Bangladesh Bank robbery
Bangladesh Bank robbery
The Bangladesh Bank robbery, also known colloquially as the Bangladesh Bank heist, took place in February 2016, when instructions to steal US$951 million from Bangladesh Bank, the central bank of Bangladesh, were issued via the SWIFT network. Five transactions issued by hackers, worth $101 million and withdrawn from a Bangladesh Bank account at the Federal Reserve Bank of Fresh York, succeeded, with $20 million traced to Sri Lanka (since recovered) and $81 million to the Philippines (about $Legal million recovered). [1] The Fresh York Fed blocked the remaining thirty transactions, amounting to $850 million, at the request of Bangladesh Bank. [Two] It was identified later that Dridex malware was used for the attack. [Trio]
Contents
The two thousand sixteen cyber-attack on the Bangladesh Central bank was not the very first attack of its kind. In this “cyber heist”, thieves attempted to illegally transfer US$951 million to several fictitious bank accounts around the world. In 2013, the Sonali Bank of Bangladesh was also successfully targeted by hackers who were able to cart away US$250,000. In 2015, two other hacking attempts were recorded, a $12 million theft from Banco del Austro in Ecuador in January and an attack on Vietnam’s Tien Phong Bank in December that was not successful. In all these cases, the perpetrators are suspected to have been aided by insiders within the targeted banks, who assisted in taking advantage of weaknesses within the SWIFT global payment network. [Four] [Five]
Capitalizing on weaknesses in the security of the Bangladesh Central Bank, including the possible involvement of some of its employees, [6] perpetrators attempted to steal $951 million from the Bangladesh central bank’s account with the Federal Reserve Bank of Fresh York sometime inbetween February 4–5 when Bangladesh Bank’s offices were closed. The perpetrators managed to compromise Bangladesh Bank’s computer network, observe how transfers are done, and build up access to the bank’s credentials for payment transfers. They used these credentials to authorise about three dozen requests to the Federal Reserve Bank of Fresh York to transfer funds from the account Bangladesh Bank held there to accounts in Sri Lanka and the Philippines.
Thirty transactions worth $851 million were flagged by the banking system for staff review, but five requests were granted; $20 million to Sri Lanka (later recovered [7] [8] ), and $81 million lost to the Philippines, coming in the Southeast Asian country’s banking system on February Five, 2016. This money was laundered through casinos and some later transferred to Hong Kong.
Attempted fund diversion to Sri Lanka Edit
The $20 million transfer to Sri Lanka was intended by hackers to be sent to the Shalika Foundation, a Sri Lanka-based private limited company. The hackers misspelled “Foundation” in their request to transfer the funds, spelling the word as “Fundation”. This spelling error gained suspicion from Deutsche Bank, a routing bank which put a halt to the transaction in question after seeking clarifications from Bangladesh Bank. [7] [9] [Ten]
Sri Lanka-based Pan Asia Bank primarily took notice of the transaction, with one official noting the transaction as too big for a country like Sri Lanka. Pan Asia Bank was the one which referred the anomalous transaction to Deutsche Bank. The Sri Lankan funds have been recovered by Bangladesh Bank. [7]
Funds diverted to the Philippines Edit
The money transferred to the Philippines was deposited in five separate accounts with the Rizal Commercial Banking Corporation (RCBC); the accounts were later found to be under fictitious identities. The funds were then transferred to a foreign exchange broker to be converted to Philippine pesos, returned to the RCBC and consolidated in an account of a Chinese-Filipino businessman; [11] [8] the conversion was made from February five to 13, 2016. [12] It was also found that the four U.S. dollar accounts involved were opened at the RCBC as early as May 15, 2015, remaining untouched until February Four, 2016, the date the transfer from the Federal Reserve Bank of Fresh York was made. [12]
On February 8, 2016, during the Chinese Fresh Year, Bangladesh Bank through SWIFT informed RCBC to stop the payment, refund the funds, and to “freeze and put the funds on hold” if the funds had already been transferred. Chinese Fresh Year is a non-working holiday in the Philippines and a SWIFT message from Bangladesh Bank containing similar information was received by RCBC only a day later. By this time, a withdrawal amounting to about $58.15 million had already been processed by RCBC’s Jupiter Street (in Makati City) branch. [12]
On February 16, the Governor of Bangladesh Bank requested Bangko Sentral ng Pilipinas’ assistance in the recovery of its $81 million funds, telling that the SWIFT payment instructions issued in favor of RCBC on February Four, two thousand sixteen were fraudulent. [12]
Bangladesh Edit
