Dhaka: Even as the world's biggest ever cyber heist in which criminals managed to swindle $81 million (Dh297 millon) from Bangladesh Central Bank’s account with the Federal Reserve Bank of New York last month sparks a worldwide uproar, the Governor of Bangladesh Central Bank Atiur Rehman resigned owning responsibility for the flaw.
The cyber heist could be thwarted to some extent because of a typo by hackers which saved the country up to $870 million (Dh3.17 billion).
Unidentified hackers managed to transfer $80 million from the Bangladesh Central Bank’s accounts with the Federal Reserve Bank of New York.
The cyber criminals allegedly breached the computer systems of Bangladesh Bank, stole its payments transfer password and credentials.
Atiur Rahman, 64, resigned after a meeting with Prime Minister Sheikh Hasina. He has tendered his resignation to the Prime Minister, a Premier's office spokesman told PTI. Prime Minister's press secretary Ihsanul Karim said Rahman met Hasina at her office in the morning and handed over his resignation, seven years after he was appointed as the Governor of Bangladesh Bank.
Earlier in the morning, an emotional and apparently distressed Rahman told newsmen he was ready to quit for the sake of the country. His resignation came weeks after the central bank confirmed that the huge amount was stolen from its account in Federal Reserve Bank of New York, sparking a worldwide uproar.
Bank spokesman had said that unknown hackers had stolen USD 101 million of which USD 81 million entered the Philippines and the rest went to Sri Lanka to be used in casino business. Finance Minister AMA Muhith had earlier said he was kept in the dark about the heist for weeks adding that the central bank management must explain its audacity. The hacking took place on the night of February 4, using information stolen through the malware, which sent a total of 35 transfer orders to the NY Federal Reserve Bank where the Bangladesh's central bank has an account. Reports said the hackers misspelled the name of a Sri Lankan non-governmental organisation, triggering a check of the request which raised the alarm.
Then, between February 4 and 5, the alleged cyber criminals flooded the Federal Reserve Bank of New York’s systems with more than 30 requests to move hundreds of millions of dollars from the Bangladesh Bank’s account to casinos in the Philippines and a fake NGO in Sri Lanka.
The first four transfer transactions, amounting to about $81 million to various entities in the Philippines went through, but a fifth transfer request for $20 million(Dh73 million) to a Sri Lankan NGO got stuck.
The reason? The hackers misspelled the name of the NGO, Shalika Foundation. Instead of ‘Foundation’, they punched in ‘fondation’, which prompted one of the routing banks to withhold that and subsequent transfers – amounting to a staggering $870 million (Dh3.17 billion) – to seek clarification from Bangladesh Bank.
Of late, cyber criminals have used sophisticated techniques in attempts to skim billions off banks and financial organisations.
Last month, software security group Kaspersky Labs said that the year 2015 saw the rise of cyber criminals who steal money from banks directly.
“Several groups have mastered APT tools and techniques, dipping their hands into the ‘pockets’ of at least 29 big Russian banks,” the firm said.
The firm said in 2015 that up to $1 billion was stolen in about two years from financial institutions worldwide.
“These bank heists were surprising because it made no difference to the criminals what software the banks were using. So, even if its software is unique, a bank cannot get complacent. The attackers did not even need to hack into the banks’ services: once they got into the network, they learned how to hide their malicious plot behind legitimate actions. It was a very slick and professional cyber-robbery,” Sergey Golovanov, Principal Security Researcher at Kaspersky Lab’s Global Research and Analysis Team, had then said.
“In 2015, the criminals behind Metel took aim at banks, specifically ATM machines. Using their savvy and a malicious campaign, these criminals turned their common credit cards into limitless ones. Imagine printing money, but even better,” Kaspersky said.
