The Great Bank Heist Of Bangladesh
Institutions in the developing world are most vulnerable to attacks by hackers
Over one weekend in February, hackers managed to extract tens of millions of dollars from Bangladesh’s central bank before anyone noticed. Now the bank’s in turmoil, its governor has resigned, and much of the cash is missing.
The scheme started when intruders inserted malware into Bangladesh Bank’s system in January. With information evidently gleaned from the attack, they were able to divert funds from the bank’s account at the New York Fed using the Swift messaging system. Officials only wised up when the thieves tried to move an additional $850 million to suspect accounts, and a routing bank noticed a comical spelling error in one request. By then, some $81 million was long gone.
Central banks in the developing world, without much in the way of digital security, are especially at risk. Bangladesh had amassed some $28 billion in foreign-currency reserves, and its central bank had alarmingly lax defenses—a hacker’s dream. Also, officials at Bangladesh Bank kept quiet for more than a month and never quite got around to informing the country’s finance minister. The pilfered cash made its way across the globe.
Cybersecurity, though boring, is everyone’s responsibility. (“I am not a technical person,” the now ex-governor of Bangladesh Bank said.) All too often, malicious hacks come down to simple human error. Making better use of encryption, access controls, and strong verification systems can help, but nothing can substitute for vigilance. Preventing hackers from moving the money they’ve siphoned off requires global cooperation. The thieves in this case laundered much of the cash through casinos in the Philippines. Not coincidentally, Filipino lawmakers have exempted casinos from anti-money-laundering requirements. Tightening restrictions would be wise. But there are still far too many places where lax laws, or chaos, provide a welcome home for dirty money. <BW>