Some Bangladesh Bank officials involved in heist, says police investigator
DHAKA — Some Bangladesh central bank officials deliberately exposed its computer systems and enabled hackers to steal $81 million from its account at the Federal Reserve Bank of New York in February, a top police investigator in Dhaka told Reuters on Monday.
The comments by Mohammad Shah Alam, head of the Forensic Training Institute of the Bangladesh police’s criminal investigation department, are the first sign that investigators have got a firm lead in one of the world’s biggest cyber heists, which had prompted months of international fingerpointing. Arrests are soon likely, he said.
On Thursday, the head of a Bangladesh government panel that investigated the heist said five bank officials were guilty of negligence but that they were only unwitting accomplices.
Alam told Reuters his investigations had discovered that some bank officials had knowingly created vulnerabilities in the bank’s connection to the SWIFT global messaging and payments system.
“Bangladesh Bank’s SWIFT network was made insecure by some bank employees in connivance with some foreign people,” he said. “They knew what they were doing.”
He declined to name the suspects or say how many there were.
Alam said investigators were now trying to find out how the mid-ranking officials were connected to the hackers and whether they benefited financially from the heist.
Asked if the officials would be arrested, he said: “We are very close to it.”
The apparent momentum comes after months of trading blame among Bangladesh Bank, the New York Fed, SWIFT, and a Philippine lender that received much of the stolen funds before they disappeared. The heist prompted an international probe headed by the US Federal Bureau of Investigation.
Bangladesh Bank spokesman Subhankar Saha declined to comment on Alam’s comments. A New York Fed spokeswoman also declined comment.
Another investigator in Dhaka, who declined to be named, said more than 100 Bangladesh Bank employees had been interviewed in connection with the heist, and some were barred from leaving the country.
In early February, the hackers used the SWIFT network to send fake orders requesting the transfer of nearly $1 billion from Bangladesh Bank’s account at the New York Fed.
Many of the transfer orders were blocked or reversed but, after a series of oversights and miscommunications, the New York Fed ultimately sent $81 million to four fake accounts in a branch of Rizal Commercial Banking Corp. (RCBC) in the Philippines. Most of the funds then disappeared into Manila’s loosely regulated casino industry.
Separately SWIFT, or the Society for Worldwide Interbank Financial Telecommunication, told Reuters its messaging system has been targeted in a “meaningful” number of other attacks this year using a similar approach as the Bangladesh incident.
The network, which handles trillions of dollars in transfers daily, has warned banks of the escalating threat to their systems, according to a SWIFT letter obtained by Reuters.
“The threat is very persistent, adaptive and sophisticated — and it is here to stay,” SWIFT said last month in a letter to client banks, which has not been previously reported. —