Cyber139- Protect, Prevent Cybercrime

UK gov’s plans for National Cyber Security Centre

June 1, 2016 By Cyber SecurityNo Comments

The UK government has outlined what the National Cyber Security Centre (NCSC) will do, how it will work and who it will work for.

The NCSC is set to open in October 2016 and will be based in London. The NCSC will be led by CEO Ciaran Martin, formerly director general of government and industry cyber security at intelligence agency GCHQ. The technical director for the NCSC will be Ian Levy, formerly technical director of cyber security at GCHQ.

Chancellor George Osborne announced the NCSC in November 2015 as part of the government’s National Cyber Security strategy for the next five years, supported with £1.9 billion funding.

The NCSC is at the heart of that strategy and will be the “bridge” between industry and government, said Matthew Hancock, minister for the Cabinet Office.

It will simplify the “current complex structures, providing a unified source of advice and support, including on managing incidents. It will be a single point of contact for the private and public sectors alike,” he wrote in foreward to the prospectus for the NCSC.

Hancock said it is “vital” that the NSCS works with industry from the very start, and called on UK businesses to give feedback on the centre’s proposed design.

NCSC CEO Ciaran Martin invited UK industry to engage with his team about what they would like to get out of working with the NCSC.

“The government has set out its intent to address the cyber threat, to put tough and innovative approaches in place, and to be a world leader in cyber security.”

“The National Cyber Security Centre will be at the heart of this approach, bringing together the capabilities already developed by CESG – the information security arm of GCHQ, the Centre for the Protection of National Infrastructure, Cert-UK and the Centre for Cyber Assessment.

“This will allow us to build on the best of what we already have, while significantly simplifying the current arrangements,” he said.

According to the prospectus, the NCSC will have four key objectives:

To understand the cyber security environment, share knowledge, and use that expertise to identify and address systemic vulnerabilities.
To reduce risks to the UK by working with public and private sector organisations to improve their cyber security.
To respond to cyber security incidents to reduce the harm they cause to the UK.
To nurture and grow national cyber security capability, and provide leadership on critical national cyber security issues.

Cyber Security Force will detail more information on the NCSC in our next news post.

Cyber attacks via SWIFT on three Asian banks shared malware links

May 28, 2016 By Cyber SecurityNo Comments

Cyber attacks on banks vai the Swift payments system in Bangladesh, Vietnam and the Philippines used the same malware, reports Symantec.

Just two weeks ago the Society for Worldwide Interbank Financial Telecommunication (Swift) warned of a highly adaptive campaign targeting banks.

Swift has since acknowledged that the heist involved altering Swift software to hide evidence of fraudulent transfers, but it said its core messaging system was not harmed.

Swift is a global member-owned co-operative that provides secure financial messaging services that connect more than 11,000 financial services organisations in more than 200 countries and territories.

Commenting on the incidents Swift said he attackers exhibited a “deep and sophisticated knowledge of specific operational controls” at the banks and may have been aided by “malicious insiders or cyber attacks, or a combination of both”.

Swift said the cyber criminals had used malware to manipulate PDF document reports confirming the messages to hide their tracks.

In the earlier cases, Swift said it appeared that insiders or cyber attackers had obtained user credentials and submitted fraudulent money transfer requests.

In addition to this, Symantec said some of the tools used share code similarities with malware used in historic attacks linked to a threat group known as Lazarus.

Symantec believes the attacks on the banks are linked and were possibly carried out by the same group.

They believe this because of similarities in distinctive wiping code between Trojan.Banswift used in the Bangladesh attack and early variants of Backdoor.Contopee, which has been used in limited targeted attacks against the financial industry in south-east Asia.

Symantec believes distinctive code shared between families – and the fact that Backdoor.Contopee was being used in limited targeted attacks against financial institutions in the region – means these tools can be attributed to the same group.

Backdoor.Contopee has been previously used by attackers associated with a broad threat group known as Lazarus. Lazarus has been linked to a string of aggressive attacks since 2009, largely focused on targets in the US and South Korea.

The group was linked to Backdoor.Destover, a highly destructive Trojan that was the subject of an FBI warning after it was used in an attack against Sony Pictures Entertainment.

The group was the target of a cross-industry initiative known as Operation Blockbuster earlier in 2016, which involved major security suppliers sharing intelligence and resources to assist commercial and government organisations in protecting themselves against Lazarus.

