Bangladesh Bank heist

Hackers stalked bank's computer systems

In the eye of the storm: Atiur Rahman (above)Bangladesh central bank governor resigned to take responsibility for the scandal. Two deputy governors were sacked.
In the eye of the storm: Atiur Rahman (above)Bangladesh central bank governor resigned to take responsibility for the scandal. Two deputy governors were sacked.PHOTO: EUROPEAN PRESSPHOTO AGENCY
In the eye of the storm: Abul Maal A. Muhith (above) Bangladesh Finance Minister, trying to control damage from the theft, told the Bengali-language daily Prothom Alo that central bank officials were "100 per cent" involved in the scandal.
In the eye of the storm: Abul Maal A. Muhith (above) Bangladesh Finance Minister, trying to control damage from the theft, told the Bengali-language daily Prothom Alo that central bank officials were "100 per cent" involved in the scandal.PHOTO: EUROPEAN PRESSPHOTO AGENCY
In the eye of the storm: Maia Deguito (above) Manager of the Rizal Bank branch from which the US$81 million (S$110 million) was withdrawn says she had approval from senior bank executives.
In the eye of the storm: Maia Deguito (above) Manager of the Rizal Bank branch from which the US$81 million (S$110 million) was withdrawn says she had approval from senior bank executives.PHOTO: EUROPEAN PRESSPHOTO AGENCY

DHAKA • Hackers who stole US$101 million (S$137 million) from Bangladesh's central bank stalked its computer systems for almost two weeks beforehand, according to an interim investigation report seen by Bloomberg.

Prepared for the Bangladesh Bank by cyber security firms FireEye and World Informatix, the assessment offers a tantalising glimpse into how cyber criminals can use the banks' own systems against them.

The cyber companies say the thieves deployed malware on servers housed at the central bank to make payments seem genuine. The report cast the unidentified hackers as a sophisticated group which sought to cover their tracks by deleting computer logs as they went.

Before making transfers, they sneaked through the network, inserting software that would allow re-entry. It was the sort of thorough operation often mounted by nation-state hackers, according to the report, but FireEye's intelligence unit believes the group, which it has been tracking for some time, is criminal.

The heist exposed weaknesses in systems, sparked a dispute between Bangladesh's central bank and its finance ministry, and cost the central bank governor his job less than five months before he planned to retire.

The hackers sent US$81 million from the Bangladesh Bank's account in New York to the Philippines, and another US$20 million to Sri Lanka. The Federal Reserve Bank of New York blocked transactions worth another US$850 million.

A bank in Sri Lanka stopped and returned the cash, while the money in the Philippines is still missing.

"Malware was specifically designed for a targeted attack on Bangladesh Bank to operate on Swift Alliance Access servers," the interim report said.

Swift is a member-owned cooperative that provides international codes to facilitate payments between banks globally.

Mr Charlie Booth from Brunswick Group, a corporate advisory firm that represents Swift, said: "We reiterate that the Swift network itself was not breached."

Bangladesh yesterday formally sought assistance from the US Federal Bureau of Investigation to track down the crooks.

BLOOMBERG

A version of this article appeared in the print edition of The Sunday Times on March 20, 2016, with the headline 'Hackers stalked bank's computer systems'. Print Edition | Subscribe