Thursday, March 28, 2024 | Ramadan 17, 1445 H
broken clouds
weather
OMAN
23°C / 23°C
EDITOR IN CHIEF- ABDULLAH BIN SALIM AL SHUEILI

Bangladesh doubts insiders’ role in bank job

884018
884018
minus
plus

DHAKA: A top investigator into the electronic theft of $81 million from the Bangladesh central bank is turning his attention to some IT technicians from the bank whom he suspects hooked up its transactions system to the public Internet, giving hackers access.


In a series of interviews this month, Mohammad Shah Alam, a Bangladesh police deputy inspector general who is heading investigations in Dhaka, went into some detail about how insiders at Bangladesh Bank may have helped in the execution of one of the world’s biggest cyber-heists last February.


For instance, Alam said he was focusing on why a password token protecting the SWIFT international transactions network at Bangladesh Bank was left inserted in the SWIFT server for months leading up to the heist. It is supposed to be removed and locked in a secure vault after business hours each day.


The failure to remove the token allowed hackers to enter the system when it was not being monitored, first to infect it with malware and then to issue fake transfer orders, he said.


Alam’s comments follow months of assertions by Bangladesh authorities that central bank officials were guilty of nothing more than negligence in the heist, in which hackers moved money out of the bank’s account at the Federal Reserve Bank of New York and sent it to individual accounts in the Philippines.


He declined to name any of the suspects. No one has been arrested and Alam did not provide any further evidence to back up his assertions.


Nearly 11 months since the audacious robbery that undermined confidence in the global SWIFT transactions system and sent tremors through the global financial community, there is no sign if any of the half-a-dozen investigating agencies involved are close to cracking the case. No suspects in the Bangladesh central bank had been arrested, Alam said, because investigations were incomplete. They were under watch and their movements monitored, but he was awaiting “specific information” on any communications they may have had with the hackers or with those who received the funds.


Help has been sought from police in the Philippines, Japan, Sri Lanka and China, countries where the hackers are believed to have links, he said.


Bangladesh police had previously blamed a group of contractors hired by the SWIFT transactions network for making its computer system vulnerable, a charge denied by the Belgium-based cooperative.


Alam said the investigation had instead shown that central bank IT technicians were most likely to have provided the inside help.


Alam said he believed the IT technicians connected the Bangladesh central bank’s SWIFT network to the public Internet last year while linking the network to the bank’s domestic payments system, the Real Time Gross Settlement System (RTGS). SWIFT is used only for international transactions.


The work on linking SWIFT to the RTGS was supervised by SWIFT contractors but carried out by Bangladesh Bank technicians, Alam and a bank official said.


It was not known who was responsible for leaving the token that was supposed to protect the SWIFT system inserted in the server, Alam added. At least half-a-dozen bank officials shared responsibility for safekeeping of the token, he said. Once in the system, the hackers introduced six types of malware which captured keystrokes and screenshots and also delayed detection of fraudulent transactions, according to a report by Fireye Inc’s Mandiant forensics division, which investigated the heist.


On the evening of February 4, the hackers initiated fake transfer orders which sought to move nearly $1 billion from Bangladesh Bank’s account at the New York Fed, mostly to accounts at the Philippines-based Rizal Commercial Banking Corp (RCBC).


They needed two types of passwords to carry out the transactions — the hardware token and additional credentials used by bank officials. These password credentials were either given to them by someone or were captured from previous transactions by the malware that logged keystrokes, Alam said. Many of the transfer orders initiated by the hackers were blocked or reversed by intermediary banks, but $81 million made it to accounts in fake names at RCBC. Most of the funds then disappeared into Manila’s loosely regulated casino industry and have not been tracked down since. — Reuters


SHARE ARTICLE
arrow up
home icon