網絡黑科技 不用帶頭罩就能搶銀行
Once upon a time, bank robbers wore balaclavas and dug tunnels. No longer. Three months ago, the world experienced the biggest bank robbery in history when thieves stole $101m from the central bank of Bangladesh.
在過去,搶銀行得穿着黑頭套和挖地道。現在不復如此了。三個月前,孟加拉國央行被盜走1.01億美元,這是有史以來最大的銀行盜竊案。
But these 21st-century fraudsters did not use guns; instead they acquired the access code for the global cross-border bank payment messaging system known as Swift, and used these to persuade the US Federal Reserve to transfer money to their accounts. Then they tampered with the banks’ software to erase their cyber fingerprints.
但這些21世紀的罪犯並沒有用槍,而是獲得了環球銀行金融電信協會(SWIFT)的接入碼,並用這些代碼誘導美聯儲(Fed)將資金轉入他們的賬戶,然後又篡改這些銀行的軟件以消除自己的網絡痕跡。
That is alarming. More worrying still, this is not an isolated heist. This week Swift officials confirmed that a Vietnamese bank suffered a similar attack six months ago when robbers tried (and happily failed) to take more than $1m.
這令人震驚。不過更令人擔憂的是,這起盜竊並非孤立事件。最近SWIFT官員證實,越南的一家銀行6個月前遭遇了類似攻擊,當時盜賊試圖轉走逾100萬美元(幸運的是沒有成功)。
And Swift officials have now told their customers that they are investigating “multiple” cases of seemingly similar attempted breaches, using those access codes and software which erases fingerprints.
SWIFT官員現在向客戶表示,他們正在調查“多起”看起來類似的盜竊企圖個案,盜賊使用了那些接入碼和消除痕跡的軟件。
Unsurprisingly, this has sent shockwaves around the world and led banks such as JPMorgan to tell its employees that it is limiting access to Swift codes. In a 21st-century version of Bonnie and Clyde , this would be the moment when spooky music starts to play and bankers fear that robbers are in the vaults with a magic key capable of unpicking their locks.
並不令人意外的是,這在全世界引發衝擊波,促使摩根大通(JPMorgan)等銀行告訴其員工,將限制獲得SWIFT代碼。在21世紀版本的《雌雄大盜》(Bonnie and Clyde)裏,這時候應該會有陰森可怖的音樂響起,銀行家擔心盜賊們用一把神奇鑰匙打開門進入金庫。
How should the financial world respond? There are at least two clear priorities. First, this saga shows why global regulators and private sector financial officials urgently need to improve their level of cyber defence.
金融世界應該如何迴應?這裏至少有兩個明顯的當務之急。首先,這個故事表明,爲何全球監管機構和私人部門金融官員亟需提高網絡防禦水平。
In recent years, cyber defences at most large western banks have improved; indeed, what is striking about the situation on Wall Street, say, is just how few cyber attacks actually succeed, given that the largest financial institutions are now suffering “tens of thousands” of attacks every minute according to one bank chief executive.
近年,西方多數大銀行的網絡防禦水平有所改善;的確,鑑於一位銀行業高管表示,各大金融機構現在每分鐘遭受“數萬次”攻擊,華爾街真正引人注目的一點是網絡攻擊很少成功。
But while the level of security at individual banks is high, cross-border co-operation is often slow and there are some surprising gaps in the system. This week, for example, insurance industry executives in London alleged that barely a tenth of financial groups have effective insurance against cyber hacking. The legal framework to prosecute hackers is also very patchy and information-sharing between banks is often poor. And while the central banks in the UK and Sweden have demanded that private sector banks now strengthen surveillance of their Swift codes, there has been little public response from governments in emerging market.
但是儘管個別銀行的安全水平很高,但跨境合作往往遲緩,而且這個系統存在一些意外漏洞。例如,最近倫敦保險業高管宣稱,只有十分之一的金融集團針對網絡黑客的風險安排了有效保險。起訴黑客的法律框架也很不完善,而且銀行間往往不會共享信息。儘管英國和瑞典的央行要求私人部門銀行強化對SWIFT代碼的控管,但新興市場的政府幾乎沒有公開回應。
The second, related lesson from these heists is that regulators and investors alike need to pay more attention to the “nodes” of the financial system; after all, a chain is only as strong as its weakest link. And the Swift link is one node that deserves far more scrutiny — and public debate.
其次,與這些盜竊相關的教訓是,監管機構和投資者都需要更加註意金融系統的“節點”;畢竟,一根鏈條的強度就是其最薄弱環節的強度。SWIFT環節就是一個值得加大關注和公共辯論的節點。
