This is what it looks like when I (top line) interview someone who is chatty. Barely get a word in edgeways.
This is where I see a real problem for developed Asia: a complacency and disinterest in the role of technology and innovation. Or is it the clarity of vision from too much innovation?
In a survey conducted by IDC on behalf of Avaya (no link available, you need to sign up to get a copy), key IT decision makers from developed Asian countries (leaving aside Australia for now) were much more likely to downplay the role of innovation in driving business. Singapore came lowest with 14% of respondents believing the statement “innovation is extremely important to drive business.” Compare that to around 40% in India, Thailand and the Philippines.
(Avaya, in case you’re wondering, “is a leading provider of solutions that enable customer and team engagement across multiple channels and devices for better customer experience, increased productivity and enhanced financial performance.” That could probably be simplified.)
In short (excluding Taiwan for which there is no World Bank data, and Australia, for now) the Asian economies with the highest GDP per capita — Singapore, Japan, Hong Kong – are those that value innovation the least. South Korea is only slightly behind there in terms of valuing innovation.
The same holds true when measured by Internet penetration: the more internet there is, the less valued is innovation.
At the other end, it’s also generally true. The lower the GDP, the more likely a country is to value innovation.
The sad truism is that once you reach a certain level of development — and you don’t experience serious recession or other economic upheaval — you tend to see innovation as an unwelcome disruption. In other words, you identify with the established industries, the established way of doing things, probably because that’s where you work and get your living from.
Looking at it the other way, the less developed a country is, the more people — and we’re talking ‘key IT decision makers’ here, not the rank and file folk — see innovation as a way of improving things.
Of course, there’s another possibility too: that those ‘key IT decision makers’ have seen innovation and they realise it isn’t as great as everyone makes it out to be. Indeed, I have some sympathy with that view. The more ‘disruptive’ a technology is, the more disruption it causes — meaning not just that big slow behemoths are put to the sword, but the people who work for them, the companies that supply to them, or make a little here and there in the supply chain.
A truly disruptive business/technology will not only chop off the head of an industry, it will cut off the entrails and lay to waste the body. That can be painful, and not necessarily good for consumers, or anyone standing in the way.
The other question raised in the survey was whether traditional traditional companies in the Asia Pacific would be able to take control against ‘Uber-like’ competitors. Nearly half said it was difficult to compete against such disruptors, and only 3% said they planned to be disruptors themselves. And while 43% felt they were on a par with their peers in terms of being able to fight back, only 6% felt they were “best in class”. Asian modesty, or a serious crisis of confidence?
Australia and China are worth a separate look here. Australia scored highest on the innovation/importance question, with more than 46% of respondents reckoning it was important. That’s good, but it’s probably part cultural. Why would you not at least pay lip service to the Innovation God?
And China skewed the other way. You would kind of expect China to be up there given what is going on in technology. But it’s low — 21/5% — less than South Korea, suggesting that either they were asking the wrong folk, or, maybe the disruption in China is already giving ‘key IT decision makers’ pause. China is by far the furthest down the track in terms of disruption in Asia, so maybe there is some truth in the alternative explanation of this (admittedly scant) data: As economies become more disrupted, so the key ‘IT decision makers’ in them become more pessimistic about how useful innovation is to the economy.
A piece I co-wrote on Singapore’s decision to effectively air-gap most of its government computers — beyond security, military and intelligence. This is not something they’ve done lightly, but it does feel as if they might not have thought it all the way through. On the other hand, there were quite a few people I spoke to who said this might be the thin end of a larger wedge. And what does this mean for the cybersecurity industry?
By Jeremy Wagstaff and Aradhana Aravindan | SINGAPORE
Singapore is working on how to implement a policy to cut off web access for public servants as a defense against potential cyber attack – a move closely watched by critics who say it marks a retreat for a technologically advanced city-state that has trademarked the term ‘smart nation’.
Some security experts say the policy, due to be in place by May, risks damaging productivity among civil servants and those working at more than four dozen statutory boards, and cutting them off from the people they serve. It may only raise slightly the defensive walls against cyber attack, they say.
