Sunday, April 3, 2016

Bangladesh Bank fund heist

Bangladesh Bank lost $101 millions from its forex reserve of Federal reserve bank of Neywork in February 2016. Its the biggest central bank's reserve fund heist and probably the first one set up by malware.

 5 orders and 2 destinations:
 Total 5 orders carried out from 35 orders by thehackers.
$20M traced to Sri Lanka (since recovered) and $81M to the Philippines. The international transfer desk of the intermediate bank, Deustche Bank, blocked a further $850 million in 35 transactions.



  The hacking procedure:
Hackers or insiders (the old snakes) attempted to steal $951 million from BB's account in Federal Reserve Bank of New York. The thieves chose a suitable time when Bangladesh Bank's offices were closed, sometime between February 4-5. The perpetrators injected malwares or spywares [briefly described in my recent novel 'Hemonter parod'] and managed to compromise Bangladesh Bank's system, to observe how transfers are done, and gained access to the bank's credentials for payment transfers, which they used to send about three dozen requests to the FedBank to transfer funds to Sri Lanka and the Philippines. 35 transactions worth $851 million transfer were prevented by the banking system but five requests were granted; $20M to Sri Lanka (later recovered), and $81 million lost to the Philippines on February 5, 2016. This money was laundered through casinos and some later transferred to Hong Kong.

The hackers entered Bangladesh Bank's network system breaking their ancient firewalls in secret. Malwares are adept in hiding their existence from anything, operating systems can't recognize even latest anti-malware programs can't detect them. The hackers used those latest malwares [later its disclosed that the hackers got the malwares ordered to attack]


  Srilanka's transfer reversed:
The $20 million fund to Sri Lanka, was transferred to Shalika Foundation, a SriLanka-based non profit organization. The hackers misspelled "foundation" in their request to transfer the funds, spelling the word as "fandation". This spelling error gained suspicion from Deutsche Bank, a routing bank which put a halt to the transaction in question after seek clarifications from Bangladesh Bank.
Later the fund was recovered succeffully. BB was lucky for the spelling mistake, else more disaster may ensue.


  Philippines' transfer converted into Peso:
The money transferred to the Philippines was deposited in five separate accounts with the Rizal Commercial Banking Corporation (RCBC). The funds were then converted to Philippine pesos, returned to the RCBC and consolidated to an account of a Chinese-Filipino businessperson. The conversion was made from February 5 to 13, 2016. The four U.S. dollar accounts involved were opened with the RCBC in May 15, 2015 with a view for this theft, which remained untouched until February 4, 2016.

After 4 days vacation BB returned from hibernation on 8th feb, and contacted both Swift & Rcbc to hold the transaction. But $58.15 million was already withdrawn by RCBC's Jupiter Street Branch, branch manager didn't bother Rcbc's order for hold on the accounts.


  Investigation in Philippines:
The National Bureau of Investigation (NBI) launched an investigation and looked into a Chinese-Filipino who allegedly played a key role in the money laundering of the illicit funds. The NBI is coordinating with relevant government agencies including the Anti-Money Laundering Council (AMLC).


  After stealing:
Bangladesh Bank chief governor Atiur Rahman resigned from his post amid the current investigation into money laundering on March 15, 2016. Before the resignation was made public, Rahman stated that he would resign for the sake of his country.


  Few questions and obviously no answer:
1. The theft occurred on friday, public holiday. 8 workers alias IT section employees discovered that all computers & printers connected to Swift account are malfunctioned and they failed to start them.
They stayed there for the whole day, nobody knows what they did in 8 long hours. Either they never alerted the bank or the high command never felt anything to do.
After 24 hours, on saturday BB learned about the pathetic transactions and contacted Federal reserve bank. Atleast they informed only after 24 hours of the transaction!
If the requests were sent immediately or on friday
 then either the transactions could be stopped or reversed back to BB's account. All payment gateways do hold transactions for some specified time for authenticity.

2. BB hibernated for 4 days from 4th to 8th february. On 8th feb they requested Philipines bank to halt the fund, but it was pretty late. What did BB roll in these 4 days?

3. After this ground-breaking history, BB never felt any need to inform the government or ministry. This is the biggest joke of the month!
 The hacking news flashed by 25th feb in Philipine's newspapers, then everybody knew what happened. If it was not published then I'm sure nobody could know a word about the theft.
BB governor Atiur Rahman never felt the need to inform Finmin or even PM about the scandal, hid it for 1 long month!

No comments: