​Hackers hit central banks in Indonesia and South Korea

Share this…

The central banks of Indonesia and South Korea have been hit by distributed denial of service attacks on their public websites, with officials linking the timing of the attacks to a pledge made in May by hacktivist group Anonymous.

In the month since activist hacking group Anonymous pledged to target banks across the world, senior officials have said the public websites of the central banks of both Indonesia and South Korea have been hit by cyber attacks.

In response to the attempted hacks, Bank Indonesia has blocked 149 regions that do not usually access its website, including several small African countries, deputy governor Ronald Waas told Reuters.

Waas said several central banks were hit by similar attacks and were sharing the IP addresses used by the perpetrators.

According to officials, no money was lost in the attacks on Bank Indonesia and the Bank of Korea, which were mainly distributed denial of service (DDoS) attempts. They also said there is no word on who is responsible for the attacks.

Waas said it was cooperation between central banks that prevented the attacks from being successful, and that victims are sharing their experiences throughout the region.


In a YouTube video posted in early May, Anonymous said it would launch a 30-day campaign to attack central bank sites in what it dubbed as Operation Icarus.

DDoS is the hacktivist group’s preferred method of attack, disabling websites by flooding them with internet requests, overwhelming the servers temporarily.

Bank of Korea officials told Reuters there was at least one DDoS attack on the bank’s website in May, however it said no harm was done.

“In May, we’ve had so many disturbances,” said Benny Sadwiko, who is leading Bank Indonesia’s cybersecurity efforts. “They are trying to attack the reputation of the banks. So we’re blocking IP addresses from countries that don’t usually access us.”

In just half a day on Monday, Bank Indonesia detected 273 viruses and 67,000 spam emails to its email server and website, officials said.

In early May, Greece’s central bank said that its website became the target of a cyber attack by Anonymous for a few minutes before the bank’s security systems managed to tackle it and the Central Bank of Cyprus has also said its website briefly came under attack in May.

Central banks have been on high alert in the wake of revelations that hackers issued fraudulent money transfers to steal $81 million from the Bangladesh central bank in February.

After learning how the organisation worked, the group of cyber attackers broke into the computer systems of the Bangladesh central bank and issued instructions through the SWIFT network to transfer $951 million of its deposits held at the New York Federal Reserve Bank to accounts in the Philippines and Sri Lanka.

The group had installed malware in systems at the bank’s Dhaka headquarters, which allowed them to spend several weeks spying upon the bank’s systems and processes.

Most of the transactions were blocked but four went through, amounting to $81 million, sparking allegations by Bangladeshi officials that both the Fed and SWIFT had failed to detect the fraud.

The breach was uncovered by accident, with an alert only raised as a result of a small spelling error on one of the transactions that blocked other queries that had not yet been processed.

It emerged in May that those behind the heist actually targeted the computer of a Bangladeshi official to conduct the theft, however the official was not flagged as a suspect at the time. The head of a government-appointed panel investigating the cyber heist told reporters later that month that officials of Bangladesh Bank may have been involved in the calculated theft.

A small portion of the stolen funds have been recovered, but Bangladesh officials are still considering the prospect of taking the US financial system to court to recover the remainder.

According to Symantec, before hitting the Bangladesh Bank, the group responsible for the attack tried their luck on a Philippine institution. The security vendor said last week that similarities in the code used in the malware in both attacks led it to conclude the attacks were from the one source.

The company said the attacks on the Philippine bank occurred from October last year, and represent the earlier known attacks from the group.

“The discovery of more attacks provides further evidence that the group involved is conducting a wide campaign against financial targets in the region,” Symantec said in a blog post.

The Bangladesh Bank attack follows a similar but little-noticed theft from Banco del Austro in Ecuador last year that netted thieves more than $12 million, as well as a previously undisclosed attack on Vietnam’s Tien Phong Bank that was not successful.