Bangladesh asks SWIFT to let the police question its technicians over bank cyber heist

Bangladesh has asked SWIFT to help the police question its technicians over February's US$81 million (S$111 million) cyber heist.
Bangladesh has asked SWIFT to help the police question its technicians over February's US$81 million (S$111 million) cyber heist. PHOTO: REUTERS

DHAKA (Reuters) - Bangladesh has asked SWIFT to help its police question technicians sent by the global financial network to Dhaka to connect a new bank transaction system months before February's US$81 million (S$111 million) cyber heist, according to a source and an e-mail seen by Reuters on Wednesday (May 18).

Bangladesh's Criminal Investigation Department (CID) told SWIFT in the e-mail sent on Monday (May 16) that it wants to interview the technicians in Dhaka next week. They were sent to Bangladesh from "around the world" in the second half of last year, it said.

Investigators believe the technicians introduced some vulnerabilities when they connected SWIFT to the South Asian country's first real-time gross settlement (RTGS) system. "We have some specific and tangible evidence against the technicians," said a CID source with knowledge of the investigation into the heist. "They have to defend themselves. The technicians may have acted without the knowledge of SWIFT, in their personal capacity."

Apart from the nearly half a dozen technicians, some of them contract employees, Bangladesh has also invited senior SWIFT officials to Dhaka, said the source, who declined to be named because of the ongoing investigations. The source declined to identify the technicians or give their nationalities.

SWIFT spokeswoman Natasha de Teran declined to comment.

Sources in Bangladesh have earlier told Reuters the technicians did not appear to have followed their own procedures to ensure the system was secure, because of which SWIFT messaging at the Bangladesh Bank was widely accessible, including remote access with only a simple password.

A Bangladesh government-appointed panel investigating the theft has accused SWIFT of committing a number of mistakes in connecting up the local network.

SWIFT has rejected the allegations.

It has said its financial messaging system remains secure and had not been breached by the hackers during the attack on Bangladesh Bank.

The RTGS, which enables domestic banks and the central bank to settle large transfers between themselves, was installed at Bangladesh Bank in October last year and then connected to SWIFT.

In February, hackers sent fraudulent messages, ostensibly from the central bank in Dhaka, on the SWIFT system to the New York Federal Reserve seeking to transfer nearly $1 billion from Bangladesh Bank's account there.

Most of the transfers were blocked but about US$81 million was sent to a bank in the Philippines and much of that money remains missing.