Thursday, 28 Nov, 2024

Business

FireEye hired to help probe

Hacker’s typo foils BB heist

News Desk |
Update: 2016-03-10 22:09:00
Hacker’s typo foils BB heist

DHAKA: A spelling mistake in an online bank transfer instruction helped prevent a nearly $1 billion (£700 million) heist last month involving the Bangladesh central bank and the New York Fed, banking officials said.

Unknown hackers still managed to get away with about $80 million, one of the largest known bank thefts in history, reports the telegraph.co.uk

The hackers breached Bangladesh Bank's systems and stole its credentials for payment transfers, two senior officials at the bank said.

They then bombarded the Federal Reserve Bank of New York with nearly three dozen requests to move money from the Bangladesh Bank's account there to entities in the Philippines and Sri Lanka, the officials said.

Four requests to transfer a total of about $81 million to the Philippines went through, but a fifth, for $20 million, to a Sri Lankan non-profit organisation was held up because the hackers misspelled the name of the NGO, Shalika Foundation.

Hackers misspelled "foundation" in the NGO's name as "fandation", prompting a routing bank, Deutsche Bank, to seek clarification from the Bangladesh central bank, which stopped the transaction, one of the officials said.

There is no NGO under the name of Shalika Foundation in the list of registered Sri Lankan non-profits.

At the same time, the unusually high number of payment instructions and the transfer requests to private entities - as opposed to other banks - raised suspicions at the Fed, which also alerted the Bangladeshis, the officials said.

The details of how the hacking came to light and was stopped before it did more damage have not been previously reported.

Bangladesh Bank has billions of dollars in a current account with the Fed, which it uses for international settlements.

FireEye hired to help probe
FireEye Inc's Mandiant forensics division is helping investigate a cyber heist at Bangladesh's central bank last month that netted more than $80 million, people familiar with the matter said on Thursday, reports the New York Times.

The two sources said Silicon Valley-based FireEye, which has investigated some of the biggest cyber thefts on record, was brought in by World Informatix, a smaller firm that is advising Bangladesh Bank on the investigation.

World Informatix's website says it was founded by its chief executive, Rakesh Asthana, a former World Bank deputy chief information officer.

Asthana recruited Mandiant to help with the probe, according to sources who asked not be identified due to the sensitive nature of the matter.

One of those sources, a senior official with the central bank, said the US government has offered to help investigate how hackers stole funds from a Bangladesh Bank account at the New York Fed.

The source said that officials with the Federal Bureau of Investigation and US Department of Justice had held informal conversations with Bangladesh Bank about the case, one of the largest bank thefts in history.

Representatives with the FBI, US Secret Service, Department of Justice and US Treasury's Crimes Enforcement Network declined comment on the case, which became public this week, about a month after the funds were stolen.

The New York Fed has said little about what happened, except that its systems were not breached and that it has been working with the Bangladesh central bank on the investigation.

Any investigation by US authorities is likely to focus on learning how cyber criminals penetrated the central bank's network, the flow of the looted funds around the world and whether any money can be recovered.

The hackers breached Bangladesh Bank's systems and stole its credentials for payment transfers, according to an account by two senior officials at the bank.

The attackers then bombarded the New York Fed with nearly three dozen money-transfer requests over a weekend in early February.

The Fed processed four of the requests, sending a total of $81 million to accounts in the Philippines.

A fifth transfer of $20 million, to a non-profit in Sri Lanka, was stopped after a typo in the routing instructions raised suspicions, according to bank sources.

Bangladesh Bank has said it has recovered some of the stolen money, and is working with anti-money laundering authorities in the Philippines to try to recover the rest.

BDST: 0912 HRS, MAR 11, 2016
RS

All rights reserved. Sale, redistribution or reproduction of information/photos/illustrations/video/audio contents on this website in any form without prior permission from banglanews24.com are strictly prohibited and liable to legal action.