Ben Desjardins, director of security solutions at network security firm Radware, called it ‘one of the more extreme measures I can recall by a large public organization to combat cyber security risks.’ Stephen Dane, a Hong Kong-based managing director at networking company Cisco Systems, said it was ‘a most unusual situation’, and Ramki Thurimella, chair of the computer science department at the University of Denver, called it both ‘unprecedented’ and ‘a little excessive.’
But not everyone takes that view. Other cyber security experts agree with Singapore authorities that with the kind of threats governments face today it has little choice but to restrict internet access.
FireEye, a cyber security company, found that organizations in Southeast Asia were 80 percent more likely than the global average to be hit by an advanced cyber attack, with those close to tensions over the South China Sea – where China and others have overlapping claims – were particularly targeted.
Bryce Boland, FireEye’s chief technology officer for Asia Pacific, said Singapore’s approach needed to be seen in this light. ‘My view is not that they’re blocking internet access for government employees, it’s that they are blocking government computer access from Internet-based cyber crime and espionage.’
Singapore officials say no particular attack triggered the decision, but noted a breach of one ministry last year. David Koh, chief executive of the newly formed Cyber Security Agency, said officials realized there was too much data to secure and the threat ‘is too real.’
Singapore needed to restrict its perimeter, but, said Koh, ‘there is no way to secure this because the attack surface is like a building with a zillion windows, doors, fire escapes.’
Koh said he was simply widening a practice of ministries and agencies in sensitive fields, where computers are already disconnected, or air-gapped, from the Internet.
Public servants will still be able to surf the web, but only on separate personal or agency-issued devices.
Air-gapping is common in security-related fields, both in government and business, but not for normal government functions. Also, it doesn’t guarantee success.
Anthony James, chief marketing officer at cyber security company TrapX Security, recalled one case where an attacker was able to steal data from a law enforcement client after an employee connected his laptop to two supposedly separated networks. ‘Human decisions and related policy gaps are the No.1 cause of failure for this strategy,’ he said.
‘STOPPING THE INEVITABLE’?
Indeed, just making it work is the first headache.
The Infocomm Development Authority (IDA) said in an email to Reuters that it has worked with agencies on managing the changes ‘to ensure a smooth transition,’ and was ‘exploring innovative work solutions to ensure work processes remain efficient.’
Johnny Wong, group director at the Housing Development Board’s research arm, called the move ‘inconvenient’, but said ‘it’s something we just have to adapt to as part of our work.’
At the Land Transport Authority, a group director, Lew Yii Der, said: ‘Lots of committees are being formed across the public sector and within agencies like mine to look at how we can work around the segregation and ensure front-facing services remain the same.’
Then there’s convincing the rank-and-file public servant that it’s worth doing – and not circumventing.
One 23-year-old manager, who gave only her family name, Ng, said blocking web access would only harm productivity and may not stop attacks. ‘Information may leak through other means, so blocking the Internet may not stop the inevitable from happening,’ she said.
It’s not just the critics who are watching closely.
Local media cited one Singapore minister as saying other governments, which he did not name, had expressed interest in its approach.
Whether they will adopt the practice permanently is less clear, says William Saito, a special cyber security adviser to the Japanese government. ‘There’s a trend in private business and some government agencies’ in Asia to go along similar lines, he said, noting some Japanese companies cut internet access in the past year, usually after a breach.
‘They cut themselves off because they thought it was a good idea,’ he told Reuters, ‘but then they realized they were pretty dependent on this Internet thing.’
Indeed, some cyber security experts said Singapore may end up regretting its decision.
‘I’m fairly certain they would regret it and wind up far behind other nations in development,’ said Arian Evans, vice president of product strategy at RiskIQ, a cyber security start-up based in San Francisco.
The decision is ‘surprising for a country like Singapore that has always been a leader in innovation, technology and business,’ he said.
(Reporting by Jeremy Wagstaff and Aradhana Aravindan, with additional reporting by Paige Lim; Editing by Ian Geoghegan)
Singapore telco M1 is getting Nokia to install an NB-IoT network atop its 4G one, interestingly with an eye not just to land but to sea.
NB-IoT stands for Narrowband Internet of Things, and is the GSM world’s answer to narrowband technologies such as LoRa and Sigifox that threaten to take away a chunk of their business when the Internet of things does eventually take off. Why use expensive modems and services when you’re just trying to connect devices which want to tell you whether they’re on or off, full or empty, fixed or broken?
