Bangladesh Bank’s cyber security system has been challenged greatly by the hackers who stole $ 101 million from its foreign currency reserve account with the Federal Reserve Bank of New York leading to one of the biggest cyber heists in recent history. The incident took place on Feb 5, but Bangladesh Bank authority deliberately concealed the mishap from public until inquirer.net, a leading news website in the Philippines, revealed the news. Hackers managed to steal $ 101 million in total from which they transferred $ 81 million to Rizal Commercial Banking Corp (RCBC) in Philippines and $ 20 million to Pan Asia Banking in Srilanka. They also tried to steal another $ 860 million but The Federal Reserve halted the payment as it seemed to be suspicious to the Bank’s authority.
Bangladesh Bank requested Pan Asia Banking to cancel the payment of $20 million to its beneficiary and give the funds back to Bangladesh’s account with the Fed in New York. The $20 million transfer to Pan Asia Banking raised alarms because of its size and a typo in the beneficiary’s name, according to Nalaka Wijayawardana, deputy general manager of marketing at the bank. Pan Asia Banking then remitted the funds back to Bangladesh Bank’s account in New York via Deutsche Bank around Feb. 17. But the $81 million that entered the Philippine banking system was credited to beneficiary accounts with Rizal Bank and eventually withdrawn. There is little hope to get that money back as it has went to the black hole of money system.
Bangladesh Bank has currently $ 28 billion in foreign currency reserve in different Banks including The Federal Reserve. Due to having low firewall protection against cyber threat, it’s become a victim of cyber heist easily. Malicious software code, known as malware, had been introduced into Bangladesh Bank’s systems in January without the knowledge of the bank’s information systems staff, according to an official familiar with the Bangladesh Bank investigation. The hackers struck the systems on Feb. 4, said the official.
Zubair Bin Huda, a joint director of Bangladesh Bank, found the printer tray empty when he looked on the morning of Feb. 5 for confirmations of SWIFT financial transactions that are normally printed automatically overnight. He then tried and failed to print out the messages manually from the SWIFT system, according to his complaint to police, the first step needed to start an official investigation.
“We thought it was a common problem just like any other day,” Huda said in the complaint.
Because it was a Friday – a weekend in Muslim-majority Bangladesh – Huda left the office around 11:15 a.m. and asked his colleagues to help fix the problem. It took them more than 24 hours before they could manually print the receipts, which revealed dozens of questionable transactions that sent the bank racing to stop cash from leaving its account with the Federal Reserve Bank of New York to the Philippines, Sri Lanka and beyond.
Proloy Kumar Saha, an inspector of Motijheel Police Station where the complaint was filed, confirmed the details and said it was being transferred to the Criminal Investigation Department. Huda is not a suspect in the case and didn’t accuse anyone of wrongdoing in the document, known as a First Information Report. He didn’t respond to multiple phone calls.
On Saturday, Feb. 6, Huda noticed that the software on the terminal connecting to the SWIFT system wasn’t responding. When an attempt was made to restart the terminal, a message flashed: “A file is missing or changed,” according to the complaint.
By 12.30 p.m., Huda and his team had managed to get the terminal started. While the automatic printing system still didn’t work, they managed to print them manually. What they found surprised them: The receipts show the Federal Reserve Bank of New York sent back queries to Bangladesh Bank against 46 payment orders in different messages, according to the complaint.
“At our end, we did not find any debit confirmation in our system against those payment orders,” Huda said.
Sensing a much bigger problem than a computer glitch, Bangladesh Bank contacted SWIFT to help them analyze the transactions. It also e-mailed and faxed the Federal Reserve Bank of New York, where it kept an account, with a stop order for all unauthorized payments until further notice, Huda told police.
Over Saturday and Sunday, Bangladesh Bank failed to reach officials in New York by phone. But by that time it was also a weekend in the U.S., and nobody was available.
By Monday, Feb. 8, the central bank’s connection to the SWIFT system was back up and running. Bank officials then discovered that four unauthorized SWIFT messages were sent indicating that $101 million was transferred to the Philippines and Sri Lanka.
Suggestions were made that the problem might lie with the SWIFT or the Society for Worldwide Interbank Financial Telecommunication that provides a very secure financial encrypted messaging system through which orders are placed across the globe. The Federal Reserve (Fed) was blamed for allowing the transactions.
However, the Fed has categorically said its system was not compromised. And SWIFT issued a statement on Friday which also indicates that it is not its system rather that of the Bangladesh Bank that is in question.
Hackers who stole $101 million from Bangladesh’s central bank stalked its computer systems for almost two weeks beforehand, according to an interim investigation report.
Prepared for Bangladesh Bank by cyber security firms FireEye Inc. and World Informatix, the assessment offers a tantalizing glimpse into how cyber criminals can use banks’ own systems against them. The cyber companies say the thieves deployed malware on servers housed at the central bank to make payments seem genuine.
The report cast the unidentified hackers as a sophisticated group who sought to cover their tracks by deleting computer logs as they went. Before making transfers they sneaked through the network, inserting software that would allow re-entry.
It’s the sort of thorough operation often mounted by nation-state hackers, according to the report, but FireEye’s intelligence unit believes the group, which it has been tracking for some time, is criminal. “These threat actors appear to be financially motivated, and well organized,” the report said.
The heist, which saw payments processed through the bank’s accounts at the U.S. Federal Reserve and money moved to the Philippines and Sri Lanka, was part of a bigger attempt to steal nearly $1 billion in total from the central bank. It exposed weaknesses in systems, sparked a dispute between Bangladesh’s central bank and its finance ministry and cost the central bank governor, Atiur Rahman, his job less than five months before he planned to retire.
“Malware was specifically designed for a targeted attack on Bangladesh Bank to operate on SWIFT Alliance Access servers,” the interim report said. Those servers are operated by the bank but run the SWIFT interface, and the report makes it clear the breach stretches into other parts of the bank’s network as well. “The security breach of the SWIFT environment is part of a much larger breach that is currently under investigation.”
Atiur Rahman resigned as Bangladesh’s central bank governor on Tuesday, saying he took moral responsibility after failing to immediately inform the Finance Ministry of the theft. He denied any wrongdoing, and said he had notified intelligence agencies of the crime. Two of his deputies were also removed. Bangladesh on Wednesday appointed career bureaucrat Fazle Kabir as his replacement.
Mohammed Farashuddin, former governor of Bangladesh Bank, will lead a three-member team to investigate the heist, Bangladesh’s Finance Ministry says in a notice on Tuesday. It will investigate how the funds where stolen, who received the cash and why the central bank waited to inform the government. They will have to submit an interim report in 30 days and a full report in 75 days, it said.
Technological failure probably has cost the governor his job who is popularly known as “poor man’s economist” and earned the name Asia’s central banker of the year on 2015. The case has prompted central banks around the globe to examine cyber security measures. It has also led to the resignation of Bangladesh’s central bank governor and put money laundering in the Philippines under scrutiny.
As the vulnerability of cyber security of Bangladesh Bank has been exposed through global media coverage, it can become hacker’s ideal destination for stealing money in future. So this is certainly the wake up call for the banking Sector of Bangladesh as well as for the whole world.
Md. Nahidujjaman is undergrad student of Economics at the University of Dhaka.