You Never Know Where It Will Happen Next .... |
They apparently used 'stolen credentials' to make the requests to transfer cash, look legitimate. They would apparently have succeeded, but for the fact that they were being greedy and making too many transfer requests in too short a period ... oh, and they couldn't spell correctly in English (BA Calcutta failed?). Not that the Bangladesh Central Bank spotted anything wrong, they were apparently totally unaware of the large volume of transfer requests being made against their plentiful funds.
However its the details contained inside the story, that really should be raising alarm bells inside and outside of that country:
2) Its reported that the gang must have 'spent time studying the internal processes of Bangladesh's Central Bank so they could convincingly pose as officials when requesting the transfers'.
3) The fund transfers were all being made into private accounts in Sri Lanka, and the Philippines, rather than other reserve banks (which I guess may not be too unusual in that part of the world, but would be anywhere else).
4) The Bangladesh government immediately rushed to publicly blamed the New York Fed for not spotting the suspicious transactions earlier, with Finance Minister Abul Maal Abdul Muhith saying that "The Fed must take responsibility" .... and that legal action against the US body to help recover the money. This is presumably because a lot of their countries reserve, is held in the US system (possibly because they can't trust themselves to keep it at home). However the The New York Federal Bank said its system had not been breached by the hackers, so it was not them who were responsible.
Efforts are now being made to freeze and return the $80m, from those private accounts in Sri Lanka and the Philippines .... what's the betting that somehow its all been lost?
So lets look at this again, but without the same spin as the original linked story.
(b) In order to do this, the criminals also had to be fully conversant with the internal security processes of Bangladesh's Central Bank.
(c) They also had to have high enough authorisation, to be able to make the transfers without them being questioned inside Bangladesh's Central Bank.
(d) The Bangladeshi's accepted no blame, and instead rushed to blame the US banking system for 'not spotting the suspicious transactions earlier' .... actually they did, but the Bangladesh Central Bank only reacted after a series of transactions had been flagged as suspicious.
No Shit Sherlock .... Inside Job? |
Now if I was of the 'No Shit Sherlock' mind cast ..... I would say that it stinks to high heaven of an inside job.
- 'Stolen' credentials.
- Security protocols known.
- Internal Banking processes spied on and known.
- Private Accounts used.
- Slow central bank response.
- No internal activity flags raised.
- Undetected hack into the central bank (long enough to study bank systems, processes, security, and alert protocols and then bypass or spoof them).
I guess you pays your money and makes your choice, but I know where I would be looking for the criminals .... and it would not be in Sri Lanka and the Philippines (unless any current or recently former, bank employees have spent time in either of those countries).
According to the BBC the head of the Bangladeshi central bank has resigned. He is named as Atiur Rahman and the money lost is now said to be £100m.
ReplyDeletehttp://www.bbc.co.uk/news/business-35809798
There will be more to this story when it all comes out. Thanks for the comment.
DeleteIts being reported that another unamed bank has had a similar attempt made on it. The attackers had a "deep and sophisticated knowledge of specific operational controls" at the targeted bank, and could have been aided in their theft by "malicious insiders". Sounds like the same gang had insiders elsewhere.
DeleteCertainly does ... maybe more to come? Thanks for the comment.
DeleteFYI the Bangladshi's are still blaming the US Fed
ReplyDeletehttp://www.bbc.co.uk/news/business-35874531
Not surprised. Got to keep too many asking questions back home. Thanks for the update.
DeleteAh, now it turns out that the Bangladeshi National Bank skimped on network hardware and security software. The bank allegedly had no firewall, and used second-hand routers that cost just $10 to connect to the global financial networks.
DeleteNo doubt all their I.T. 'Experts' must be doing outsourced work for our banks and financial companies .... that's reassuring, isn't it?
The attackers had a "deep and sophisticated knowledge of specific operational controls" at the targeted bank, and could have been aided in their theft by "malicious insiders"
ReplyDeleteThanks for the comment ... again?
Delete