Dhaka 'to sue NY Fed' after alleged $138m bank theft

US reserve bank denies system breach; Chinese hackers suspected to be the culprits

DHAKA • Bangladesh has said it intends to sue the Federal Reserve Bank of New York (Fed) after hackers allegedly stole nearly US$100 million (S$138 million) from a reserve account in one of the largest known bank thefts.

Only a spelling mistake in an online bank transfer instruction helped prevent a nearly US$1 billion heist last month involving the Bangladesh central bank and the New York Federal Reserve, according to reports.

Two senior Bangladesh Bank officials said suspected Chinese hackers had breached Bangladesh Bank's systems and stolen its credentials for payment transfers.

They then bombarded the Federal Reserve Bank of New York with nearly three dozen requests to move money from the Bangladesh Bank's account there to entities in the Philippines and Sri Lanka.

But the US reserve bank, which manages the Bangladesh Bank reserve account, denies its systems were breached.

More than a month after the attack, Bangladeshi officials are scrambling to trace the money, shore up security and identify weaknesses in their systems. They said there was little hope of ever catching the hackers, and it could take months before the money is recovered, if at all.

"We have heard that Federal Reserve Bank of New York has completely denied their responsibility. (It doesn't) have any right," Finance Minister A.M.A. Muhith told reporters in Dhaka on Tuesday.

"Of course, we will file a case against it. We have kept the money with it. (It is) responsible," he said, when asked what action his government would take against the bank.

An official told Agence France-Presse that the stolen money was illegally transferred online to the Philippines and Sri Lanka.

Four requests to transfer a total of about US$81 million to the Philippines went through, but a fifth, for US$20 million, to a Sri Lankan non-governmental organisation (NGO) got held up because the hackers misspelled the name of the NGO.

The full name of the NGO was not disclosed. But one of the officials said the hackers misspelled "foundation" in the NGO's name as "fandation", prompting a routing bank, Deutsche Bank, to seek clarification from the Bangladesh central bank, which stopped the transaction.

Deutsche Bank declined to comment on the transaction.

At the same time, the unusually high number of payment instructions and the transfer requests to private entities - as opposed to other banks - made the Fed suspicious, which also alerted the Bangladeshis, the officials said.

Had the scheme not been caught, the loss could have reached nearly US$1 billion, one of the officials said.

Bangladesh Bank has billions of dollars in a current account with the Fed, which it uses for international settlements.

On Monday, the Bangladesh central bank said it had recovered part of the money and was in contact with the Philippines' anti-money laundering authorities to track down the rest.

The recovered funds refer to the Sri Lanka transfer, which got stopped, one of the officials said.

More than a month after the attack, Bangladeshi officials are scrambling to trace the money, shore up security and identify weaknesses in their systems.

They said there was little hope of ever catching the hackers, and it could take months before the money is recovered, if at all.

Security experts said the perpetrators had deep knowledge of the Bangladeshi institution's internal workings, which was likely gained by spying on bank workers.

Meanwhile, the Bangladesh government is blaming the Fed for not stopping the transactions earlier.

On its official Twitter account, the Federal Reserve Bank of New York wrote: "Regarding hacking reports, there is no evidence of attempts to penetrate Federal Reserve systems and no evidence Fed systems were compromised."

AGENCE FRANCE-PRESSE, REUTERS

A version of this article appeared in the print edition of The Straits Times on March 12, 2016, with the headline 'Dhaka 'to sue NY Fed' after alleged $138m bank theft'. Print Edition | Subscribe