Bangladesh Bank robbery - An interesting cyber heist. . .

[kobayashiGT]

Bangladesh Bank robbery - An interesting cyber heist. . .

source: https://www.aljazeera.com/programmes/101east/2018/05/hacked-bangladesh-bank-heist-180523070038069.html

How hackers got away with one of the biggest thefts in history, robbing Bangladesh's central bank of more than $80m.

It was a daring raid. Tens of millions of dollars stolen from Bangladesh's central bank via the Federal Reserve Bank of New York, transferred to accounts in the Philippines and then laundered through the Philippine casino system.

The money, and the thieves, then vanished. And it was all done online. In this comprehensive investigation spanning several countries, 101 East examines one of the biggest bank robberies in modern times, to find out how cyber-hackers infiltrated the global banking system, and got away with it.

The crime stunned the then-governor of Bangladesh Bank, Atiur Rahman. "It was like a terrorist attack, into the central bank," he says. "I couldn't believe it ... because nothing like that ... ever happened."

The robbery prompted investigations in the Philippines, Bangladesh and by the FBI. It revealed weaknesses in the supposedly secure global money transfer system known as SWIFT, which banks use to move billions of dollars daily between themselves.

The heist also exposed the murky banking system of the Philippines, where some of the world's toughest bank secrecy laws make the country vulnerable to potential corruption and money laundering. And it drew attention to the country's casinos, which are exempt from anti-money laundering laws, and not required to report suspicious transactions.

101 East exposes how cyber-hackers got away with one of the biggest bank thefts in history, robbing Bangladesh's central bank of more than $80m.

For those who want to find out more in-depth about the bank heist, can look at this youtube!

 

[mersaylee]

Prices of milo, kong guan tins gonna hike...

[Watwheels]

Bank heist of the 1920s with guns blazing and all the drama.

 

Tunneling heist...near stealthy but too much labour.

 

Ridiculous levels of how Hollywood portray heist.

 

Reality type of scams and heists today.

 

So please stop using "password" as your password for your bank transactions.

[Count-Bracula]

All done thru SWIFT transfers? 

[Kangadrool]

SWIFT is slow, FAST is fast. :-)

[kobayashiGT]

1 hour ago, Count-Bracula said:

All done thru SWIFT transfers? 

Yah. the hacker time the duration zhun zhun at the holiday between Bangladesh, US and Philippines. So there is a few transactions got approved.

[Atrecord]

3 hours ago, mersaylee said:

Prices of milo, kong guan tins gonna hike...

i think in today's context (so many millionaires/billionaires) , many will simply apply more credit cards that come with free 28" luggages... 😁

[1fast1]

Real Foreign Talent. The Pinoys of course. 😁

[Watwheels]

Usually the ppl who is working in the bank or who had worked before in the bank is involved. Who else would know the weakness of the said bank and what to target.

[Acewin]

14 minutes ago, Watwheels said:

Usually the ppl who is working in the bank or who had worked before in the bank is involved. Who else would know the weakness of the said bank and what to target.

Meaning inside the bank got internal ghost lah.

Edited July 8, 2020 by Acewin

[Leo72]

1 hour ago, Acewin said:

Meaning inside the bank got internal ghost lah.

Basically people who know work in the bank on the banking system, can be current employees or ex-employees of banks.

[Kxbc]

2 hours ago, Turboflat4 said:

Real Foreign Talent. The Pinoys of course. 😁

I don't think it's a Filipino. Prob a (gang of) PRC who had resided in Bangladesh before to know the Bangladesh's weekend is Fri and Sat (not many will know because no one is interested in Bangladesh unless you are in the garment manufacturing trade). And he/she would also have resided for some time in the Philippines to understand how their POGO laws work such that he can launder that money through the system. My guess lah.

[inlinesix]

https://en.wikipedia.org/wiki/Bangladesh_Bank_robbery

Quote

The Bangladesh Bank robbery, also known colloquially as the Bangladesh Bank cyber heist,[1] took place in February 2016, when thirty-five fraudulent instructions were issued by security hackers via the SWIFT network to illegally transfer close to US $1 billion from the Federal Reserve Bank of New York account belonging to Bangladesh Bank, the central bank of Bangladesh. Five of the thirty-five fraudulent instructions were successful in transferring $101 million, with $20 million traced to Sri Lanka and $81 million to the Philippines. The Federal Reserve Bank of New York blocked the remaining thirty transactions, amounting to $850 million, due to suspicions raised by a misspelled instruction.[2] All the money transferred to Sri Lanka has since been recovered. However, as of 2018 only around $18 million of the $81 million transferred to the Philippines has been recovered.[3] Most of the money transferred to the Philippines went to four personal accounts, held by single individuals, and not to companies or corporations. It was later suspected that Dridex malware was used for the attack.[4]

The suspicious activities of the staff at the Rizal Commercial Banking Corp (RCBC) in the Philippines cannot be ignored either since they acted with lightning speed to launder the money out of the bank and into the gambling industry, in complete violation of the Philippines anti-money laundering laws and in total disregard of the instructions of the central bank of the Philippines, which had ordered a freeze on the recipient accounts.[5] Nearly one year before the robbery, the Governor of Bangladesh Bank had foreseen cyber security vulnerabilities and had hired an American cyber security firm to bolster the firewall, network and overall cyber security of the bank. However, due to multiple bureaucratic hurdles, the security firm could not join and it only started its operations in Bangladesh after the cyber heist.[6]

 

[Sdf4786k]

On 7/8/2020 at 9:30 AM, Kangadrool said:

SWIFT is slow, FAST is fast. 🙂

the joke is lost for non payment gateway techie

🤣

[Sdf4786k]

On 7/8/2020 at 1:54 PM, Kxbc said:

I don't think it's a Filipino. Prob a (gang of) PRC who had resided in Bangladesh before to know the Bangladesh's weekend is Fri and Sat (not many will know because no one is interested in Bangladesh unless you are in the garment manufacturing trade). And he/she would also have resided for some time in the Philippines to understand how their POGO laws work such that he can launder that money through the system. My guess lah.

