Hack­ers stalked Bangladesh bank for two weeks be­fore big heist

The Pak Banker - - COMPANIES/BOSS -

Hack­ers who stole $101 mil­lion from Bangladesh's cen­tral bank stalked its com­puter sys­tems for al­most two weeks be­fore­hand, ac­cord­ing to an in­terim in­ves­ti­ga­tion re­port.

Pre­pared for Bangladesh Bank by cy­ber se­cu­rity firms FireEye Inc. and World In­for­matix, the as­sess­ment of­fers a tan­ta­liz­ing glimpse into how cy­ber crim­i­nals can use banks' own sys­tems against them. The cy­ber com­pa­nies say the thieves de­ployed mal­ware on servers housed at the cen­tral bank to make pay­ments seem gen- uine. The re­port cast the uniden­ti­fied hack­ers as a so­phis­ti­cated group who sought to cover their tracks by delet­ing com­puter logs as they went. Be­fore mak­ing trans­fers they sneaked through the net­work, in­sert­ing soft­ware that would al­low re-en­try.

It's the sort of thor­ough op­er­a­tion of­ten mounted by na­tion-state hack­ers, ac­cord­ing to the re­port, but FireEye's in­tel­li­gence unit be­lieves the group, which it has been track­ing for some time, is crim­i­nal. "Th­ese threat ac­tors ap­pear to be fi­nan­cially mo­ti­vated, and well or­ga­nized," the re­port said.

Rah­man speaks af­ter res­ig­na­tion. Rah­man speaks af­ter res­ig­na­tion. Pho­tog­ra­pher: Anadolu Agency/Getty Im­ages The heist, which saw pay­ments pro­cessed through the bank's ac­counts at the U.S. Fed­eral Re­serve and money moved to the Philip­pines and Sri Lanka, was part of a big­ger at­tempt to steal nearly $1 bil­lion in to­tal from the cen­tral bank. It ex­posed weak­nesses in sys­tems, sparked a dis­pute be­tween Bangladesh's cen­tral bank and its fi­nance min­istry and cost the cen­tral bank gov­er­nor, Atiur Rah­man, his job less than five months be­fore he planned to re­tire. The hack­ers sent $81 mil­lion from Bangladesh Bank's ac­count in New York to the Philip­pines, and an­other $20 mil­lion to Sri Lanka. The Fed­eral Re­serve Bank of New York blocked trans­ac­tions worth an­other $850 mil­lion. A bank in Sri Lanka stopped and re­turned the cash, while the money in the Philip­pines is still miss­ing, lead­ing to a Se­nate probe that is riv­et­ing the na­tion.

"Mal­ware was specif­i­cally de­signed for a tar­geted at­tack on Bangladesh Bank to op­er­ate on SWIFT Al­liance Ac­cess servers," the in­terim re­port said. Those servers are op­er­ated by the bank but run the SWIFT in­ter­face, and the re­port makes it clear the breach stretches into other parts of the bank's net­work as well. "The se­cu­rity breach of the SWIFT en­vi­ron­ment is part of a much larger breach that is cur­rently un­der in­ves­ti­ga­tion."

SWIFT is a mem­ber-owned co­op­er­a­tive that pro­vides in­ter­na­tional codes to fa­cil­i­tate pay­ments be­tween banks glob­ally. It can't com­ment on the in­ves­ti­ga­tion, ac­cord­ing to Char­lie Booth from Brunswick Group, a cor­po­rate ad­vi­sory firm that rep­re­sents SWIFT. "We re­it­er­ate that the SWIFT net­work it­self was not breached," Booth said in an e-mail. "There is a full in­ves­ti­ga­tion un­der­way, on what ap­pears to be a spe­cific and tar­geted at­tack on the vic­tim's lo­cal sys­tems." SWIFT said last week its "core mes­sag­ing ser­vices were not im­pacted by the is­sue and con­tin­ued to work as nor­mal." Ded­i­cated servers run­ning the SWIFT sys­tem are lo­cated in the back of­fice of the Ac­counts and Bud­get­ing Depart­ment of Bangladesh Bank. They are con­nected with three ter­mi­nals for pay­ment com­mu­ni­ca­tions.

Pa­trick Neighorn, a spokesman for FireEye, de­clined to com­ment on the re­port or the in­ves­ti­ga­tion. An e-mail to Rakesh Asthana, man­ag­ing di­rec­tor of World In­for­matix, wasn't im­me­di­ately re­turned. A call to the com­pany's of­fice wasn't an­swered.

Newspapers in English

Newspapers from Pakistan

© PressReader. All rights reserved.