Once upon a time, bank robbers wore balaclavas and dug tunnels. No longer. Three months ago, the world experienced the biggest bank robbery in history when thieves stole $101m from the central bank of Bangladesh.
在过去,抢银行得穿着黑头套和挖地道。现在不复如此了。三个月前,孟加拉国央行被盗走1.01亿美元,这是有史以来最大的银行盗窃案。
But these 21st-century fraudsters did not use guns; instead they acquired the access code for the global cross-border bank payment messaging system known as Swift, and used these to persuade the US Federal Reserve to transfer money to their accounts. Then they tampered with the banks’ software to erase their cyber fingerprints.
但这些21世纪的罪犯并没有用枪,而是获得了环球银行金融电信协会(SWIFT)的接入码,并用这些代码诱导美联储(Fed)将资金转入他们的账户,然后又篡改这些银行的软件以消除自己的网络痕迹。
That is alarming. More worrying still, this is not an isolated heist. This week Swift officials confirmed that a Vietnamese bank suffered a similar attack six months ago when robbers tried (and happily failed) to take more than $1m.
这令人震惊。不过更令人担忧的是,这起盗窃并非孤立事件。最近SWIFT官员证实,越南的一家银行6个月前遭遇了类似攻击,当时盗贼试图转走逾100万美元(幸运的是没有成功)。
And Swift officials have now told their customers that they are investigating “multiple” cases of seemingly similar attempted breaches, using those access codes and software which erases fingerprints.
SWIFT官员现在向客户表示,他们正在调查“多起”看起来类似的盗窃企图个案,盗贼使用了那些接入码和消除痕迹的软件。
Unsurprisingly, this has sent shockwaves around the world and led banks such as JPMorgan to tell its employees that it is limiting access to Swift codes. In a 21st-century version of Bonnie and Clyde , this would be the moment when spooky music starts to play and bankers fear that robbers are in the vaults with a magic key capable of unpicking their locks.
并不令人意外的是,这在全世界引发冲击波,促使摩根大通(JPMorgan)等银行告诉其员工,将限制获得SWIFT代码。在21世纪版本的《雌雄大盗》(Bonnie and Clyde)里,这时候应该会有阴森可怖的音乐响起,银行家担心盗贼们用一把神奇钥匙打开门进入金库。
How should the financial world respond? There are at least two clear priorities. First, this saga shows why global regulators and private sector financial officials urgently need to improve their level of cyber defence.
金融世界应该如何回应?这里至少有两个明显的当务之急。首先,这个故事表明,为何全球监管机构和私人部门金融官员亟需提高网络防御水平。
In recent years, cyber defences at most large western banks have improved; indeed, what is striking about the situation on Wall Street, say, is just how few cyber attacks actually succeed, given that the largest financial institutions are now suffering “tens of thousands” of attacks every minute according to one bank chief executive.
近年,西方多数大银行的网络防御水平有所改善;的确,鉴于一位银行业高管表示,各大金融机构现在每分钟遭受“数万次”攻击,华尔街真正引人注目的一点是网络攻击很少成功。
But while the level of security at individual banks is high, cross-border co-operation is often slow and there are some surprising gaps in the system. This week, for example, insurance industry executives in London alleged that barely a tenth of financial groups have effective insurance against cyber hacking. The legal framework to prosecute hackers is also very patchy and information-sharing between banks is often poor. And while the central banks in the UK and Sweden have demanded that private sector banks now strengthen surveillance of their Swift codes, there has been little public response from governments in emerging market.
但是尽管个别银行的安全水平很高,但跨境合作往往迟缓,而且这个系统存在一些意外漏洞。例如,最近伦敦保险业高管宣称,只有十分之一的金融集团针对网络黑客的风险安排了有效保险。起诉黑客的法律框架也很不完善,而且银行间往往不会共享信息。尽管英国和瑞典的央行要求私人部门银行强化对SWIFT代码的控管,但新兴市场的政府几乎没有公开回应。
The second, related lesson from these heists is that regulators and investors alike need to pay more attention to the “nodes” of the financial system; after all, a chain is only as strong as its weakest link. And the Swift link is one node that deserves far more scrutiny — and public debate.
其次,与这些盗窃相关的教训是,监管机构和投资者都需要更加注意金融系统的“节点”;毕竟,一根链条的强度就是其最薄弱环节的强度。SWIFT环节就是一个值得加大关注和公共辩论的节点。