The Bangladesh’s Finance Minister Abul Maal Abdul Muhith accused the U.S. Federal Reserve of the theft of at least $81 million stolen from the Bangladesh’s account.
The central bank of Bangladesh declared the funds had been stolen from an account by hackers, the experts had traced some of the missing funds in the Philippines.
In reality the hackers tried to steal much more, they tried to complete dozens of transfers for an overall amount of $850 million.
While investigators are collecting evidence on the alleged hack, security experts made some speculation on the incident. It is likely hackers breached Bangladesh Bank in early February stealing credentials for payment transfers, then they used the credentials to order transfers out of a Federal Reserve Bank of New York account held by Bangladesh Bank.
Anyway it is a complex hack, the attackers had a deep knowledge about Bangladesh Bank’s procedures for ordering transfers, likely they spied on Bangladesh Bank staff to gather the information.
According to the Reuters, investigators believe hackers alleged used a malware to infect systems at the Bangladesh central bank. Two bank officials told to the Reuters that the attackers infiltrated the computer systems for weeks gathering information on the internal operation to use in the attack later.
“Investigators suspect that malicious software code, often referred to as malware, which allowed hackers to learn how to withdraw the money could have been installed several weeks before the incident, which took place between Feb. 4 and Feb. 5, said Bangladesh Bank officials briefed on the matter.” reported the Reuters.
The authorities hired the FireEye Inc’s Mandiant forensics division to investigate the cyber heist.
It is likely attackers have stolen the Bangladesh Bank’s credentials for the SWIFT messaging system, a network used by financial institutions and private corporates to authorize transfer financial transactions through a ‘financial message’.
“SWIFT and the Central Bank of Bangladesh are working together to resolve an internal operational issue at the central bank. SWIFT’s core messaging services were not impacted by the issue and continued to work as normal.” reads a statement issued on Friday by the SWIFT.
The incident could have serious repercussions on the way central banks worldwide operates, they need to review their processes and systems in order to prevent other attacks.
(Security Affairs – US Federal Reserve, Bangladesh central bank)