I did not intend my comments to be "a swipe against Bangladesh," because the truth of the matter is that
anyone ... or, any
company ... might easily find opportunity, and find that opportunity irresistible.
The vulnerability is not one of simple technology: it is a vulnerability borne of misplaced
human trust. In a world of "trust, but verify," we cannot verify and we often should not trust.
- We cannot verify that there is not a "weak link" anywhere in our vast chain that has, say, modified the application software or the (open source) operating system, or both.
- We do not exercise any sort of licensure or professional credentialing, as we do with plumbers or low-voltage wiring contractors, to regulate who has access to our software and how it is being maintained.
No matter how technically "secure" SWIFT (or any other system) might be on-paper, what matters most is the
human environment in which it is deployed. This statement could be made, not only for high-dollar systems like SWIFT, but really for on-line transaction processing of all sorts. We have been "loosy goosy," so to speak, about all of these things, and we're constantly paying a billion-dollar price.