As part of the initiative, security firms are circulating malware signatures and other useful intelligence related to these attackers, but Symantec said the discovery of more attacks provides further evidence that the group involved is conducting a wide campaign against financial targets in the region.

While awareness of the threat posed by the group has now been raised, its initial success may prompt other attack groups to launch similar attacks. Banks and other financial institutions should remain vigilant, Symantec said.

Gloucestershire Safer Cyber Forum accepts Cyber Security Force

May 23, 2016 By Cyber SecurityNo Comments

The Gloucestershire Safer Cyber Forum has accepted Cyber Security Force to join it.

The Gloucestershire Safer Cyber Forum (GCSF) was set up and run by the Gloucestershire Constabulary to to provide a source of crime prevention, advice and to share cyber threat information.

GSCF also provides a secure environment for Gloucestershire business to engage directly with peers and Gloucestershire Constabulary on incidents or concerns around cybercrime, along with the ability to report it anonymously.

Being part of GSCF means that we can be at the leading edge of information on how to avoid cyber security issues and when they do arise how best to prevent and recover from the bad guys out there.

Few organisations prepared for cyber attacks, says report

May 20, 2016 By Cyber SecurityNo Comments

Only 23% of organisations are capable of responding effectively to critical security incidents, according to NTT Com Security’s latest threat report.

Nearly 80% of organisations remain unprepared and without a formal plan to respond to cyber security incidents, a report has revealed.

There has been little improvement in preparedness in the past three years, according to the annual Global Threat Intelligence Report (GTIR) by NTT Com Security in The Global Threat Intelligence Report 2016.

Based on data from 24 security operations centres, seven R&D centres, 3.5 trillion logs and 6.2 billion attacks in 2015, the GTIR shows that on average, only 23% of organisations have the capability to respond effectively to critical security incidents.

The lack of improvement was further underlined by the finding that nearly 21% of vulnerabilities detected in client networks were more than three years old, while more than 12% were over 5 years old, and over 5% were more than 10 years old.

Results included vulnerabilities from as far back as 1999, making them over 16 years old.

“Prevention and planning for cyber security incidents seems to be stagnating,” said Garry Sidaway, vice-president of strategy and alliances at NTT Com Security.

“This is a real concern and could be due to a number of reasons, such as security fatigue caused by too many high profile security breaches, information overload and conflicting advice in combination with the sheer pace of technology change, lack of investment and increased regulation.

“Facing security challenges that didn’t exist last year, let alone a decade ago, and struggling with a shortfall in information security professionals, many organisations no longer have the necessary skills or resources to cope. Our mantra is prevention is better than cure and get the security basics right, including having a clear, well-communicated incident response plan.”

Although financial services was the leading sector for incident response in previous annual GTIR reports, the retail sector now takes the lead, with 22% of all response engagements, up from 12% the previous year. But retail – a popular target due to processing large volumes of personal information such as credit card details – also experienced the highest number of attacks, the report shows.

The report shows an increase in breach investigations to 28% in 2015 compared with 16% the previous year, with most incidents involving theft of data and intellectual property.

Internal threats jumped to 19% of overall investigations – from 2% in 2014 – with many of these the result of employees and contractors abusing information and computing assets.

Spear phishing attacks accounted for approximately 17% of incident response activities in 2015, up from 2% previously. Many of these attacks related to financial fraud targeting executives and finance personnel, with attackers using clever social engineering tactics, such as getting organisations to pay fake invoices.

Despite the rise in distributed denial of service (DDoS) hacking groups like DD4BC, the GTIR noted a drop in DDoS related activity compared with the previous two years. This is likely to be due to an investment in DDoS mitigation tools and services, the report said. However, the report also said extortion, based on payments by victims to avoid or stop DDoS attacks, had become more prevalent.

NTT Com Security made four recommendations for incident responses:

Prepare incident management processes and “run books”.
Many organisations have limited guidelines describing how to declare and classify incidents even though these are critical to ensure a response can be initiated. Depending on the type of attack, potential impact and other factors, response activities will be very different for each. Common practices for incident response also suggest organisations should develop “run books” to address how common incidents should be handled in their environment.

Evaluate your response effectiveness.
When incidents occur the last thing you want is to lack an understanding of standard incident response operating procedures. Evaluation of preparedness should include regular test scenarios. Consider post-mortem reviews to document and build upon response activities that worked well, as well as areas needing improvement.

