Ecuadorian bank cyber thieves used HSBC accounts in Hong Kong

Question marks over HSBC's 'know your customer' processes as lawsuit shows how thieves used front companies in Hong Kong to launder money stolen in SWIFT cyber attack

Cyber thieves who stole $12m from a bank in Ecuador by cracking the security surrounding its SWIFT international payments system used front companies in Hong Kong with accounts with HSBC to help launder the money.

The claims were made in court filings from Hong Kong where Ecuador's Banco del Austro is suing in a bid to recover its stolen funds.

According to the documents, unearthed by Reuters, the thieves used 23 companies registered in Hong Kong, which appeared to have no other business activity. The 23 companies named were secondary companies that received payments from the four front companies to whom the transfers were originally made.

"Initially, cyber thieves moved $9.139m of the more than $12m they stole from BDA into the Hong Kong accounts of four companies at HSBC and Hang Seng Bank," claims Reuters in its report. "At least $3.1m of the funds were then routed from those four companies to 19 ‘second layer' bank accounts, meaning the funds made a second hop to another set of Hong Kong registered companies."

The report calls into question the ‘know your customer' processes that banks such as HSBC and Hang Seng Bank, the other banks named, ought to have in place to prevent bank accounts from being used for illegal activities.

The money was stolen from Banco del Austro with the aid of malware infiltrated onto the bank's network. It was then used to perform a series of money transfers over the bank's SWIFT payments system, via Wells Fargo, which handles international payments on its behalf.

All the banks involved declined to comment and it is not yet clear whether police in Hong Kong have opened an investigation.

In a ruling in December, the Hong Kong deputy high court judge Conrad Seagroatt suggested that the accounts "all appear to be otherwise inactive corporate vehicles controlled by citizens of the People's Republic of China", according to Reuters.

The claim of a Chinese link dovetails with reports made when the first reports of the Bangladesh Bank $81m cyber heist emerged in April.

SWIFT, the organisation that provides the infrastructure for banks' global money transfers, has warned that evidence of more attacks may emerge. It advised banks to improve their security and to get better at sharing details of apparent cyber attacks and other security issues.