bank-security
Security

Bangladesh $80 million cyber heist shows banks must improve security protocols

In a partially bungled cyber heist attempt last March, thieves targeted Bangladesh’s central bank and tried to lift $1 billion in one fell swoop using stolen credentials and taking advantage of poor security controls at the bank.

But the cyber attackers weren’t as successful as they had hoped. They still made off with $80 million, no small feat, before officials noticed an unusual amount of transaction activity in quick succession and intervened. Most strikingly, a spelling mistake made by one of the thieves in the credentials aroused suspicions at Deutsche Bank.

At the same time the Federal Reserve Bank of New York was alarmed by the transaction requests it was getting from Bangladesh. The money was moving into personal bank accounts rather than to other institutions, which is usually the case for transactions such as these. Most of the accounts that received the money were in Sri Lanka and the Philippines.

Bangladesh’s central bank is now considering a lawsuit against the New York federal bank for failing to act sooner and hired FireEye’s Mandiant to investigate its networks. Whether or not the money will ever be fully recovered is unknown and while the hackers made some rookie mistakes that led their operation to being foiled, they still snared $80 million and the head of the central bank Atiur Rahman resigned. Not bad for a day’s work.

Firstly, it appears that the Bangladesh central bank took a couple of shortcuts in their security protocols that allowed this mess to occur. One report showed that the bank didn’t even have a firewall in place and was using $10 “second hand” routers.

To continue reading...


PREVIOUS ARTICLE

« Can a book teach introverts how to be 'dynamic' leaders?

NEXT ARTICLE

Security tool key player in Hadoop plot to rule the world »
Jonathan Keane

Jonathan Keane is a freelance journalist, living in Ireland, covering business and technology

  • Mail