Update escalation rosters.
As organisations grow and roles change, it is important to update documentation related to who is involved in incident response activities. Time is critical to incident response and not being able to quickly involve the correct people can hamper your effectiveness. Updating contact information for suppliers such as external incident response support and other providers is just as important.

Prepare technical documentation.
To make accurate decisions and identify impacted systems, organisations must have comprehensive and accurate details about their network.

90% of big UK businesses hacked by cyber attacks

May 9, 2016 By Cyber SecurityNo Comments

There has been an increase in the number of both large and small organisations experiencing breaches according to the 2015 Information security breaches survey.

90% of large organisations reported that they had suffered a security breach, up from 81% in 2014. Small organisations recorded a similar picture, with nearly three-quarters reporting a security breach; this is an increase on the 2014 and 2013 figures.

59% of respondents expect there will be more security incidents in the next year than last.
The majority of UK businesses surveyed, regardless of size, expect that breaches will continue to increase in the next year. The survey found 59% of respondents expected to see more security incidents. Businesses need to ensure their defences keep pace with the threat.

The median number of breaches suffered in 2015 by large and small organisations has not moved significantly from 2014. 14 for large organisations and 4 for small businesses is the median number of breaches suffered in the last year.

Cost of breaches continue to soar

The average cost of the worst single breach suffered by organisations surveyed has gone up sharply for all sizes of business. For companies employing over 500 people, the ‘starting point’ for breach costs – which includes elements such as business disruption, lost sales, recovery of assets, and fines & compensation – now commences at £1.46 million, up from £600,000 the previous year.

The higher-end of the average range also more than doubles and is recorded as now costing £3.14 million (from £1.15 in 2014).

Small businesses do not fare much better – their lower end for security breach costs increase to £75,200 (from £65,000 in 2014) and the higher end has more than doubled this year to £310,800.

Organisations continue to suffer from external attacks

Whilst all sizes of organisations continue to experience external attack, there appears to have been a slow change in the character of these attacks amongst those surveyed. Large and small organisations appear to be subject to greater targeting by outsiders, with malicious software impacting nearly three-quarters of large organisations and three-fifths of small organisations.

There was a marked increase in small organisations suffering from malicious software, up 36% over last years’ figures.

69% of large organisations and 38% of small businesses were attacked by an unauthorised outsider in the last year, up from 55% a year ago and slightly up from 33% a year ago for SMEs.

Better news for business is that ‘Denial of service’ type attacks have dropped across the board, continuing the trend since 2013 and giving further evidence that outsiders are using more sophisticated methods to affect organisations.

You can find the research at: 2015 Information security breaches survey .

Ransomware increasingly dangerous cyber security threat

April 29, 2016 By Cyber SecurityNo Comments

Ransomware attacks now account for around a quarter of cyber security threats targeting internet users in the UK- according to Eset.

Eset’s LiveGrid telemetry shows an increase in detections of the JS/Danger.ScriptAttachment malicious code, which tries to download and install various malware variants to the intended victims’ machines.

The majority of the code consists of crypto-ransomware, including some well known groupings, such as Teslacrypt.

The most recent wave of attacks has been focused on victims in the UK, where it accounted for roughly every fourth threat in the third week of April 2016, said the security firm.

“To reach as many potential victims as possible, attackers are spamming inboxes in various parts of the world,” said Ondrej Kubovič, security specialist at Eset. “Therefore, users should be very cautious about which messages they open.”

Meanwhile, the latest Verizon Data Breach Investigations Report (DBIR) also warns that ransomware attacks are steadily increasing.

Laurance Dine, managing principal of investigative response at Verizon Enterprise Solutions, said: “Ransomware is going crazy. It is everywhere. As an incident response team we are dealing with ransomware attacks all the time.”

Eset’s Kubovič recommends that companies should train their employees to report incidents to their internal security departments.

“Users should keep their operating systems and software up to date, as well as install a reliable security suite offering multiple layers of protection and regular updates,” he added.

“Last but not least, users need to back up all their important and valuable data, allowing for its recovery in case of ransomware infection,” he said.

While ransomware is becoming an increasing problem for businesses, a recent spate of attacks on hospitals in the past few months – mainly in the US, but also in Canada, Germany and New Zealand – has underlined the potentially life-threatening impact of ransomware, which works by encrypting data and demanding a ransom to be paid for its release.