Techgoondu reports: “While that network caters to heavy users who stream videos or songs on the go, a separate network that M1 is setting up at the same time is aimed at the smart cars, sensors and even wearables.
They said pricing will likely vary with each solution or package, with some companies saving costs from deploying large amounts of connected sensors. However, others that require the bandwidth, say, to deliver surveillance videos over the air, would likely stick with existing 4G networks.
And while many NB-IoT devices are still on the drawing board – standards for the network were only finalised in June – M1 executives were upbeat about jumping on the bandwagon early.
Alex Tan, the telco’s chief innovation officer, said the technology would open up new business opportunities in the years ahead.”
A press release from M1 says it’s working with the ports authority — Singapore is one of the biggest ports in the world — to “explore the deployment of a network of offshore sensors to augment the situational awareness of our port waters,” according to Andrew Tan, Chief Executive of the Maritime and Port Authority, MPA.
This follows Sigfox’s deployment in the city state last month. It also pips to the post rival Singtel who have been talking since February about running a trial of NB-IoT with Ericsson. (Update: “Our preparation to trial NB-IoT is well underway. We are working with our vendors and industry partners to conduct lab trials in December, with a view to launch an NB-IoT network by mid-2017.”)
Here’s my earlier piece on LoRa.
Remote control : LoRa offers a cheaper link to the Internet of Things
By Jeremy Wagstaff
LAUNCESTON, Australia, Reuters – The future of communications may be 5G, where mobile networks push bandwidth-heavy video to phones and pull data from self-driving cars, but some firms see an alternative: farm irrigation equipment, donation boxes and oysters, connected by a technology called LoRa.
LoRa (for Long Range) is among a clutch of narrow band technologies that connect devices cheaply over unlicensed spectrum and vast distances, needing very little power.
The catch: they can only send small parcels of data rather than the gigabytes most wired and mobile standards aspire to.
But, advocates say, that may be more than enough.
‘It turns out you don’t need that huge an infrastructure, and it can be driven by small devices that are very smart and not very expensive,’ says Mike Cruse, CEO of Definium Technologies, which is building LoRa-based devices for farmers, universities and mines.
The so-called Internet of Things (IoT) has long promised to hook up devices, from aircraft to hair dryers, enabling owners to monitor, control and collect data from them remotely. Spending on the IoT will hit $6 trillion between 2015 and 2020, according to PricewaterhouseCoopers.
But the reality has been slow catching up. Ericsson this year almost halved the number of connected devices – including smartphones – it sees by 2020 to 28 billion.
Part of what’s holding things back, critics say, is that solutions are too expensive and elaborate for what is needed. Most involve cellular connections, which are either impractical in rural areas or beyond a user’s budget.
Take Richard Gardner, who runs a 2,500 hectare (6,178 acre) farm in Tasmania and pays A$1,200 per sensor for a cellular-based soil moisture measuring system. He’s working with Definium to design one costing a tenth of that.
‘There’s a lot of technology out there that works now, it’s just very expensive. We’ve got something now that we think has better attributes and is cheaper,’ says Gardner, who has invested in Definium and says he already has other farmers keen to buy the company’s products.
Making all this possible is LoRa, a narrow band standard adopted by the likes of Cisco and IBM, where the thumbnail-sized radios that send and receive data sell for a dollar or less.
Dutch enthusiasts are building a global community of open-source LoRa gateways, called the Things Network. Nodes send and receive messages – about a tenth of the size of an SMS – every couple of minutes to once every few hours. Followers have rolled out their own experimental networks using the community’s software in cities from Colombia to Russia.
Founder Wienke Giezeman says a $300 gateway – the router connecting the LoRa nodes to the Internet – will be available next month. Half a dozen would be enough to cover an average-sized city. ‘This,’ he says, ‘is going to push the next phase of growth.’
And LoRa isn’t the only narrow band technology in town.
Weightless, a British-based alliance, is one. Another is a proprietary U.S. technology run by a company called Ingenu, as is Sigfox, a French firm, which has raised $150 million from companies including Samsung Electronics.
