Security Experts:

Investigation Suggests Insider Involvement in $81 Million Theft at Bangladesh Central Bank

The official Bangladesh government probe into the $81 million dollar theft via SWIFT in February has suggested the possibility of insider involvement. In February 2016 attackers successfully tricked the New York Federal Reserve Bank into transferring $81 million from the Bangladesh central bank to accounts in the Philippines. Before today, the primary Bangladesh line has been to blame SWIFT for the breach.

A government probe team, formed on March 15 and led by former Bangladesh bank governor Mohammed Farashuddin, submitted its report to Finance Minister AMA Muhith on Monday. Talking to journalists, Farashuddin said that the committee had shifted 'a bit' from the earlier assumption that no bank insider had been involved.

"We initially thought that no one at the Bangladesh Bank was involved. That has changed a bit. Our report details what kind of involvement it is," he said.

Learn More on the SWIFT Attacks at the 2016 CISO Forum on June 1

Neither he nor the Finance Minister would elaborate further; although the minister said he hoped that the report could be made public in the next 15 to 20 days.

Before today, Bangladesh has suggested that SWIFT is largely to blame for the incident - an accusation that SWIFT has strenuously refuted. This accusation is not fully rescinded by the suggestion of insider involvement. Farashuddin told the journalists, "SWIFT is responsible too. The report contains an analysis on whether they (SWIFT) are fully responsible or not. SWIFT cannot avoid responsibility."

SWIFT has responded to the theft, and indications of attacks on other banks probably by the same attackers, with a five-point plan to tighten security around its network. Two of the recommendations could help identify insider activity in the future: to help develop security audit frameworks for customers, and to help in an increased use of behavioral analysis within the banks.

Bangladesh Bank spokesman Subhankar Saha told Reuters that its officials had yet to read the report or receive government instructions.

"The Bangladesh Bank management will follow all instructions given by the government," Saha told Reuters. "Actions will be taken as per instruction by the government if any central bank officials were found guilty."

This is not, however, the first suggestion that an insider or insiders may have been involved. Earlier this month the Wall Street Journal said FBI agents investigating the theft "have found evidence pointing to at least one bank employee acting as an accomplice, people familiar with the matter said. The evidence suggests a handful of others may also have assisted hackers in navigating Bangladesh Bank's computer system, the people said."

Related: Learn More on the SWIFT Attacks at the 2016 CISO Forum on June 1 at the Ritz Carlton, Half Moon Bay.

view counter
Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.