DHAKA, Bangladesh—Bangladesh's central bank is trading accusations with the Society for Worldwide Interbank Financial Telecommunication, or Swift, over who is responsible for the theft by hackers of $ 81 million from the bank's account at the Federal Reserve Bank of New York.
Bangladesh authorities said their central bank's decision last year to connect its international and domestic fund-transfer systems inadvertently led to the February heist. Swift carried out the work, which Bangladesh police said left the combined network vulnerable to infiltration from the Internet.
Experts have found traces of multiple hacker groups, including ones from North Korea and Pakistan, active in the bank's network in the run-up to the heist, according to a person close to the investigation. But, the person said, it was a third group, whose origins remain a mystery, which is believed to have stolen the money.
The North Korean embassy in Dhaka and Pakistan's Foreign Ministry didn't immediately respond to emails seeking comment. The U.S. Federal Bureau of Investigation last year accused North Korean hackers of breaching Sony Corp. , something the North Korean government denied.
The cyberthieves used Bangladesh Bank's Swift credentials to divert money from Bangladesh's foreign-reserve account at the New York Fed to fraudulent bank accounts in the Philippines. The bulk of the money disappeared into the Philippines' murky casino industry, according to a criminal case filed by the Philippines Anti-Money Laundering Council. Bangladesh police officials say some of the stolen funds may have been moved out of the casinos to Hong Kong and China.
On Friday, Swift, whose network is used by financial institutions world-wide to transfer funds, warned customers that cybercriminals had carried out a similar breach at an unnamed commercial bank. A Swift notice said the two cases were "part of a wider and highly adaptive campaign targeting banks."
Swift also said software used by its members to check transaction statements had been compromised by malware, sparking concerns about security at the heart of the international banking system. Swift urged banks to urgently review all controls in "messaging, payments and ebanking channels."
Muhammad Shah Alam, deputy inspector general of Bangladesh Police's Criminal Investigation Department, said Swift technicians had "deviated from the approved plan of installation" when connecting the computer systems, causing the Swift server at the central bank to be connected to "internet-facing computers."
Mr. Alam also said Swift had used third-party vendors for some of the work, which could have led to an increased risk.
Natasha de Teran, a spokeswoman for Swift, said, "All services are and were performed on the instructions of Bangladesh Bank." She added that "No deviation from an agreed assignment could" have been made by Swift without the consent of Bangladesh Bank.
Ms. de Teran said Swift, along with a contractor, "provided support services." She declined to identify the contractor. Swift has previously said the attack was related to an internal operational issue at Bangladesh Bank and that Swift's core messaging services weren't compromised.
Subhankar Saha, a spokesman for Bangladesh Bank, said he couldn't comment on whether the agreed scope of work required a server link to the Internet.
"We never knew and Swift never told us there should be firewall segregation between the Swift server and our internal network," a former employee of the central bank's information-technology department, who declined to be named, said.
People close to the investigation said this week the FBI had found evidence that one or more Bangladesh Bank employees aided in the theft. That possibility was played down by some of the cyber investigators, who said the evidence suggests the entire operation could have been carried out remotely.
Mr. Saha, the spokesman for Bangladesh Bank, said previously: "The central bank is pursuing this case with the utmost vigor and if anyone within the bank is found to be involved, we will take legal action as appropriate."
The person close to the investigation said the probe has focused on a suspected criminal gang that has a history of attacking banks, usually casting a wide net by launching a "phishing campaign" that uses malicious emails to see which banks they could find with inadequate security controls in place.
A report by cybersecurity company FireEye Inc., hired by Bangladesh Bank to investigate, described the perpetrators as an "uncategorized threat group." A FireEye spokesman declined to comment on the continuing probe.
Investigators believe this gang stumbled onto the Bangladesh Bank network and quickly realized the potential financial gain as Bangladesh had amassed record foreign reserves at the beginning of the year, driven by garment exports and remittances from migrant workers.
Bryce Boland, chief technology officer for Asia Pacific at California-based FireEye, said the pattern of attacks was a wake-up call for financial institutions world-wide.
"Attackers know that targeted attacks on banks can be lucrative and now the advanced malware they need is available. I expect copycat groups to launch similar attacks," he said.
Write to Syed Zain Al-Mahmood at zain.al-mahmood@wsj.com
No comments:
Post a Comment