Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Investigation Suggests Insider Involvement in $81 Million Theft at Bangladesh Central Bank

The official Bangladesh government probe into the $81 million dollar theft via SWIFT in February has suggested the possibility of insider involvement. In February 2016 attackers successfully tricked the New York Federal Reserve Bank into transferring $81 million from the Bangladesh central bank to accounts in the Philippines. Before today, the primary Bangladesh line has been to blame SWIFT for the breach.

The official Bangladesh government probe into the $81 million dollar theft via SWIFT in February has suggested the possibility of insider involvement. In February 2016 attackers successfully tricked the New York Federal Reserve Bank into transferring $81 million from the Bangladesh central bank to accounts in the Philippines. Before today, the primary Bangladesh line has been to blame SWIFT for the breach.

A government probe team, formed on March 15 and led by former Bangladesh bank governor Mohammed Farashuddin, submitted its report to Finance Minister AMA Muhith on Monday. Talking to journalists, Farashuddin said that the committee had shifted ‘a bit’ from the earlier assumption that no bank insider had been involved.

“We initially thought that no one at the Bangladesh Bank was involved. That has changed a bit. Our report details what kind of involvement it is,” he said.

Learn More on the SWIFT Attacks at the 2016 CISO Forum on June 1

Neither he nor the Finance Minister would elaborate further; although the minister said he hoped that the report could be made public in the next 15 to 20 days.

Before today, Bangladesh has suggested that SWIFT is largely to blame for the incident – an accusation that SWIFT has strenuously refuted. This accusation is not fully rescinded by the suggestion of insider involvement. Farashuddin told the journalists, “SWIFT is responsible too. The report contains an analysis on whether they (SWIFT) are fully responsible or not. SWIFT cannot avoid responsibility.”

SWIFT has responded to the theft, and indications of attacks on other banks probably by the same attackers, with a five-point plan to tighten security around its network. Two of the recommendations could help identify insider activity in the future: to help develop security audit frameworks for customers, and to help in an increased use of behavioral analysis within the banks.

Bangladesh Bank spokesman Subhankar Saha told Reuters that its officials had yet to read the report or receive government instructions.

Advertisement. Scroll to continue reading.

“The Bangladesh Bank management will follow all instructions given by the government,” Saha told Reuters. “Actions will be taken as per instruction by the government if any central bank officials were found guilty.”

This is not, however, the first suggestion that an insider or insiders may have been involved. Earlier this month the Wall Street Journal said FBI agents investigating the theft “have found evidence pointing to at least one bank employee acting as an accomplice, people familiar with the matter said. The evidence suggests a handful of others may also have assisted hackers in navigating Bangladesh Bank’s computer system, the people said.”

Related: Learn More on the SWIFT Attacks at the 2016 CISO Forum on June 1 at the Ritz Carlton, Half Moon Bay.

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Incident Response

Meta has developed a ten-phase cyber kill chain model that it believes will be more inclusive and more effective than the existing range of...

Cloud Security

VMware described the bug as an out-of-bounds write issue in its implementation of the DCE/RPC protocol. CVSS severity score of 9.8/10.