The Bangladesh Bank – the Central bank of Bangladesh, has been hacked and breached, and nearly $1 billion has been stolen by cyberthieves. They have gotten away with about $80 million, and chances of recovering them look pretty bleak.
The Bangladesh Bank has an account at the Federal Reserve Bank of New York for performing international settlements. The cyber thieves seem to have somehow penetrated and installed malware in the computer systems of the bank in Dhaka. The malware seems to have stayed dormant and the thieves observed and planned on how to steal the money.
Banks use the SWIFT messaging system for ensuring the website security of financial communication between banks. Each bank has credentials for operating, and the credentials of Bangladesh Bank could probably have been stolen and then used for placing requests with the Federal Reserve Bank of New York to transfer $1.01 billion. This was done in 5 transactions, and while 4 transactions totalling about 81 million got through, the fifth got blocked due to a typo, which led on to the discovery of the breach.
The four transactions got routed to four accounts in the Philippines belonging to Rizal Commercial Banking Corp. There had not been any activities in these accounts earlier. The money was then consolidated in a businessman’s foreign-currency accounts and then moved to casinos and a money-transfer firm. The Anti-Money Laundering Council of The Philippines has deemed this transfer as illegal and has initiated proceedings to charge those involved in the laundering activity. Till now, some of the stolen money has been recovered.
The fifth transaction of about $20 million was routed to a purported NGO in Sri Lanka. A spelling mistake in the recipient’s name made the routing bank – Deutsche Bank – to seek clarification from the Bangladesh Bank. The transaction was stopped. The Federal Reserve Bank of New York also observed the high-value transactions and became suspicious. It passed on the information to the central bank.
The days forward will let us know how the Bangladesh Central Bank breach took place. Cyber security experts pore over the events, the computer systems, possible malware infections, network and communication systems, encryption systems and the security systems to analyze what could have happened.
The blame game is on and the Bangladesh government has put the blame on the central bank for incompetent handling of the issue. The Bangladesh government has also blamed the New York Fed for observing the transactions so late. The New York Fed has however stated that hackers had not breached its system and the breach could be at the central bank’s end.
The investigators are studying other possibilities of how the hack could have taken place. The central bank’s IT infrastructure including network architecture, firewall, antimalware solutions, internet protocol, encryption and insider vulnerabilities are being studied. The encrypted SWIFT messaging system is also being investigated for possible Man-in-the-Middle (MitM) attacks. Till now it is believed that the SWIFT communication has not been breached. This is because the message transmission takes place on SwiftNet – its private IP network infrastructure, which is also end-to-end encrypted.
One other possibility could be that a user on the central bank’s network had unknowingly opened a malware-laced attachment, which could have led to installation of an advanced persistent threat (APT), or a zero-day malware. An effective virus protection software (antivirus) that sandboxes all unknown files, and a strong firewall could have prevented this attack if it had been through a malware-laced attachment. Also, another possibility could have been an insider who could have introduced the malware intentionally.
Further investigations could show how the malware had been planted inside the systems. However, the chances of tracking the cyber thieves remain quite bleak.