The dangers of the IoT

A report by Institute for Critical Infrastructure Technology (ICIT) has also highlighted the fact that internet of things (IoT) devices offer a potential growth opportunity to any ransomware operation, given the devices are interconnected by design and many lack any form of security.

According to the report, while a lot of traditional malware will be too large to ever run on many IoT devices, ransomware (predominantly consisting of a few commands and an encryption algorithm) is much lighter.

Many medical devices, such as insulin pumps and other medication dispersion systems, are internet- or Bluetooth-enabled, the report pointed out, and warned that ransomware could used to open connections to infect the IoT device.

Part of the problem with the security of IoT communications is that the designers are more concerned by the ease of connectivity than the safety of their users.

New ransomware threat- with your address

April 11, 2016 By Cyber SecurityNo Comments

A new email ransomware that quotes people’s postal addresses is a costly new cyber security threat.

Andrew Brandt, of US firm Blue Coat, contacted the BBC after hearing an episode of BBC Radio 4’s You and Yours that discussed the phishing scam.

Mr Brandt discovered that the emails linked to ransomware called Maktub. The malware encrypts victims’ files and demands a ransom be paid before they can be unlocked.

The phishing emails told recipients they owed hundreds of pounds to UK businesses and that they could print an invoice by clicking on a link – but that leads to malware, as Mr Brandt explained.

Maktub doesn’t just demand a ransom, it increases the fee – which is to be paid in bitcoins – as time elapses.

A website associated with the malware explains that during the first three days, the fee stands at 1.4 bitcoins, or approximately £400. This rises to 1.9 bitcoins, or £550, after the third day.

The phishing emails tell recipients that they owe money to British businesses and charities when they do not.

One remarkable feature of the scam emails was the fact that they included not just the victim’s name, but also their postal address.

Many have noted that the addresses are generally highly accurate.

According to Dr Steven Murdoch, a cybersecurity expert at the University of London, it’s still not clear how scammers were able to gather people’s addresses and link them to names and emails.

The data could have come from a number of leaked or stolen databases for example, making it hard to track down the source.

Several people contacted the You and Yours team to say that they were concerned data might have been taken from their eBay accounts, as their postal addresses had been stored there in the same format as they appeared in the phishing emails.

The UK’s national fraud and cybercrime reporting centre has been flooded with queries from people targeted by the scam.

“We have been inundated with this,” said deputy head Steve Proffitt. “At Action Fraud on Monday we received an additional 600 calls and from then onwards we’ve received 500 calls to our contact centre a day,” he added.

Mr Proffitt advised people who had received the phishing emails to under no circumstances click on the link, but instead delete the message from their system and inform Action Fraud.

Referring specifically to Maktub and the approach taken by the phishers, Dr Murdoch said he believed the scam was “significant” in more ways than one.

“It also appears to be quite widespread – I’ve heard about it from multiple sources so it seems like they were fairly successful getting a lot of these sent out,” he told the BBC.

He added that it was hard to know how to advise people who were unfortunate enough to have their files encrypted by ransomware.

For some individuals without backups, paying the ransom might be the only way to retrieve their data.

“However, every person that does that makes the business more valuable for the criminal and the world worse for everyone,” he said.

From: http://www.bbc.co.uk/news/technology-35996408#sa-ns_mchannel=rss&ns_source=PublicRSS20-sa

Panana Mossack Fonseca may be victim of hacking

April 6, 2016 By Cyber SecurityNo Comments

Mossack Fonseca, the Panamanian law firm at the centre of a huge leak of confidential financial data claims that it was the victim of a hacking.

Ramon Fonseca- a senior partner at the firm said the leak was not an “inside job” – the company had been hacked by servers based abroad. It had filed a complaint with the Panamanian attorney general’s office.

Several countries are investigating possible financial wrongdoing by the rich and powerful after the leak of more than 11 million documents.

Last week the company reportedly sent an email to its clients saying it had suffered “an unauthorised breach of our email server”.

The company has accused media organisations reporting the leak of having “unauthorised access to proprietary documents and information taken from our company” and of presenting this information out of context.

In a letter to the Guardian newspaper on Sunday, the company’s head of public relations threatened possible legal action over the use of “unlawfully obtained” information.

The revelations have already sparked political reaction in several countries where high-profile figures have been implicated.

