Introducing SCS Speaker Oliver Simonnet

When you do threat modeling, the danger is often lurking near the interfaces. It’s where different domains touch, where different security levels meet and where trust assumptions have to face reality – or the exploits of advanced attackers.

This means that messaging systems crossing network edges and borders between departments and organizations are necessarily an area that demands a high level of scrutiny. But borders between organizations also mean different technologies, different responsibilities, different organizational structures, different goals, different resources, development rhythms or even jurisdictions. This is why a decent level of security is so hard to achieve in such an environment.

Now combine such an environment with large sums of money and you end up with a very good description of the international SWIFT system that forms the backbone of international bank transfers. This is where the big money flows and when you look at it with a close eye, you realize that SWIFT is basically a big and historically grown messaging channel.

Now SWIFT hacks are nothing new. But what is new is the recurring news about SWIFT hacks, even if the biggest one dates from two years ago. SWIFT seems to be a regular target now, yet there is little public information about the nature of these hacks and the techniques used.

So, we invited somebody who has investigated SWIFT hacks thoroughly: Enter Oliver Simonnet from MWR InfoSecurity. Oliver is an application and infrastructure penetration tester with very deep knowledge of the SWIFT payment system. He investigated the different hacks throughout the years. Thus, he’s the perfect speaker to introduce us to the internals of the messaging that forms the core of SWIFT. He will explain how the Bangladesh hack was carried out step by step. But he will also touch on the other attacks and tell you what they have in common. Then, he will will give us an overview of the protections introduced in SWIFT and other major financial institutions since 2016, describing the personal lessons he’s learnt. If there is time, he will even touch on other weak areas that may become the target of attacks once SWIFT is sufficiently secured.

More about Oliver Simonnet:

• LinkedIn: Oliver Simonnet
• Threat Model: SWIFT Systems and the CSP by Oliver Simonnet
• Video: Oliver at SteelCon

 

Christian Folini, Program Chair