The latest news of hackers successfully hacking US$100 million from the Bangladesh central bank’s account at the Federal Reserve Bank of New York has sent shock waves across the whole banking industry questioning the very credibility and safety of even the corporate and national accounts. This calls for added and advanced vigil and putting in place more perfect security systems.
In one of the most shocking cyber crimes in the banking sector in recent times, hackers have succeeded in moving US$100 million out of the Bangladesh Central Bank’s account in Federal reserve Bank of New York. The cyber thieves, using the Bangladesh Bank’s credentials for transferring funds, tried to move another $850 million out of the US account, but one of the transfer requests raised an alarm when the word “foundation” was misspelled as “fandation.” The error was spotted by Deutsche Bank, one of the routing banks, which then asked the Bangladesh Bank for clarification according to reports.
The incident has already claimed the job of Atiur Rahman, Governor of the Bangladesh central Bank, who resigned on March 15. The money the hackers succeeded in moving was reportedly transferred to accounts in Sri Lanka and the Philippines. Authorities in both Bangladesh and the Philippines are on the lookout for the cyber criminals, but it is unclear how much of the stolen money can be recovered.
Meanwhile a senator in the Philippines who was investigating the theft has reportedly said that more than US$30 million of the stolen funds were given to a Chinese man in Manila, in cash. The Anti-Money Laundering Council in the Philippines is in the process of drafting charges against several people suspected of being involved in the theft.
Meanwhile, the New York Fed has said there is still no evidence that its systems were penetrated. It indicated that the transfer requests passed muster with SWIFT, or the Society for Worldwide Interbank Financial Telecommunication, which is the global messaging network used by banking institutions to securely send information about financial transactions. The Fed said it followed normal procedures when responding to requests that appeared to be from Bangladesh Bank, which were made and authenticated over SWIFT.
Belgian-based SWIFT, a member-owned cooperative that banks use for account transfer requests and other secure messages, declined to comment on specifics of the case. Apparently, the perpetrators of a US$100 million digital heist at Bangladesh’s central bank had deep knowledge of the institution’s internal workings, likely gained by spying on bank workers, security experts say. Security experts said that to pull off the attack, cyber criminals had to first gather information about Bangladesh Bank’s procedures for ordering transfers, so that the fraudulent requests would not raise red flags.
In addition to stealing credentials for processing transfers, the hackers likely spied on Bangladesh Bank staff to get a deep understanding of the central bank’s operations, according to experts in banking fraud.
(Subscribe to read the full story in the April 2016 issue of Safety Messenger Magazine)