September 16, 2013

SIBOS NSA SWIFT

As SWIFT's annual SIBOS conference takes place in Dubai this week, much of the buzz surrounds reports that the NSA targeted the SWIFT banking transaction network.

According to a Washington Post report and another article in Der Spiegel, the German weekly news magazine, documents released by whistleblower Edward Snowden reveal that the NSA tapped SWIFT and Visa for transaction data, much if it tied to transactions in the EMEA region.

Mike Fish, CIO SWIFT
Mike Fish, CIO SWIFT
In SWIFT's most direct public response to the reports, Mike Fish, SWIFT's CIO, said that the global banking cooperative operates "our services to the highest security standards. That's because we take the privacy and the protection of our members' data very seriously," he said during his presentation during the Technology Forum Keynote. "We have no evidence to suggest that there has ever been any unauthorized access to our network or our data. We constantly monitor cyber-security threats, and whenever we believe there is any risk to the security of our services, you can be sure we investigate very thoroughly and take whatever actions we deem appropriate to mitigate the risk."

According to the article in Der Spiegel, the NSA had found several ways to monitor messages on SWIFT's network:

"NSA documents from the archive of whistleblower Edward Snowden now show that the compromise reached with the EU is apparently being circumvented by the US. A document from the year 2011 clearly designates the SWIFT computer network as a 'target.' The secret data collection also involves the NSA department for 'tailored access operations.'

According to the documents, one of the various means of accessing the SWIFT information has existed since 2006. Since then, it has been possible to read the 'SWIFT printer traffic from numerous banks.'"

Since 9/11, US intelligence agencies have only had limited success in trying to officially gain access to messages on the SWIFT network in order to search for financial transactions that could be related to terrorism. In July 2010 after initially rejecting an agreement that had broader information sharing criteria, the European Parliament and the US reached a somewhat narrower accord where US intelligence agencies could access financial transaction data on the SWIFT network.

ABOUT THE AUTHOR
Greg MacSweeney is editorial director of InformationWeek Financial Services, whose brands include Wall Street & Technology, Bank Systems & Technology, Advanced Trading, and Insurance & Technology.