How A Hacker's Typo Helped Stop A Billion Dollar Bank Heist | HuffPost Life - Action News
Home WebMail Tuesday, November 5, 2024, 05:47 AM | Calgary | 0.6°C | Regions Advertise Login | Our platform is in maintenance mode. Some URLs may not be available. |
  • No news available at this time.
Posted: 2016-03-10T10:00:45Z | Updated: 2016-03-10T10:36:08Z How A Hacker's Typo Helped Stop A Billion Dollar Bank Heist | HuffPost Life

How A Hacker's Typo Helped Stop A Billion Dollar Bank Heist

The hackers still managed to get away with about $80 million, making it one of the largest known bank thefts in history.
|

DHAKA, March 10 (Reuters) - A spelling mistake in an online bank transfer instruction helped prevent a nearly $1 billion heist last month involving the Bangladesh central bank and the New York Fed, banking officials said.

Unknown hackers still managed to get away with about $80 million, one of the largest known bank thefts in history.

Open Image Modal
ASSOCIATED PRESS
The hackers bombarded the Federal Reserve Bank of New York with nearly three dozen requests to move the money they stole, officials said.

The hackers breached Bangladesh Bank's systems last month and stole its credentials for payment transfers, two senior Bangladesh Bank officials said.

They then bombarded the Federal Reserve Bank of New York with nearly three dozen requests to move money from the Bangladesh bank's account there to entities in the Philippines and Sri Lanka, the officials said.

Four requests to transfer a total of about $81 million to the Philippines went through, but a fifth, for $20 million, to a Sri Lankan non-profit organization got held up because the hackers misspelled the name of the NGO.

The full name of the non-profit could not be learned. But one of the officials said the hackers misspelled "foundation" in the NGO's name as "fandation," prompting a routing bank, Deutsche Bank, to seek clarification from the Bangladesh central bank, which stopped the transaction.

Deutsche Bank declined to comment.

Open Image Modal
Sean Gallup via Getty Images
When Deutsche Bank caught the typo the hackers made in the money transfers, the transaction was stopped.

At the same time the unusually high number of payment instructions and the transfer requests to private entities - as opposed to other banks - made the Fed suspicious, which also alerted the Bangladeshis, the officials said.

The details of how the hacking came to light and was stopped before it did more damage have not been previously reported. Bangladesh Bank has billions of dollars in a current account with the Fed, which it uses for international settlements.

The transactions that got stopped totaled between $850 million and $870 million, one of the officials said.

Last year, Russian computer security company Kaspersky Lab said a multinational gang of cyber criminals had stolen as much as $1 billion from as many as 100 financial institutions around the world in about two years.

Iraqi dictator Saddam Hussein's son Qusay took $1 billion from Iraq's central bank on the orders of his father on the day before coalition forces began bombing the country in 2003, American and Iraqi officials have said. In 2007, guards at the Dar Es Salaam bank in Baghdad made off with $282 million.

MONEY RECOVERED

Bangladesh Bank has said it has recovered part of the money that was stolen, and is working with anti-money laundering authorities in the Philippines to try to recover the rest of the funds.

The recovered funds refer to the Sri Lanka transfer, which got stopped, one of the officials said.

The dizzying, global reach of the heist underscores the growing threat of cyber crime and how hackers can find weak links in even the most secure computer networks to steal money and wreak havoc.

More than a month after the attack, Bangladeshi officials are scrambling to trace the money, shore up security and identify weaknesses in their systems. They said there is little hope of ever catching the hackers, and it could take months before the money is recovered, if at all.

Security experts said the perpetrators had deep knowledge of the Bangladeshi institution's internal workings, likely gained by spying on bank workers.

The Bangladesh government, meanwhile, is blaming the Fed for not stopping the transactions earlier.

Finance Minister Abul Maal Abdul Muhith told reporters on Tuesday that the country may resort to suing the Fed to recover the money.

"The Fed must take responsibility," the minister said.

The New York Fed has said that its systems were not breached and that it has been working with the Bangladesh central bank since the incident occurred.

The hacking of Bangladesh Bank happened sometime between Feb. 4 and Feb. 5, over the Bangladeshi weekend, which falls on a Friday, the officials said. The bank's offices were shut for the holiday.

Initially, the central bank was not sure if their system had been breached, but then cyber security experts, brought from the outside to investigate, found hacker "footprints" that suggested their system had been compromised, the officials said.

These experts could also tell that the attack originated from outside Bangladesh, they said. The bank is still looking into how they got into the system and an internal investigation is also continuing, they said.

The bank suspects money sent to the Philippines was further diverted to casinos there, the officials said.

The Philippine Amusement and Gaming Corp, which oversees the gaming industry there, said it has launched an investigation. The country's anti-money laundering authority is also working on the case. 

Your Support Has Never Been More Critical

Other news outlets have retreated behind paywalls. At HuffPost, we believe journalism should be free for everyone.

Would you help us provide essential information to our readers during this critical time? We can't do it without you.

Support HuffPost

HuffPost Shoppings Best Finds

MORE IN LIFE