Dubai and Far East basically told us to pound sand. We ended up threatening to sue our regional bank. They covered 20%. So we ended up losing 40%. The funny thing was FBI was involved. You'd think these guys are hot to trot. The guy we spoke to basically sounded like a local policeman whom you just told you lost your bike. "Oh yeah, we are tracking down leads". Net net, don't hire dumb people who can easily get phished. Once the money is gone, it almost always never come back. We counted ourselves lucky that we only lost 40% instead of 100% which is common from what we learned.
When I read articles like this, I have to believe they have someone on the inside, or have some inside knowledge as to how the transfers take place and where the weak points in the process are.
I doubt that; they most likely were just a bunch of nerds who recognised the cheap routers and discovered the vulnerabilities from just playing around with a laptop and something like Kali Linux.
The malware integrated with the SWIFT software, printed manipulated printed receipts, ...
While it is not impossible that someone random was careful and clever enough to observe all the details necessary by watching the system for a while, what is known publicly about the attack IMHO looks more like someone prepared for an attack against SWIFT and then found a vulnerable endpoint.
