By Alexander Winning and Elena Fabrichnaya
MOSCOW (Reuters) – Russian authorities arrested a large number of suspects in May in connection with the recently revealed electronic theft of $19 million from accounts held at the Russian central bank, an official said on Wednesday.
The bank said last week that hackers had this year used fake client credentials to steal money from correspondent accounts — used to handle transactions on behalf of another bank — at the Bank of Russia.
Banks around the world are tightening the security of their messaging and money transfer networks following a number of cyberattacks – most notably the use of stolen Bangladesh Bank credentials to send SWIFT messages requesting the transfer of nearly $1 billion from its correspondent account at the New York Federal Reserve. The hackers succeeded in transferring $81 million to four accounts in Manila.
Artyom Sychyov, deputy head of the Bank of Russia’s security directorate, said the Federal Security Service, or FSB, and the Interior Ministry, which oversees the police, had run a joint operation after the Russian heist, and that “a large number of people were arrested”.
He declined to give further details – but on June 1, the FSB said it had, together with the police, detained some 50 people suspected of the electronic theft of 1.7 billion rubles ($27 million) from unnamed Russian financial institutions.
The FSB and Interior Ministry did not immediately respond to questions about whether this was the operation mentioned by Sychyov.
Sychyov said the attack on the central bank had been confined to third-party correspondent accounts. “The payment system of the Bank of Russia cannot in any way be implicated,” he said.
The Bank revealed the attack in a sparse passage on page 37 of a 69-page financial stability report published last Friday.
It said the hackers had broken into an electronic system that gives clients access to correspondent accounts held within the Bank.
It said they had attempted to steal 2.87 billion rubles ($45 million), of which 1.67 billion was later frozen or recovered.
Since the report was published, central bank officials have declined to answer detailed questions.
This week, the Bank of Russia moved Sergei Moiseyev, head of the department for financial stability, which was responsible for the report, to a new job as adviser to the bank’s governor on reform of the leasing industry.
The bank did not respond directly when asked if Moiseyev’s removal was linked to the publication of the information about the cyberattack. ($1 = 63.7653 rubles)
(Additional reporting by Margarita Popova; Writing by Christian Lowe; Editing by Kevin Liffey)