The biggest potential losers are the telecoms companies, the traditional gatekeepers to the coverage these networks now claim. Ericsson says only 1.5 billion of the 16 billion IoT devices it reckons will be connected in 2021 will rely on cellular networks.
Some telecoms firms are counting on NB-IOT, a narrow band standard adopted by the industry that would use their existing cellular networks. Others are hedging their bets by building LoRa and other narrow band networks.
SK Telecom, for example, has rolled out a network across South Korea which it said would cost users a tenth of what they would pay to attach devices to its 4G network.
Likely winners from LoRa networks in IoT Lagging, however, is how best to use these networks.
Charles Anderson, an analyst at IDC, says governments and companies are still pondering what might work, and what end users might want.
In the meantime, smaller players are feeling their way. One visitor to a booth at a recent IoT show in Singapore suggested connecting donation collection boxes so she’d know when they need emptying.
Rishabh Chauhan of The Things Network says the community is still experimenting – from remotely monitoring mouse traps to whether moored rowboats have filled with water. ‘It seems people have a use case, but want to see it on a small level. They’re still prototyping,’ he said.
Much of the pioneering work is outside cities, where existing networks are poor.
Gardner, the farmer, for example, sees the potential for monitoring water flow and levels, the voltage in his electric fences, or his crop sprinklers. Knowing whether they’re working properly would save two trips a day and cut fuel bills, he says.
In a back-room lab, Definium’s Cruse shows some of the sensors he’s designing for clients, all of which could easily connect to a LoRa network.
They include one for measuring salt levels for shrimp farmers in Bangladesh; an LED street lamp for a mining company that could be controlled remotely; a squirrel trap which would alert a catch, and a biosensor attached to an oyster to gauge its health.
Further to my piece on smell sensing tech, it seems that breathalyzers, which use gas sensors like this one: Alcohol Gas Sensor, are getting smaller. This one attaches to a smartphone, fits in a pocket and costs $35. (Via Interesting Engineering)
That’s not the cheapest one out there — this BACtrack Ultra-Portable Personal Keychain Breathalyzer probably is — but I think it’s probably the cheapest that connects to a phone.
Some more links on the matter:
At the end of this program is my piece on smell technology, if you like that kind of thing. BBC World Service – Business Daily, UK FinTech Mulls a Post-Brexit Future (with everything else going on it might seem a bit flippant, or maybe light relief.
Can the UK’s financial technology or FinTech sector maintain its global lead after Brexit? We speak to Lawrence Wintermeyer, the chairman of the industry’s trade body Innovate Finance, about what he hopes the British government will negotiate in a new deal with the EU. Also, Michael Pettis, professor of finance at Peking University, tells us what Brexit looks like from China and why financial markets have been resilient to the initial shock of the referendum’s result. Plus, what’s the point of a smart phone that can smell? Jeremy Wagstaff, Thomson Reuters’ chief technology correspondent for Asia, says you may be surprise.
My piece for Reuters about the technology of smell: Nose job: smells are smart sensors’ last frontier | Reuters. A video version is here.
Nose job: smells are smart sensors’ last frontier
SINGAPORE | BY JEREMY WAGSTAFF
Phones or watches may be smart enough to detect sound, light, motion, touch, direction, acceleration and even the weather, but they can’t smell.
That’s created a technology bottleneck that companies have spent more than a decade trying to fill. Most have failed.
A powerful portable electronic nose, says Redg Snodgrass, a venture capitalist funding hardware start-ups, would open up new horizons for health, food, personal hygiene and even security.
Imagine, he says, being able to analyze what someone has eaten or drunk based on the chemicals they emit; detect disease early via an app; or smell the fear in a potential terrorist. ‘Smell,’ he says, ‘is an important piece’ of the puzzle.
It’s not through lack of trying. Aborted projects and failed companies litter the aroma-sensing landscape. But that’s not stopping newcomers from trying.
Like Tristan Rousselle’s Grenoble-based Aryballe Technologies, which recently showed off a prototype of NeOse, a hand-held device he says will initially detect up to 50 common odors. ‘It’s a risky project. There are simpler things to do in life,’ he says candidly.
MASS, NOT ENERGY
The problem, says David Edwards, a chemical engineer at Harvard University, is that unlike light and sound, scent is not energy, but mass. ‘It’s a very different kind of signal,’ he says.
