Saturday, April 23, 2016

Hackers steal $81 million from a Bangladeshi bank with no firewall... and were only caught out when the illiterate fraudsters spelt 'foundation' as 'fandation'

    Hackers thought they had made off with $81m jackpot in electronic heist Targeted the central bank of Bangladesh but were caught out by spelling The sum was one of the largest amounts stolen from a bank in history Some 20 people behind the heist and attempted to steal a further $850m

Hackers involved in one of the biggest bank robberies in history thought they had won the jackpot - until they were caught out by a simple spelling mistake.

Some 20 people are believed to be behind the £60 million heist ($81m), which targeted the central bank of Bangladesh - which has no firewall.

The hackers also attempted to steal a further £600 million ($850m) but were caught out when they spelt 'foundation' as 'fandation'. If the hackers had used a dictionary, they would have made off with nearly $1 billion.

Leading investigators in the case said the lack of security made the bank an easy target - and also makes it difficult to find out how the hackers operated, and where from.

Cyber criminals broke into Bangladesh Bank's system in early February and tried to make fraudulent transfers totalling $951 million from its account at the Federal Reserve Bank of New York. Most of the payments were blocked, but $81 million was routed to accounts in the Philippines and diverted to casinos there.

Most of those funds remain missing, and the masterminds behind the heist have yet to be identified. Bangladesh police said they had identified 20 foreigners involved in the heist but said they appear to be people who received some of the payments, rather than those who initially stole the money.

Mohammad Shah Alam, head of the Forensic Training Institute of the Bangladesh police's criminal investigation department, said it would have been 'difficult to hack if there was a firewall.' The lack of sophisticated switches - or networking devices - means it is difficult for investigators to figure out what the hackers did and where they might have been based, he added.

Experts in bank security said the findings described by Alam were disturbing. 'You are talking about an organisation that has access to billions of dollars and they are not taking even the most basic security precautions,' said Jeff Wichman, a consultant with cyber firm Optiv.

Tom Kellermann, a former member of the World Bank security team, said the security shortcomings described by Alam were 'egregious,' and that he believed there were 'a handful' of central banks in developing countries that were equally insecure.

Kellermann, now chief executive of investment firm Strategic Cyber Ventures LLC, said some banks fail to adequately protect their networks because they focus security budgets on physically defending their facilities. Bangladesh Bank has about 5,000 computers used by officials in different departments, Alam said.

He said given the importance of the room from which the funds were stolen - a window-less office in the bank's building in Dhaka - the bank should have deployed staff to monitor activity round the clock, including weekends and holidays.

When the hackers attempted to steal a further $850 million by bombarding the New York bank with dozens of transfer requests, the bank's security systems and typing errors in some requests prevented the full theft.

The central bank Governor, his two deputies and the country's top banking bureaucrat have lost their jobs over the incident and the Government has been desperately attempting to contain the damage from the scandal.

No comments:

Post a Comment