Cyber bank heists no surprise as online security lags behind: Expert

The internet was never designed to be secure: Expert

Cyber bank heists such as the one that hit a Bangladesh Central Bank account held by the New York Fed, should not come as a surprise and only serve to highlight that the internet is ill-equipped to deal with the cybercrime, an expert in internet security told CNBC.

Last week, a U.S. congressional committee launched an investigation into the Federal Reserve Bank of New York's handling of the heist of more than $80 million from accounts it maintains for the central bank of Bangladesh.

The committee told the NY Fed that it wanted to know what oversight the Fed had conducted of the SWIFT system, an international electronic financial messaging system used by banks worldwide to authorize billions of dollars a day in money transfers.

Commuters pass by the front of the Bangladesh central bank building
Ashikur Rahman | Reuters

The system, known formally as the Society for Worldwide Interbank Financial Telecommunication, has come under pressure from cyberattacks targeting banks and one expert told CNBC that the internet was not built to be secure as it needed to be for global money transfers.

"The internet was never designed to be secure, its originators thought it was a wonderful global innovation, as it is, but of course the criminals have taken advantage of the weaknesses which are inherent in this kind of network of networks," Professor Sir David Omand, Commissioner at the Global Commission on Internet Governance, told CNBC on Monday.

"So we've seen malware being introduced into systems that banks have been using and we've seen (criminals) also having help from the inside so it's not just technical, it's human as well. So I'm not surprised that criminals have gone after the SWIFT system because that is where the major money transfers take place."

How $80B moving through NY Fed daily could be vulnerable to hackers

Omand noted that the criminals involved in the NY Fed fraud were diligent in their preparation for the cyberattack.

"Can you stop all the attempts, can you pick out the one transaction that's flawed in hundreds of millions of transactions – in this case the $81 million from the Bank of Bangladesh – you can see that that one was very carefully prepared and I've also seen reports that the gang tried out the malware on a Vietnamese bank just to make sure they knew exactly how to insert the malware and carry out their crime."

SWIFT last month launched a new customer security program to "reinforce the security of global banking" but insisted that in recent fraudulent payment cases, its own "network, software and services had not been compromised" and that the security breaches had occurred within its customers "locally-managed infrastructure."

Omand said that innovative security measures would need to be retro-fitted onto existing systems, such as SWIFT.

"Somehow we've got to add further layers of security and the big lesson is coming towards us which is the Internet of Things (interconnected devices in the home and workplace) so we have to ensure the security is built in from the very start, we can't afford to repeat the history of the internet itself," he said.

-CNBC's Eamon Javers contributed reporting to this story.

Follow CNBC International on Twitter and Facebook.