That means each smell requires a different kind of sensor, making devices bulky and limited in what they can do. The aroma of coffee, for example, consists of more than 600 components.
France’s Alpha MOS was first to build electronic noses for limited industrial use, but its foray into developing a smaller model that would do more has run aground. Within a year of unveiling a prototype for a device that would allow smartphones to detect and analyze smells, the website of its U.S.-based arm Boyd Sense has gone dark. Neither company responded to emails requesting comment.
The website of Adamant Technologies, which in 2013 promised a device that would wirelessly connect to smartphones and measure a user’s health from their breath, has also gone quiet. Its founder didn’t respond to emails seeking comment.
For now, start-ups focus on narrower goals or on industries that don’t care about portability.
California-based Aromyx, for example, is working with major food companies to help them capture a digital profile for every odor, using its EssenceChip. Wave some food across the device and it captures a digital signature that can be manipulated as if it were a sound or image file.
But, despite its name, this is not being done on silicon, says CEO Chris Hanson. Nor is the device something you could carry or wear. ‘Mobile and wearable are a decade away at least,’ he says.
Partly, the problem is that we still don’t understand well how humans and animals detect and interpret smells. The Nobel prize for understanding the principles of olfaction, or smell, was awarded only 12 years ago.
‘The biology of olfaction is still a frontier of science, very connected to the frontier of neuroscience,’ says Edwards, the Harvard chemical engineer.
MORE PUSH THAN PULL
That leaves start-ups reaching for lower-hanging fruit.
Snodgrass is funding a start-up called Tzoa, a wearable that measures air quality. He says interest in this from polluted China is particularly strong. Another, Nima, raised $9 million last month to build devices that can test food for proteins and substances, including gluten, peanuts and milk. Its first product will be available shortly, the company says. For now, mobile phones are more likely to deliver smells than detect them. Edwards’ Vapor Communications, for example, in April launched Cyrano, a tub-sized cylinder that users can direct to emit scents from a mobile app – in the same way iTunes or Spotify directs a speaker to emit sounds.
Japanese start-up Scentee is revamping its scent-emitting smartphone module, says co-founder Koki Tsubouchi, shifting focus from sending scent messages to controlling the fragrance of a room.
There may be scepticism – history and cinemas are littered with the residue of failed attempts to introduce smell into our lives going back to the 1930s – but companies sniff a revival.
Dutch group Philips filed a recent patent for a device that would influence, or prime, users’ behavior by stimulating their senses, including through smell. Nike filed something similar, pumping scents through a user’s headphones or glasses to improve performance.
The holy grail, though, remains sensing smells.
Samsung Electronics was recently awarded a patent for an olfactory sensor that could be incorporated into any device, from a smartphone to an electronic tattoo.
One day these devices will be commonplace, says Avery Gilbert, an expert on scent and author of a book on the science behind it, gradually embedding specialized applications into our lives.
‘I don’t think you’re going to solve it all at once,’ he says.
A Reuters piece I wrote with two colleagues on Apple’s efforts to break the mobile payments logjam (and catch up with China and Africa). In the long run, of course, they’ll likely carve out a decent business, but it’s not as smooth as it might be, and the impression we got was that Apple was facing problems not only convincing partners to jump aboard, but to make sure the process was as Apple-like for consumers as possible.
It’s an interesting conundrum that Apple faces: pretty much everything they have to do now is about ensuring their gadgets interact with worlds they can’t control – from payments to cars.
BY MATT SIEGEL, JEREMY WAGSTAFF AND ERIC AUCHARD
More than 18 months after Apple Pay took the United States by storm, the smartphone giant has made only a small dent in the global payments market, snagged by technical challenges, low consumer take-up and resistance from banks.
The service is available in six countries and among a limited range of banks, though in recent weeks Apple has added four banks to its sole Singapore partner American Express; Australia and New Zealand Banking Group in Australia; and Canada’s five big banks.
Apple Pay usage totaled $10.9 billion last year, the vast majority of that in the United States. That is less than the annual volume of transactions in Kenya, a mobile payments pioneer, according to research firm Timetric.