On Tuesday Iceland’s Prime Minister Sigmundur Gunnlaugsson stepped down after the documents showed he owned an offshore company with his wife but had not declared it when he entered parliament.

He is accused of concealing millions of dollars’ worth of family assets. Mr Gunnlaugsson says he sold his shares to his wife, and denies any wrongdoing.

European football body Uefa confirmed today that Swiss police had searched its offices in relation to the Panama papers.

It said police had a warrant to look for contracts between Uefa and Cross Trading/Teleamazonas.

The Panama papers suggest current Fifa president Gianni Infantino signed off on a contract with two businessmen who have since been accused of bribery.

Mr Infantino signed off the contract in 2006 as a Uefa director. He says he is “dismayed” that his “integrity is being doubted” and denies any wrongdoing.

Also on Wednesday, Ukraine’s President Petro Poroshenko reacted to his name being linked to the papers.

He said he had created an offshore holding company for his confectionery business when he became president in 2014 but not to avoid taxes.

He said: “If we have anything to be investigated, I am happy to do that. This is absolutely transparent from the very beginning. No hidden account, no associated management, no nothing.”

Eleven million documents held by the Panama-based law firm Mossack Fonseca have been passed to German newspaper Sueddeutsche Zeitung, which then shared them with the International Consortium of Investigative Journalists. BBC Panorama and The Guardian are among 107 media organisations in 76 countries which have been analysing the documents.

ISIS suspect Salah Abdeslam cornered by pizza delivery

March 22, 2016 By Cyber SecurityNo Comments

It appears as though Salah Abdeslam was found by a combination of security forces’ metadata research and a support network that couldn’t cook.

Salah went missing after he wimped out of “martyrdom,” ditching his suicide vest and calling friends to come pick him up and take him home. The car was stopped by the French, but their names weren’t available to the police yet.

Clearly, security forces are not sharing counterterrorism information fast enough to handle modern operations. A slow moving target like the Soviets, or even al Qaeda, allows for a more relaxed approach. ISIS’ operational tempo and behavior is too fast and haphazard.

The Molenbeek area where Salah had been hiding is riddled with radical support networks and sympathizers. He was able to rely on his friends and other support networks. Police targeted elements of these support networks, and eventually discovered a link to Salah himself.

Belgian and French police, who had worked intensively together since November 13, carried out a midday check on what they thought was a defunct terrorist safe house. The utility bills hadn’t been paid in months, officials said, leading police to assume the apartment in the Forest district of southern Brussels stood empty. The six person team didn’t expect to meet resistance and brought no police backup or special forces support.

When the police opened the door, they were shot at with a Kalashnikov and “a riot gun,” according to the Belgian authorities. Four officers were wounded, including a French policewoman. Heavily armed police pursued suspects across the rooftops. One gunman was killed. Two fled the scene, evading capture even though police had sealed off the area.

The “defunct” safe house had a glass with Salah’s fingerprint. Police developed a number of leads and ended up monitoring a house in the Molenbeek area.

Staking out the house, the police became convinced that a larger group of people was there after a woman who seemed to live there ordered several pizzas, according to two security officials.

Just like the raid on el Chapo Guzman was triggered by a large food order, it seems Salah’s capture was based on too many pizzas. Maybe fugitives might want to consider cooking at home, rather than ordering delivery.

It seems that significant parts of the manhunt were enabled by recovering and analyzing mobile phones used by the various suspects.

Aside from the fingerprint found, earlier raids on suspected terrorist hideouts brought other important leads, according to officials. Electronic devices confiscated in earlier raids helped authorities track Abdeslam down, said a Belgian source.

Once a suspect’s mobile number and sim card have been identified, investigators can then serve a court order on telecoms operators to track the number and card down to the nearest phone tower.

The location information generated by the mobile devices (phones and possibly tablets) enabled security forces to track not only individuals, but to map out their networks via e.g. co-location. Mobile phones, even when encrypted and even when using encrypted communications tools, still provide a rich source of intelligence information to security forces.

Modern connected society is a huge data source for the intelligence analyst. Social connections are mapped out via online social networks such as Facebook, but also via the mobility of personal tracking devices such as mobile phones. An underground operative, such as Salah, can avoid using mobiles and computers, but the various elements of his above ground support network are as reliant on modern tools as anyone else.

The problem for underground operatives is that they are reliant on support networks. Support networks for clandestine organizations are almost always based on social networks. Modern society makes support networks an open book for anyone with access to the data (social apps, telco records, etc) and the analytic tools to parse that data (eg Palintir, analysts notebook, etc).

