The Bangladesh Bank heist is one of the most infamous cyber heists in history, involving the theft of $81 million from the Bangladesh Central Bank in 2016. Here's a detailed breakdown of the story:
---
Background
- Bangladesh Bank: The central bank of Bangladesh, responsible for managing the country's monetary policy and foreign exchange reserves.
- Federal Reserve Bank of New York: Bangladesh Bank held part of its foreign reserves in an account at the New York Fed.
- SWIFT Network: The Society for Worldwide Interbank Financial Telecommunication (SWIFT) is a global messaging system used by banks to securely transmit financial instructions.
---
The Heist
1. Timeline:
- The attack began in early February 2016.
- On February 4-5, 2016, hackers gained access to Bangladesh Bank's systems and sent 35 fraudulent transfer requests via the SWIFT network to the Federal Reserve Bank of New York.
- The hackers attempted to steal $951 million, but most transactions were blocked or flagged due to spelling errors and suspicions.
- Four transactions succeeded, transferring $81 million to accounts in the Philippines.
2. How It Happened:
- Malware Infiltration: Hackers used malware to infiltrate Bangladesh Bank's systems and gain access to its SWIFT credentials.
- Fake SWIFT Messages: The hackers sent fraudulent SWIFT messages instructing the New York Fed to transfer funds to accounts in the Philippines and Sri Lanka.
- Evading Detection: The malware manipulated the bank's systems to hide evidence of the fraudulent transactions.
3. Funds Transfer:
- The $81 million was sent to accounts at Rizal Commercial Banking Corporation (RCBC) in the Philippines.
- The funds were then laundered through casinos and junket operators in the Philippines, making it difficult to trace.
---
Aftermath
1. Recovery Efforts:
- Bangladesh Bank managed to recover $15 million from Sri Lanka, but the remaining $66 million was lost.
- The Philippines' Anti-Money Laundering Council (AMLC) investigated the case, but much of the money had already been laundered through casinos, which were not covered by the country's anti-money laundering laws at the time.
2. Investigation and Blame:
- Bangladesh Bank blamed the New York Fed for not stopping the transactions, while the New York Fed claimed it followed standard procedures.
- SWIFT faced criticism for not having stronger security measures in place.
- Internal investigations revealed that Bangladesh Bank had inadequate cybersecurity measures, including the use of second-hand $10 network switches and no firewall.
3. Legal and Political Fallout:
- The governor of Bangladesh Bank, Atiur Rahman, resigned amid the scandal.
- In the Philippines, Maia Santos-Deguito, the RCBC branch manager involved in the heist, was charged and later found guilty of money laundering.
- The incident highlighted the vulnerabilities in global banking systems and led to increased scrutiny of SWIFT and cybersecurity practices.
---
Key Lessons
1. Cybersecurity: The heist underscored the importance of robust cybersecurity measures for financial institutions.
2. Regulatory Gaps: The case exposed loopholes in anti-money laundering laws, particularly in the Philippines' casino industry.
3. Global Cooperation: The incident highlighted the need for better international cooperation to combat cybercrime and financial fraud.
---
The Bangladesh Bank heist remains a cautionary tale about the risks of cyberattacks in the financial sector and the importance of securing global banking systems.
0 Comments