What could’ve been the single largest cyber bank heist in history, was thwarted by a mere typo. Hackers breached Bangladesh’s central bank this past February and nearly succeeded in transferring $1 billion to accounts in the Philippines and Sri Lanka using an account held at the Federal Reserve Bank of New York, if not for a minor spelling mistake that alerted law enforcement.
The Bangladesh bank, which houses billions of dollars in the Federal Reserve, had its credentials hijacked, then used to initiate three dozen payment transfers from the fed to various private entities. But instead of making off with $ 1 billion, the hackers only succeeding in transferring four payments amounting to a total of $81 million.
A fifth transfer containing $20 million was to be sent to a Sri Lankan non-governmental organization called the Shalika Foundation, but the hackers incorrectly spelled the word “foundation” as “Fandation” prompting the routing bank, Deutsche bank, to conduct an audit.
Immediately after, Deutsche Bank contacted the Bangladeshi central bank and the jig was up; the remaining transactions were canceled before completion.
At the same time, the high number of requests to transfer money to private entities, rather than banks, was unusual and set off some red flags with the Federal Reserve, who then alerted the Bangladesh Central bank. The canceled transactions carried a total of $850 to $870 million.
Unfortunately for the bank, the $81 million swiped in the first four transfers has not been recovered, nor have the perpetrators been apprehended. The Bangladesh Bank believes the money was diverted into casinos once it reached the Philippines and is working with Filipino anti-money laundering authorities to try and recover the funds.
By the time the news finally broke out one month later, Bangladeshi authorities have not made any progress on whatever leads they were following, saying that there’s little to no probability of ever catching the hackers. At the same time, it may take months to recover the $81 million, if at all.
To help speed up the investigations, the Bank has recently recruited the help of FireEye Inc’s forensics division, a cybersecurity firm known for having investigated some of the most high profile cyber thefts to date. Security experts observed that the attack originated from outside of Bangaldesh, although the perpetrators displayed a keen understanding of the bank’s inner workings.
Source: Reuters
Learn more about Electronic Products Magazine