Primarily, Bangladesh Bank was uncertain if its system had been compromised. The governor of the central bank engaged World Informatix Cyber Security, a US based rock-hard, to lead the security incident response, vulnerability assessment and remediation. World Informatix Cyber Security brought in the leading forensic investigation company Mandiant, a FireEye company, for the investigation. These cyber security experts found “footprints” and malware of hackers, which suggested that the system had been breached. The investigators also said that the hackers were based outside Bangladesh. An internal investigation has been launched by Bangladesh Bank regarding the case. [7]
The Bangladesh Bank’s forensic investigation found out that malware was installed within the bank’s system sometime in January 2016, and gathered information on the bank’s operational procedures for international payments and fund transfers. [12]
The investigation also looked into an unsolved two thousand thirteen hacking incident at the Sonali Bank, wherein US$250,000 was stolen by still unidentified hackers. According to reports, just as in the two thousand sixteen Central Bank hack, the theft also used fraudulent fund transfers using the SWIFT International Payment Network. The incident was treated by Bangladeshi police authorities as a cold-case until the suspiciously similar two thousand sixteen Bangladesh Central Bank robbery. [13]
Philippines Edit
The Philippines’ National Bureau of Investigation (NBI) launched a probe and looked into a Chinese-Filipino who allegedly played a key role in the money laundering of the illicit funds. The NBI is coordinating with relevant government agencies including the country’s Anti-Money Laundering Council (AMLC). The AMLC commenced its investigation on February Nineteen, two thousand sixteen of bank accounts linked to a junket operator. [12] AMLC has filed a money laundering complaint before the Department of Justice against a RCBC branch manager and five unknown persons with fictitious names in connection with the case. [14]
A Philippine Senate hearing was held on March 15, 2016, led by Senator Teofisto Guingona III, head of the Blue Ribbon Committee and Congressional Oversight Committee on the Anti-Money Laundering Act. [15] A closed-door hearing was later held on March 17. [16] Philippine Amusement and Gaming Corporation (PAGCOR) has also launched its own investigation. [7] On August 12, 2016, RCBC was reported to have paid half of the P1 billion penalty imposed by the Central Bank of the Philippines. [17] Prior to that, the bank reorganized its board of directors by enhancing the number of independent directors to seven from the previous Four. [Legal]
United States Edit
FireEye’s Mandiant forensics division and World Informatix Cyber Security, both US-based companies, are investigating the hacking case. According to investigators, the perpetrators’ familiarity with the internal procedures of Bangladesh Bank was very likely gained by spying on its workers. In a separate report, the US Federal Bureau of Investigation (FBI) says that Agents have found evidence pointing to at least one bank employee acting as an accomplice, with evidence pointing to several more people as possibly assisting hackers in navigate the Bangladesh Bank’s computer system. [Nineteen] The government of Bangladesh is considering suing the Federal Reserve Bank of Fresh York in a bid to recover the stolen funds. [7]
FBI suspicion of North Korea
Federal prosecutors in the United States have exposed possible links inbetween the government of North Korea and the theft. [20] U.S. prosecutors are reportedly at work building potential cases that would accuse North Korea of directing the theft of $81 million from Bangladesh Bank’s account at the Federal Reserve Bank of Fresh York. The report also said that to be included in the charges are “alleged Chinese middlemen,” who facilitated the transfer of the funds after it had been diverted to the Philippines. [21]
Some security companies, including Symantec Corp. and BAE Systems Plc, say that the North Korea-based Lazarus, one of the world’s most active state-sponsored hacking collectives, were very likely behind the attack. They cite similarities inbetween the methods used in the Bangladesh heist and those in other cases, such as the hack of Sony Pictures Entertainment Inc. in 2014, which U.S. officials also attributed to North Korea. Cybersecurity experts say Lazarus was also behind the WannaCry ransomware attack in May that infected hundreds of thousands of computers around the world [22] .
Some or all of the stolen funds may eventually have found its way to North Korea. The FBI is examining the totalitarian state’s link to the hack, according to two officials with direct skill of the investigation [23] .
US National Security Agency Deputy Director Rick Ledgett was also quoted as telling that, “If that linkage from the Sony actors to the Bangladeshi bank actors is accurate — that means that a nation state is robbing banks.” [24]
Other attacks Edit
Computer security researchers have linked the theft to as many as eleven other attacks, and alleged that North Korea had a role in the attacks, which, if true, would be the very first known incident of a state actor using cyberattacks to steal funds. [25] [26]
