How did hackers crack Mexico's SPEI banking system?

Hackers that made off with up to 400mn pesos (US$20mn) from Mexico's SPEI interbank transfer system last year did so after months or even years of planning, but were also helped by various security oversights within the country's financial system, one of the responders to the April incident was reported as saying.

Last year between April and May, a group of Mexican banks and brokerages were hit by a cyberattack that allowed the hackers, allegedly from a North Korean state-sponsored group, to steal the money by using the SPEI banking system, controlled by the country's central bank.

Reports on the attacks have claimed that the cybercriminals used bogus accounts to transfer the money from one bank to another, eventually employing "cash mules" to withdraw it physically from branches before alarms were triggered.

Josu Loza, one of the responders to the April attack, was quoted as saying by Wired magazine that the attacks required careful planning, but were enabled by insecure network architecture in the financial sector and security oversights in the SPEI system.

Speaking at a recent conference organized by cybersecurity company RSA in San Francisco, the expert said that after phishing attacks to obtain credentials from bank staff, the hackers took advantage of inadequately protected data within the banks' own systems "meaning attackers who had burrowed in could potentially track and manipulate data."

The SPEI system itself, he added, likely had inadequate validation checks, "making it possible to slip bogus transactions through."

After the attacks, both the Mexican financial system and the central bank rushed to update digital security, and even OAS officials have started working with banking authorities on a new cybersecurity framework.

"The main problem in cybersecurity is that we don't share knowledge and information or talk about attacks enough. People don't want to make details about incidents public," Loza said, according to Wired.