Some Bangladesh Bank Officials Involved In Heist, Says Investigator (reuters.com) 26
Ruma Paul, reporting for Reuters: Some Bangladesh central bank officials deliberately exposed its computer systems and enabled hackers to steal $81 million from its account at the Federal Reserve Bank of New York in February, a top investigator in Dhaka told Reuters on Monday. The comments by Mohammad Shah Alam of the Dhaka police are the first sign that investigators have got a firm lead in one of the world's biggest cyber heists. Arrests are soon likely, he said. On Thursday, the head of a Bangladesh government panel that investigated the heist said five bank officials were guilty of negligence but that they were only unwitting accomplices. Alam told Reuters his investigations had discovered that some bank officials had knowingly created vulnerabilities in the bank's connection to the SWIFT system, used for global transactions.Early this year, hackers targeted Bangladesh's central bank to get away with $1bn. At the time, it was reported that the gang behind the raid used stolen credentials to make requests to transfer cash look legitimate.
If all the requests had gone unchallenged, the gang would have got away with about $1bn.
However, the transfers were stopped when the volume of requests raised suspicions at other banks.
Amateurs... (Score:4, Insightful)
Amateurs... If they had only been collecting the rounding errors from the transactions they would have eventually pulled that cool $1bn without anyone knowing...
Re: (Score:2)
The evil boss caught the employee because he made stupidly expensive, obvious purchases with his rounding errors.
Re: (Score:3)
Re: (Score:2)
It is the same reason there is no security whatsoever behind paper checks. Bank's simply don't give a shit. It isn't their money.
Re: (Score:1)
We had our checks stolen at work.
The bank fully refunded the fraudulently cashed ones.
Re: (Score:2)
It isn't the (eventual) recovery that is the problem. Its the fact that the system is so wide open that this can happen in the first place.
All someone needs is your account number and they can empty your account. The check does not even need your (or your business') name on it.
Banks simply have no interest in putting together a better system than the ancient check system.
Re: (Score:1)
Why was that a problem, it was quick recovery, and clearly the rare case of check fraud is cheaper than developing a new system.
All sorts of contracts are easy to breach, but our legal system keeps fraud fairly low in the scheme of things.
Re: (Score:2)
It took a month of harassing the bank until they gave me my money back. In the meantime nearly every penny I had was gone. Luckily I make enough in a month to cover all my bills. In the end it was shaming them on social media that actually got a bank manager to call me.
Huh? (Score:1)
Not really IT news, and kind of obvious. I mean, i guess it involves IT equipment, but so does shopping. Is Slashdot eventually going to become a repository for every single story going?
Re: (Score:2)
Re: (Score:2)
Slashdot is not has never been an IT news site. However this is definitely IT news. Systems need to be designed to prevent or detect collusion, and this kind of thing is a natural part of a system's risk assessment.
Obvious from the beginning (Score:3)
Re: (Score:2)
Reverse Karma? (Score:1)
They got burned by insourcing.
management finally getting punished. (Score:2)
five bank officials were guilty of negligence but that they were only unwitting accomplices. Alam told Reuters his investigations had discovered that some bank officials had knowingly created vulnerabilities in the bank's connection to the SWIFT system, used for global transactions.
Sure sounds like some bank officials wanted the typical security exemptions of management and that it really bit them in the ass this time. Bangladesh isn't known for it's leniency and frankly, I hope they throw the book at them.
Re: (Score:2)
If they were inside accomplices then why the need to hack the Windows desktops that performed the SWIFT transactions?
Re: (Score:2)
If they were inside accomplices then why the need to hack the Windows desktops that performed the SWIFT transactions?
do you not know what an unwitting accomplice is? the internet has answers. [answers.com]
Re: (Score:2)
Vulnerabilities in bank's connection to the SWIFT (Score:3)
I thought the vulnerabilities were introduced by emailing them malware that reprogrammed their Windows desktops to perform unauthrorzed transactions and prevented the Oracle database from printing out an acknowlegment of the transactions. The hack consisted of altering two bytes [archive.is] in a running Windows process [blogspot.co.uk].
Re: (Score:1)