By Joseph Moss – International Banker
In the aftermath of the United States 2016 presidential election, there has been much debate over whether Russian hackers interfered with the electoral process in order to help secure a victory for Donald Trump. Around the same time, however, it was revealed that Russia was the victim of cyberattacks of its own. On December 2, the Russian central bank announced that a security breach resulted in the bank being the victim of a multi-million dollar theft on an undisclosed date earlier in 2016. According to the Bank of Russia’s report of the incident—found in a passage of its financial stability report—hackers managed to access the electronic system that gives clients access to third-party correspondent accounts at the bank (those accounts that are used to handle transactions on behalf of another bank) by faking certain client credentials, and then attempting to steal $45 million.
The central bank did reportedly manage to recover $26 million of this total, however, by freezing new accounts set up by the criminals before any funds had managed to be siphoned off. The deputy head of the Bank of Russia’s security directorate, Artyom Sychyov, also stated that a joint operation had been conducted by Russia’s Federal Security Service (FSB) and its Interior Ministry, which resulted in “a large number of people” being arrested in connection with the theft. Whether those arrested were the same as the 50 people whom the FSB announced in June it had detained remains unconfirmed, although the theft of $27 million from unnamed Russian financial institutions that was disclosed at the time is broadly consistent with the numbers recently stated, and thus suggests so.
While scant additional information has been reported by Russian authorities in relation to the hack, it does seem to follow a similar pattern to that experienced by other financial institutions around the world recently. Indeed, the Bank of Russia theft was not the first cyberattack against a central bank in 2016. Bangladesh Bank was subject to cybercriminals transferring $81 million from its account at the Federal Reserve Bank of New York to accounts in the Philippines. Other high-profile cases include the 2015 hack of Wells Fargo via illicit access to global interbank-payment network SWIFT, which was also used to steal money from a Philippines bank a few months later.
Furthermore, the attack was also not the only threat facing Russian financial institutions at the time. The government also announced that it had discovered a plot by foreign spies to disrupt Russia’s banking system using a spate of systematic “denial of service” attacks that targeted a range of the country’s banking operations. The spies reportedly planned on adopting mass text-messages and social-media campaigns in order to undermine the credibility and public perception of Russian banks, while the FSB also claimed that several dozen cities had been targeted but that the threat was neutralised.
Correspondent banking relationships, such as the ones targeted by the Russian central bank hackers, facilitate the transfer of funds, either domestically or internationally, between different banks and account types, and across different currencies. Messaging can be used to issue instructions to debit money from a customer account in one country (for example, Russia) to a beneficiary in another. Such banking relationships were specifically cited by the head of the International Monetary Fund (IMF), Christine Lagarde, as being at risk of termination by Western banks because dealings with smaller and lower-volume jurisdictions have become less appealing in the wake of heightened concerns over money laundering and terrorism, newly imposed sanctions, overall risk appetite among financial institutions, and higher regulatory costs. The terminations, according to the IMF, therefore, could trigger financial shocks in emerging economies.
If such attacks to Russia’s financial system are true, then it could barely come at a worse time for the country. Herman Gref, the CEO of Russia’s biggest lender Sberbank, recently stated that he believes that the current banking crisis is the worst he has seen in two decades. Moreover, US officials have also spoken about launching an appropriate response to what they believe is Russian interference in the US elections. Although the US has not been identified as the perpetrators of the recent attacks against Russia, the country will be on high alert against any potential foreign attacks at a time of particular vulnerability. As such, it is unlikely that the hacks will be the last on Russian banking in the coming months.