And the best part, no one from India wish to be associated to Bangladesh.

As a form of not rubbing people the wrong way, NEVER ever ask your colleague which part of Bangladesh are they from.

 

 

[Meanmachine]

There are plenty of Banglas here _ G love them to bit 

[Sdf4786k]

On 7/8/2020 at 2:09 PM, inlinesix said:

https://en.wikipedia.org/wiki/Bangladesh_Bank_robbery

 

The guidance was issued as finger-pointing has intensified over who's responsible for the failures that led to the theft of $81 million from the Bangladesh central bank's New York Federal Reserve account in February (see SWIFT Warns Banks: Coordinated Malware Attacks Underway).

Bangladeshi police have publicly blamed Brussels-based SWIFT, a bank-owned cooperative founded in 1973, for introducing vulnerabilities into its IT infrastructure that attackers later exploited. But SWIFT, which stands for the Society for Worldwide Interbank Financial Telecommunication, says in a statement that those are "baseless allegations" and that the bank is responsible for the security of all systems that interface with its network, "starting with basic password protection practices."

As part of the audacious online heist - one of the largest in history - hackers attempted to transfer $1 billion out of Bangladesh Bank's account at the Federal Reserve Bank of New York and successfully transferred about $100 million. Most of that money was then laundered via casinos in the Philippines and disappeared, investigators say, although about $20 million has since been recovered.

SWIFT Guidance

In the wake of the theft, SWIFT acknowledged that Bangladesh Bank wasn't the first user to be targeted with malware that was designed to subvert the cooperative's messaging platform (see SWIFT Confirms Repeat Hack Attacks).

And for the first time in the cooperative's history, earlier this month SWIFT issued information security guidance to all of its users, urging them to review their security policies and procedures, Reuters reports. "SWIFT is not, and cannot, be responsible for your decision to select, implement (and maintain) firewalls, nor the proper segregation of your internal networks," according to a copy of the letter, dated May 3, and shared by a bank with Reuters for review on May 10.

"As a SWIFT user you are responsible for the security of your own systems interfacing with the SWIFT network and your related environments," the letter says. "We urge you to take all precautions."

SWIFT confirmed the authenticity of that report but declined to share a copy of the letter.

Greater Cooperation Pledged

Bangladesh officials had previously stated that they believe that the New York Fed and SWIFT share at least some responsibility for the February attacks. Of 35 transfer orders created by the hackers and submitted to the New York Fed, the Fed stopped most for being suspicious, but did let five through.

But on May 10, representatives from SWIFT met with the Bangladesh Bank, including its governor, and the New York Fed, including its president, to discuss the February attack, and they agreed to work more closely together. "The parties also agreed to pursue jointly certain common goals: to recover the entire proceeds of the fraud and bring the perpetrators to justice, and protect the global financial system from these types of attacks," the three parties said in a jointly issued statement.

FBI investigators now suspect that at least one bank employee acted as an accomplice, The Wall Street Journal reports, but Bangladesh Bank officials say they have received no related intelligence from the bureau.

Meanwhile, an investigation by digital forensic investigation firm FireEye, which was hired by the bank to investigate the breach, found evidence that three different hacking groups had penetrated the bank's system, Bloomberg reports. Two of those groups have suspected ties to nation states - one to North Korea, the other to Pakistan - but FireEye said it suspects that a third, as yet unidentified group of hackers committed the heist.

FireEye didn't immediately respond to a request for comment about that report.

Police Probe Blames SWIFT

The May 10 meeting followed remarks made by Mohammad Shah Alam, the head of the criminal investigation department of the Bangladesh police, to Reuters, saying that its probe discovered that a SWIFT technician had not followed standard operating procedures when connecting the bank's first-ever real-time gross settlement system to SWIFT, three months prior to the cyber heist, thus leaving "loopholes" that compromised the bank's security (see Study: Banks See Surge in Cyber Fraud).

An unidentified bank official told Reuters that access to the SWIFT messaging system had been left easily accessible, that it lacked even a firewall for protection, and only required a simple password, even for remote access. "It was the responsibility of SWIFT to check for weaknesses once they had set up the system. But it does not appear to have been done," the official said.

SWIFT Rebuttal

But SWIFT quickly dismissed those allegations. "The accusations have no basis in fact," SWIFT said in a May 9 statement. "SWIFT was not responsible for any of the issues cited by the officials, or party to the related decisions."

SWIFT added that when it comes to information security, the buck stops with users, while also getting in a dig about poor password practices at the institution. "As a SWIFT user like any other, Bangladesh Bank is responsible for the security of its own systems interfacing with the SWIFT network and their related environment - starting with basic password protection practices - in much the same way as they are responsible for their other internal security considerations," it said (see Why Are We So Stupid About Passwords?).

"We stand by our investigation," Alam told Reuters in response, adding that he didn't want to debate the matter, but rather help catch the criminals involved.

https://www.bankinfosecurity.com/swift-to-banks-get-your-security-act-together-a-9099