And its global turnover is a drop in the bucket in China, where Internet giants Alibaba and Tencent dominate the world’s biggest mobile payments market – with an estimated $1 trillion worth of mobile transactions last year, according to iResearch data.
Anecdotal evidence from Britain, China and Australia suggests Apple Pay is popular with core Apple followers, but the quality of service, and interest in it, varies significantly.
To use Apple Pay, consumers tap their iPhone over payment terminals to buy coffee, train tickets and other services. It can be also used at vending machines that accept contactless payments.
Apple Pay transactions were a fraction of the $84.5 billion in iPhone sales for the six months to March, which accounted for two-thirds of Apple’s total revenue.
In Australia, where Apple Pay launched a month ago, payment machines supported by one mid-sized bank reported frequent failures.
“Bendigo Bank is experiencing some unforeseen technical issues in accepting Apple Pay payments at selected merchant terminals,” a spokeswoman for the bank told Reuters, adding that a lack of wider industry engagement in launching the service limited the lead time in testing the new technology.
Apple Vice President Jennifer Bailey said such experiences were premature and not representative. “Like any set of major technology changes, it takes time,” she said. “We want to move as quickly as possible, we push it as quickly as possible.”
Facing a slowing smartphone business, Apple has taken on the payments market hoping to add ways to make its devices more appealing, and more revenue streams. Apple takes a cut of up to 15 cents in the United States on every $100 spent.
While it has long mastered the supply chain for its mobile devices, the payments ecosystem has proved harder to control, and banks in other countries have reportedly negotiated lower transaction fees, contributing to its slow global roll-out.
Apple nearly doubled its R&D spending to more than $8 billion in 2013–15 as it pushed out a wave of new products including Apple Watch and Apple Pay, as well as upgrades to existing hardware devices and new services.
Apple has leveraged its huge U.S. user base to push Pay, but has met resistance in Australia, Britain and Canada where banks are building their own products.
“Payments in general is such a complicated system with so many incumbent providers that revolutionary change like this was not going to happen very quickly,” said Joshua Gilbert, an analyst at First Annapolis Consulting.
The upshot: Apple has rolled out Pay in a dribble, adding countries and partners where it can – Hong Kong is expected to be added next – resulting in an uneven banking landscape with users and retail staff not always sure what will work and how.
In Britain, for example, $14 billion was spent via contactless cards last year, according to Windsor Holden, a Juniper Research analyst. That makes it harder to persuade people to take the extra step on their smartphone for the same checkout convenience.
“You have over 86 million contactless cards in circulation, you have to persuade Britons to register their cards to the (Apple Pay) service when they can already use them to make a contactless payment,” Holden said.
In Australia, where more than 60 percent of all card transactions are through contactless cards, reception has also been muted. A spokesman for one large retailer said he had seen “very little uptake of the payment option” in his sector. He didn’t want to be named as he was not authorized to speak publicly about the matter.
Diego Machuca, 32, banks with Apple Pay-holdout Commonwealth Bank, has an iPhone and is already “largely cashless”. He says Apple Pay is appealing, but he wouldn’t switch banks just to access that one feature. “Not over that. There’s too much work involved just for tap-and-go,” he told Reuters.
Three months after the China launch, users on online forums complained that using Apple Pay, even at popular fast-food outlets, was not as seamless as local services such as WeChat, Tencent’s messaging and mobile commerce phenomenon.
Nonetheless, Apple’s approach has spurred development in several markets where the mobile payments industry had previously not taken hold – giving it the jump on rivals Google’s Android Pay and Samsung Pay.
Android Pay only launched in the United States in March and in Britain last month for use on the latest model Android phones. Samsung Pay is available in three markets; China, South Korea and the United States.
(Reporting by Matt Siegel in SYDNEY, Jeremy Wagstaff in SINGAPORE, Eric Auchard in LONDON and Beijing Newsroom; Editing by Ian Geoghegan)
Lots of attention at the moment on the implications of the Bangladesh Bank hack, now four months old. This is a piece I contributed last week. Quite a bit of water has gone under the bridge since then. We not only don’t know who was behind the hack – North Koreans have been put somewhere in the frame, but that’s by no means a certainty – but we still don’t really understand how all the pieces fit together. Meanwhile, the blame game continues.
