REUTERS-A top investigator into the electronic theft of $81 million from the
Bangladesh central bank is turning his attention to some IT technicians from
the bank
whom he suspects hooked up its transactions system to the public
Internet, giving hackers access.
In a series of interviews this month, Mohammad Shah Alam, a Bangladesh
police deputy inspector general who is heading investigations in Dhaka, went
into some detail about how insiders at Bangladesh Bank may have helped in the
execution of one of the world's biggest cyber-heists last February.
For instance, Alam said he was focusing on why a password token
protecting the SWIFT international transactions network at Bangladesh Bank was
left inserted in the SWIFT server for months leading up to the heist. It is supposed
to be removed and locked in a secure vault after business hours each day.
The failure to remove the token allowed hackers to enter the system when
it was not being monitored, first to infect it with malware and then to issue
fake transfer orders, he said.
Alam's comments follow months of assertions by Bangladesh authorities
that central bank officials were guilty of nothing more than negligence in the
heist, in which hackers moved money out of the bank's account at the Federal
Reserve Bank of New York and sent it to individual accounts in the Philippines.
At least half-a-dozen bank officials shared responsibility for
safekeeping of the token, he said.
Once in the system, the hackers introduced six types of malware which
captured keystrokes and screenshots and also delayed detection of fraudulent
transactions, according to a report by Fireye Inc's (FEYE.O)
Mandiant forensics division, which investigated the heist. Parts of the report
were seen by Reuters for the first time this month.
The malware was customized for Bangladesh Bank's systems, Alam said,
adding someone must have provided the hackers with technical details about the
central bank's computer network.
On the evening of Feb 4, the hackers initiated fake transfer orders which
sought to move nearly $1 billion from Bangladesh Bank's account at the New York
Fed, mostly to accounts at the Philippines-based Rizal Commercial Banking Corp
(RCBC) (RCB.PS).
They needed two types of passwords to carry out the transactions - the
hardware token and additional credentials used by bank officials. These
password credentials were either given to them by someone or were captured from
previous transactions by the malware that logged keystrokes, Alam said.
Many of the transfer orders initiated by the hackers were blocked or
reversed by intermediary banks, but $81 million made it to accounts in fake
names at RCBC. Most of the funds then disappeared into Manila's loosely
regulated casino industry and have not been tracked down since.
The Philippines' Anti-Money Laundering Council has accused seven bank
officials of money-laundering in a complaint filed at the country's Justice
Department.
The council has also filed complaints of money-laundering against Kim
Wong, a long-time RCBC client and a casino owner and agent in Manila, an
associate of his and the owners of a remittance agency. No links with the heist
have been proven and no one has been arrested.
Reuters could not independently confirm Alam's claims. He declined to
name any of the suspects.
No one has been arrested and Alam did not provide any further evidence to
back up his assertions.
Bangladesh Bank spokesman Subhankar Saha declined comment on the
investigation. He said the bank has not been told of any plans to detain any of
its employees.
The U.S. Federal Bureau of Investigation, among the agencies involved,
had no comment on Alam's claims. Interpol was not available for comment.
A spokeswoman for SWIFT declined to comment.
Nearly 11 months since the audacious robbery that undermined confidence
in the global SWIFT transactions system and sent tremors through the global
financial community, there is no sign if any of the half-a-dozen investigating
agencies involved are close to cracking the case.
No suspects in the Bangladesh central bank had been arrested, Alam said,
because investigations were incomplete. They were under watch and their
movements monitored, but he was awaiting "specific information" on
any communications they may have had with the hackers or with those who
received the funds.
Help has been sought from police in the Philippines, Japan, Sri Lanka and
China, countries where the hackers are believed to have links, he said.
THE SWIFT CONNECTION
Bangladesh police had previously blamed a group of contractors hired by
the SWIFT transactions network for making its computer system vulnerable, a
charge denied by the Belgium-based cooperative.
Alam said the investigation had instead shown that central bank IT
technicians were most likely to have provided the inside help. Asked if he had
any proof, he said: "There were a number of other things, which if the
Bangladesh Bank people had not done, the hacking would not have been
possible."
Alam said he believed the IT technicians connected the Bangladesh central
bank's SWIFT network to the public Internet last year while linking the network
to the bank's domestic payments system, the Real Time Gross Settlement System
(RTGS). SWIFT is used only for international transactions.
Linking it to the Internet made the highly secure network accessible from
any outside computer.
The work on linking SWIFT to the RTGS was supervised by SWIFT contractors
but carried out by Bangladesh Bank technicians, Alam and a bank official said.
It was not known who was responsible for leaving the token that was
supposed to protect the SWIFT system inserted in the server, Alam added.
REUTERS
0 Comments