Hackers who stole $101mn ($137mn) from Bangladesh’s central bank stalked its computer systems for almost two weeks beforehand, according to an
interim investigation report.
Prepared for the Bangladesh Bank by cyber security firms FireEye and World Informatix, the assessment offers a tantalising glimpse into how cyber criminals can use the banks’ own
systems against them.
The cyber companies say the thieves deployed malware on servers housed at the central bank to make payments seem genuine. The report cast the unidentified hackers as a sophisticated group which sought to cover their tracks by deleting computer logs as they went.
Before making transfers, they sneaked through the network, inserting software that would allow re-entry. It was the sort of thorough operation often mounted by nation-state hackers, according to the report, but FireEye’s intelligence unit believes the group, which it has been tracking for some time, is criminal.
The heist exposed weaknesses in systems, sparked a dispute between Bangladesh’s central bank and its finance ministry, and cost the central bank governor his job less than five months before he planned to retire.
The hackers sent $81mn from the Bangladesh Bank’s account in New York to the Philippines, and another $20mn to Sri Lanka. The Federal Reserve Bank of New York blocked transactions worth
another $850mn.
A bank in Sri Lanka stopped and returned the cash, while the money in the Philippines is
still missing.
“Malware was specifically designed for a targeted attack on Bangladesh Bank to operate on Swift Alliance Access servers,” the interim report said.
Swift is a member-owned cooperative that provides international codes to facilitate payments between banks globally.
Charlie Booth from Brunswick Group, a corporate advisory firm that represents Swift, said: “We reiterate that the Swift network itself was not breached.”
Bangladesh yesterday formally sought assistance from the US Federal Bureau of Investigation to track down the crooks.
The FBI has agreed to help Bangladesh investigate the theft from the nation’s foreign reserves, authorities said yesterday, days after the finance minister accused central bank officials of complicity in the
heist.
A FBI official in Dhaka met with representatives from Bangladesh’s Criminal Investigation Department and offered to assist with the investigation into the spectacular cross-country theft.
“Both the FBI and the CID have agreed to work together since it’s a transnational organised crime and transnational criminal networks are involved,” Saiful Alam, deputy inspector general of CID, said.
There was no immediate comment from the FBI.
Police said Bangladeshi investigators were planning to travel to the Philippines, Sri Lanka and the Federal Reserve Bank of New York as part of the transnational probe into the heist.
However, investigators say local hackers were likely involved in the theft.
“We suspect some local people are involved in the crime. The names of local development projects were used in the payment advices sent to the Federal Reserve Bank,” Alam said.
“This has raised our suspicion that there could be some
local links.”
In a damning interview published on Friday, the country’s Finance Minister A M A Muhith told the Bengali-language daily Prothom Alo that Bangladesh Bank officials were “100%”
involved in the scandal.
“Of course! One hundred percent they are (involved). This cannot be possible without complicity of the locals,” the newspaper, which has the highest circulation of any in Bangladesh, quoted Muhith as saying.
Muhith said the New York bank requires hand prints and other biometric information from central bank officials to activate transactions, appearing to suggest the hackers could not have carried out the attack without inside help.
Related Story