WASHINGTON/SINGAPORE | BY DUSTIN VOLZ AND JEREMY WAGSTAFF
Hackers who stole $81 million from Bangladesh’s central bank have been linked to an attack on a bank in the Philippines, in addition to the 2014 hack on Sony Pictures, cybersecurity company Symantec Corp (SYMC.O) said in a blog post.
The U.S. Federal Bureau of Investigation has blamed North Korea for the attack on Sony’s Hollywood studio.
A senior executive at Mandiant, the cybersecurity company investigating the Bank Bangladesh heist, also told Reuters the hackers had recently penetrated banks in Southeast Asia.
In the blog post published on Thursday, Symantec did not name the Philippines bank or say whether any money was stolen, but said the attacks could be traced back to October last year. It did not identify the hackers.
The Philippines central bank’s deputy governor, Nestor Espenilla, told Reuters that no bank in the country had lost money to hackers, although he did not rule out the possibility of cyber attacks.
“We are checking if there are similar attacks on Philippine banks,” Espenilla said. “However, no reported losses so far.”
He added: “It is one thing to be attacked. It is another to lose money.”
Marshall Heilman, vice president for Mandiant, a part of U.S.-based FireEye (FEYE.O), said it was not known whether any money was lost in the other attacks he described or whether the hackers had been successfully blocked.
“There is a group operating in Southeast Asia that definitely understands the bank industry and is at more than one location,” he said.
Heilman declined to identify the country or countries, or the institutions attacked. He said it was the same group as the one involved in the Bank Bangladesh theft and that the attacks were recent, but declined to be more specific.
Central banks elsewhere in Southeast Asia – Singapore, Indonesia, Brunei, Myanmar, Laos, Cambodia, Vietnam, Thailand and East Timor – have declined comment or denied knowledge of any other breaches.
There have been at least four known cyber attacks against a bank involving fraudulent messages on the SWIFT payments network, one dating back to 2013. SWIFT, the Society for Worldwide Interbank Financial Telecommunication, urged banks this week to bolster their security, saying it was aware of multiple attacks.
Banks around the world use secure SWIFT messages for issuing payment instructions to each other.
SWIFT said earlier this week that February’s Bangladesh Bank hack was a “watershed event for the banking industry” and that it was “not an isolated incident.”
Spokeswoman Natasha de Teran said on Thursday that SWIFT was “actively looking into other possible instances of such fraud,” but would not comment on individual entities.
Symantec said it had identified three pieces of malware that were used in limited targeted attacks against financial institutions in Southeast Asia. (symc.ly/1sRNHc7)
One of the malicious programs has been previously associated with a hacking group known as Lazarus, which has been linked to the devastating attack on Sony’s Hollywood studio in 2014.
“There is a pretty hard connection now to the Sony attacks and the actor behind them” and the Bangladesh heist, Eric Chien, technical director at Symantec, said in an interview.
Another cybersecurity firm, BAE Systems, said this month that the distinctive computer code used to erase the tracks of hackers in the Bangladesh Bank heist was similar to code used to attack Sony.
Chien said that if North Korea was responsible for the hacks on banks via the SWIFT messaging network it would represent the first known episode of a nation-state stealing money in a cyber attack.
Policymakers, regulators and financial institutions around the world are stepping up scrutiny of the cyber security of the SWIFT payments system after hackers used it to make fraudulent transfers totaling $81 million out of Bank Bangladesh’s account at the Federal Reserve Bank of New York.
Symantec and other researchers have also linked the hack to a failed attempt to use fraudulent SWIFT messages to steal from a commercial bank in Vietnam.
In addition, Reuters reported last week that Ecuador’s Banco del Austro had more than $12 million stolen from a Wells Fargo account due to fraudulent transfers over the SWIFT network.
Bangladesh police are also reviewing a nearly-forgotten 2013 cyber heist at the nation’s largest commercial bank, Sonali Bank, for connections to the central bank heist, a senior law enforcement official told Reuters. The unsolved theft of $250,000 at Sonali Bank also involved fraudulent transfer requests sent over the SWIFT network.
(Additional reporting by Narottam Medhora in Bengaluru and Karen Lema in Manila; Editing by Siddharth Cavale, Leslie Adler and Raju Gopalakrishnan)