From: https://medium.com/@thegrugq/man-hunting-the-sport-of-security-forces-373d167a3066#.h3otbr3gj

$100 million cyber theft from Bangladesh Central Bank

March 16, 2016 By Cyber SecurityNo Comments

The cyber theft of $100 million from the Bangladesh Central Bank – by way of the New York Federal Reserve – is the largest bank theft to date.

On February 5, the New York Fed was allegedly “penetrated” when “hackers” (of supposed Chinese origin) stole $100 million from accounts belonging to the Bangladesh central bank.

The money was then channeled to the Philippines where it was sold on the black market and funneled to “local casinos” (to quote AFP). After the casino laundering, it was sent back to the same black market FX broker who promptly moved it to “overseas accounts within days.”

The whole situation was quite embarrassing for the NY Fed, because what happened is that someone in the Philippines requested $100 million through SWIFT from Bangladesh’s FX reserves, and the Fed complied, without any alarm bells going off at the NY Fed’s middle or back office.

“Some 250 central banks, governments, and other institutions have foreign accounts at the New York Fed, which is near the centre of the global financial system,” Reuters notes. “The accounts hold mostly U.S. Treasuries and agency debt, and requests for funds arrive and are authenticated by a so-called SWIFT network that connects banks.”

As it turns out there is much more to the story, and as Bloomberg reports today now that this incredible story is finally making the mainstream, there is everything from casinos, to money laundering and ultimately a scheme to steal $1 billion from the Bangladeshi central bank.

And yes, it does appear that hackers managed to bypass the Fed’s firewall:

“Even as banks continue to harden their defenses against such sabotage, hackers too have upped their game to breach servers by utilizing both technical skills and rogue elements within the financial institutions,” said Sameer Patil, an associate fellow at Gateway House in Mumbai who specializes in terrorism and national security.

A Bangladesh central bank official who is part of a panel investigating the disappearance of the funds said that a separate transfer of $870 million had been blocked by the Fed, something the Fed refused to comment on. It does not, however, explain why $100 million was released.

Essentially the dispute is about whether the Fed went through the right procedure when it received transfer orders.

Naturally, the Fed’s story is that it did nothing wrong. Bloomberg writes that according to a Fed spokeswoman, instructions to make the payments from the central bank’s account followed protocol and were authenticated by the SWIFT codes system. There were no signs the Fed’s systems were hacked, she said.

The problem is that the counterparty on the other side of the SWIFT order was not who the Fed thought, and what should have set off red lights is that the recipients was not the government of the Philippines but three casinos.

Bangladesh is quite understandably – furious: a local official said the Fed should’ve checked the payment orders with the central bank to ensure they were authentic, even if they used the correct SWIFT codes. The official also said there are plans to take legal action against the Fed to retrieve missing funds.

Four requests to transfer a total of about $81 million to the Philippines went through, but a fifth, for $20 million, to a Sri Lankan non-profit organization was held up because the hackers misspelled the name of the NGO, Shalika Foundation.

Hackers misspelled “foundation” in the NGO’s name as “fandation”, prompting a routing bank, Deutsche Bank, to seek clarification from the Bangladesh central bank, which stopped the transaction, one of the officials said.

Luckily, the Fed stopped some of the $1 billion in total requested funds. The unusually high number of payment instructions and the transfer requests to private entities – as opposed to other banks – raised suspicions at the Fed, which also alerted the Bangladeshis, the officials said. The details of how the hacking came to light and was stopped before it did more damage have not been previously reported.

The transactions that were stopped totaled $850-$870 million, one of the officials said. At least $80 million made it through without a glitch.

The funds were used to buy casino chips or pay for losses at venues including Bloomberry Resorts Corp.’s Solaire Resort & Casino and Melco Crown Philippines Resort Corp.’s City of Dreams Manila, according to the paper. There was no suggestion in the report the banks or casinos named were complicit with any improper movement of funds.

In other words, the Fed was funding gamblers, only these were located in Philippine casinos, not in the financial district. Ironically, that’s precisely what the Fed does, only it normally operates with gamblers operating out of Manhattan’s financial district.

From: http://www.bloomberg.com/news/articles/2016-03-16/printer-error-set-off-bangladesh-race-to-halt-illicit-transfers