Slashdot Mirror

← Back to Stories (view on slashdot.org)

$10 Router, No Firewall Blamed In $80M Bangladesh Bank Hack (reuters.com)

Posted by msmash on from the router-rapidly-routed-rupees dept.

Earlier this a year, a spelling mistake in an online bank transfer prevented nearly $1 billion heist at Bangladesh's central bank and the New York Fed. The hackers, however, still had managed to steal about $80 million. Bangladesh government blamed the New York Fed for not spotting the suspicious transactions earlier. As it turns out, they should also be taking some blame, if not all. An anonymous reader writes: Bangladesh's central bank was vulnerable to hackers because it did not have a firewall and used second-hand, $10 switches to network computers connected to the SWIFT global payment network, an investigator into one of the world's biggest cyber heists said. The shortcomings made it easier for hackers to break into the Bangladesh Bank system earlier this year and attempt to siphon off nearly $1 billion using the bank's SWIFT credentials, said Mohammad Shah Alam, head of the Forensic Training Institute of the Bangladesh police's criminal investigation department.

2 of 96 comments (clear)

  1. Re:Make the 81M come of the VP's bonus by anegg · · Score: 5, Interesting

    If I were analyzing their security, I would be much more concerned with the "no firewall" comment than how much they spent on a switch... No firewall, really? Bet they saved a lot of money not having to put that in place and monitor it....

  2. Re:Make the 81M come of the VP's bonus by rahvin112 · · Score: 5, Funny

    You are apparently unaware of how finances work in states like Bangladesh.

    1. The government apportions the appropriate money for a task assuming market. Rates
    2. Department head siphons off 5% of the money and uses it to pay for Hookers and Blow.
    3. The Department manager awards the contract to a friend who then gives them 10% of the money remaining back as cash.
    4. The department representative responsible for ensuring the requirements are met then gets his 5% remaining kickback as well to look the other way as the requirements are not met. There are various other kickbacks as well, the city inspector and other involved.
    5. The company now responsible for the implementation has lost about 25% of the total. They then taken their 50% profit and buy $10 off the shelf routers to do a job that had originally required commercial grade products with support contracts and zero day support.