Some Bangladesh central bank officials deliberately exposed its computer systems and enabled hackers to steal $81 million from its account at the Federal Reserve Bank of New York in February, a top police investigator in Dhaka told Reuters on Monday.
The comments by Mohammad Shah Alam, head of the Forensic Training Institute of the Bangladesh police’s criminal investigation department, are the first sign that investigators have got a firm lead in one of the world’s biggest cyber heists, which had prompted months of international finger-pointing. Arrests are soon likely, he said.
On Thursday, the head of a Bangladesh government panel that investigated the heist said five bank officials were guilty of negligence but that they were only unwitting accomplices.
Alam told Reuters his investigations had discovered that some bank officials had knowingly created vulnerabilities in the bank’s connection to the SWIFT global messaging and payments system.
“Bangladesh Bank’s SWIFT network was made insecure by some bank employees in connivance with some foreign people,” he said. “They knew what they were doing.”
He declined to name the suspects or say how many there were.
Alam said investigators were now trying to find out how the mid-ranking officials were connected to the hackers and whether they benefited financially from the heist. Asked if the officials would be arrested, he said: “We are very close to it.”
The apparent momentum comes after months of trading blame among Bangladesh Bank, the New York Fed, SWIFT, and a Philippine lender that received much of the stolen funds before they disappeared. The heist prompted an international probe headed by the U.S. Federal Bureau of Investigation.
Separately SWIFT, or the Society for Worldwide Interbank Financial Telecommunication, told Reuters its messaging system has been targeted in a “meaningful” number of other attacks this year using a similar approach as the Bangladesh incident.
Bangladesh Bank spokesman Subhankar Saha declined to comment on Alam’s comments. A New York Fed spokeswoman also declined comment.
Another investigator in Dhaka, who declined to be named, said more than 100 Bangladesh Bank employees had been interviewed in connection with the heist, and some were barred from leaving the country.
In early February, the hackers used the SWIFT network to send fake orders requesting the transfer of nearly $1 billion from Bangladesh Bank’s account at the New York Fed.
Many of the transfer orders were blocked or reversed but, after a series of oversights and miscommunications, the New York Fed ultimately sent $81 million to four fake accounts in a branch of Rizal Commercial Banking Corp (RCBC) in the Philippines. Most of the funds then disappeared into Manila’s loosely regulated casino industry.
(Additional reporting and writing by Krishna N. Das and Jonathan Spicer; editing by Raju Gopalakrishnan and Phil Berlowitz)
Related:
- Bangladesh Investigators Blame Negligence of Bank Insiders for $81M Cyber Heist
- Update: Hackers Steal $31M from Russian Central & Commercial Banks
- Bank of England Beefs Up Cyber Resilience Tests for UK Banks After Tesco Hack
- Tesco Reveals $3M Was Stolen from 9,000 Customers in Recent Cyber Bank Theft
- Tesco Bank’s Cyber Attack Investigated by UK’s National Crime Agency
- Cyber Criminals Steal Money from Nearly 20,000 Customers of UK’s Tesco Bank
- U.S. Seeks Tougher Cybersecurity Standards for Banks
- UK Banks Reluctant to Report Extent of Relentless Cyber Attacks
- SWIFT Expects Cyber Attacks on Banks to Increase
- New York Proposes ‘Flexible’ Cybersecurity Regulation for Insurers, Banks
- EU Members Should Run Stress Tests for Banks’ Cyber Risks: EU Banking Chief
- Cyber Attacks on Financial Firms Up; Ransomware Attacks Way Up: Beazley
- UK Banks Ordered to Update Cyber Security After $81M Bangladesh Bank Heist
- Urgent Action Needed to Tackle Systemic Threat of Cyber Risk: Marsh & TheCityUK
- Bank of England Faces ‘Advanced, Persistent & Evolving’ Cyber Threats
- Malware Used to Steal $80M-Plus in Bangladesh Cyber Bank Heist: Officials
- Cyber Attacks On Banks More Serious Than Public Realizes
Was this article valuable?
Here are more articles you may enjoy.