Slashdot Mirror

← Back to Stories (view on slashdot.org)

Some Bangladesh Bank Officials Involved In Heist, Says Investigator (reuters.com)

Posted by msmash on from the how-it-all-happened dept.

Ruma Paul, reporting for Reuters: Some Bangladesh central bank officials deliberately exposed its computer systems and enabled hackers to steal $81 million from its account at the Federal Reserve Bank of New York in February, a top investigator in Dhaka told Reuters on Monday. The comments by Mohammad Shah Alam of the Dhaka police are the first sign that investigators have got a firm lead in one of the world's biggest cyber heists. Arrests are soon likely, he said. On Thursday, the head of a Bangladesh government panel that investigated the heist said five bank officials were guilty of negligence but that they were only unwitting accomplices. Alam told Reuters his investigations had discovered that some bank officials had knowingly created vulnerabilities in the bank's connection to the SWIFT system, used for global transactions.Early this year, hackers targeted Bangladesh's central bank to get away with $1bn. At the time, it was reported that the gang behind the raid used stolen credentials to make requests to transfer cash look legitimate. If all the requests had gone unchallenged, the gang would have got away with about $1bn. However, the transfers were stopped when the volume of requests raised suspicions at other banks.

4 of 26 comments (clear)

  1. Amateurs... by Ecuador · · Score: 3, Insightful

    Amateurs... If they had only been collecting the rounding errors from the transactions they would have eventually pulled that cool $1bn without anyone knowing...

    --
    Violence is the last refuge of the incompetent. Polar Scope Align for iOS
  2. Obvious from the beginning by AchilleTalon · · Score: 2

    That was obvious from the beginning there was some kind of in side collaboration to crack the Swift network. This is not possible otherwise and it was surely not a security problem with the router as many said in February that may have open the door. Everything is encrypted from the beginning, there is nothing gain from a router hack if you don't already have the encryption keys.

    --
    Achille Talon
    Hop!
  3. Re:Heard of "Check 21"? by AchilleTalon · · Score: 2

    They were transfering funds from their own account. There was nothing else to check for. They were authorized to make the transfer with their own (well, not their own, but the bank) money. I guess they believed they could held the Federal Reserve in New York responsible for a security hole or they believed they could vanish in the sky with the money before being catched. But in either case, it wasn't an insufficient funds or illegal instruments case. They were perfectly legit to make the transfer since they were accessing their own Swift account and network to transfer funds from their own accounts.

    --
    Achille Talon
    Hop!
  4. Vulnerabilities in bank's connection to the SWIFT by khz6955 · · Score: 2

    "some bank officials had knowingly created vulnerabilities in the bank's connection to the SWIFT system, used for global transactions."

    I thought the vulnerabilities were introduced by emailing them malware that reprogrammed their Windows desktops to perform unauthrorzed transactions and prevented the Oracle database from printing out an acknowlegment of the transactions. The hack consisted of altering two bytes in a running Windows process.