In what could be the largest ever and the most audacious bank raids in history, the central bank of Bangladesh was duped $101 million in a cyber heist. This has left the bank officials from Bangladesh to New York arguing over the security set up in banks.
Hackers allegedly masqueraded as Bangladeshi officials to submit a series of requests for the New York Federal Reserve to transfer large tranches of money from its account there after the managed to breach the Bangladesh central bank's security system.
Bangladesh Bank said that a total of $101 million, of which $20 million went to a Sri Lankan bank, was wrongly transmitted. Suspicions over the authenticity of the transfers were raised by the last payment to Sri Lanka.
"The Sri Lankan bank did not disburse it immediately and we could recover the full amount. The remaining $81m was transmitted to a few accounts of a Philippine bank," the central bank said. The bank added that the relevant bank accounts in Philippines have been already frozen as the anti-money laundering authorities in the Philippines were co-operating with Bangladesh authorities.
The central bank said that the incident is being investigated by a forensic team that is headed by an experienced cyber expert, who had worked at the World Bank and is currently employed as an "IT governance specialist" on a Bangladesh Bank project.
"We have confidence the stolen funds will be recovered in full," the Banladehs central bank said.
Given the potential windfall they can make if just one of their attempts succeeds, central banks are ripe targets for criminal groups.
There is a growing dispute over who is to blame for allowing the transfers even as the money may ultimately be recovered.
The Bangladesh government was considering filing a case against the New York Fed, said Abul Maal Abdul Muhith, Bangladesh's finance minister in Dhaka this week and that he was also surprised by the failure of his own country's central bank to report the crime.
He first learned of the scam from press reports, the minister said adding that the Fed officials "cannot avoid their responsibility in any way".
"Bangladesh Bank authorities did not inform [us] of the matter," he said.
The transfers were made after it followed protocol and its systems were not hacked, said a spokesperson for the NY Fed.
"To date, there is no evidence of any attempt to penetrate Federal Reserve systems in connection with the payments in question, and there is no evidence that any Fed systems were compromised," said the Fed spokesperson.
"The payment instructions in question were fully authenticated by the SWIFT messaging system in accordance with standard authentication protocols. The Fed has been working with the central bank since the incident occurred, and will continue to provide assistance as appropriate," the spokesperson added.
Before $1bn could be stolen from the account, other transfers were reportedly attempted, but were ultimately stopped.
The cyber criminals were ultimately stopped when they made a spelling mistake in one of their transfer instructions said Bangladesh banking officials. A Sri Lankan non-governmental organization was misspelled by the hackers who wrote "foundation" as "fandation".
Reuters reported that this aroused the suspicion of and prompted a routing bank to query the transaction and led to the crime being stopped.
"Spoofing" email accounts and impersonating individuals, company executives and others into transferring money offshore is a regular habit of cyber criminals. In the past the US financial sector has been targeted by cyber criminals.
US authorities announced charges against several individuals who were allegedly involved in a securities fraud scheme last year and JPMorgan Chase was hacked in 2014. US prosecutors have also charged a UK citizen for hacking into the Federal Reserve and stealing sensitive personal information and other US government agencies.
(Source:www.cnbc.com)
Hackers allegedly masqueraded as Bangladeshi officials to submit a series of requests for the New York Federal Reserve to transfer large tranches of money from its account there after the managed to breach the Bangladesh central bank's security system.
Bangladesh Bank said that a total of $101 million, of which $20 million went to a Sri Lankan bank, was wrongly transmitted. Suspicions over the authenticity of the transfers were raised by the last payment to Sri Lanka.
"The Sri Lankan bank did not disburse it immediately and we could recover the full amount. The remaining $81m was transmitted to a few accounts of a Philippine bank," the central bank said. The bank added that the relevant bank accounts in Philippines have been already frozen as the anti-money laundering authorities in the Philippines were co-operating with Bangladesh authorities.
The central bank said that the incident is being investigated by a forensic team that is headed by an experienced cyber expert, who had worked at the World Bank and is currently employed as an "IT governance specialist" on a Bangladesh Bank project.
"We have confidence the stolen funds will be recovered in full," the Banladehs central bank said.
Given the potential windfall they can make if just one of their attempts succeeds, central banks are ripe targets for criminal groups.
There is a growing dispute over who is to blame for allowing the transfers even as the money may ultimately be recovered.
The Bangladesh government was considering filing a case against the New York Fed, said Abul Maal Abdul Muhith, Bangladesh's finance minister in Dhaka this week and that he was also surprised by the failure of his own country's central bank to report the crime.
He first learned of the scam from press reports, the minister said adding that the Fed officials "cannot avoid their responsibility in any way".
"Bangladesh Bank authorities did not inform [us] of the matter," he said.
The transfers were made after it followed protocol and its systems were not hacked, said a spokesperson for the NY Fed.
"To date, there is no evidence of any attempt to penetrate Federal Reserve systems in connection with the payments in question, and there is no evidence that any Fed systems were compromised," said the Fed spokesperson.
"The payment instructions in question were fully authenticated by the SWIFT messaging system in accordance with standard authentication protocols. The Fed has been working with the central bank since the incident occurred, and will continue to provide assistance as appropriate," the spokesperson added.
Before $1bn could be stolen from the account, other transfers were reportedly attempted, but were ultimately stopped.
The cyber criminals were ultimately stopped when they made a spelling mistake in one of their transfer instructions said Bangladesh banking officials. A Sri Lankan non-governmental organization was misspelled by the hackers who wrote "foundation" as "fandation".
Reuters reported that this aroused the suspicion of and prompted a routing bank to query the transaction and led to the crime being stopped.
"Spoofing" email accounts and impersonating individuals, company executives and others into transferring money offshore is a regular habit of cyber criminals. In the past the US financial sector has been targeted by cyber criminals.
US authorities announced charges against several individuals who were allegedly involved in a securities fraud scheme last year and JPMorgan Chase was hacked in 2014. US prosecutors have also charged a UK citizen for hacking into the Federal Reserve and stealing sensitive personal information and other US government agencies.
(Source:www.cnbc.com)
