Thanks To A Typo: Hackers' Spelling Mistake Thwarts $1 Billion Bank Heist


The misspelling of the word "foundation" brought an end to an international cyberattack last month.

Their error tipped several banks off before the cyber criminals could siphon out $1 billion from the Central Bank of Bangladesh and the Federal Reserve Bank of New York. But the hackers' efforts weren't in vain.

The hackers managed into infiltrate the Central Bank of Bangladesh's SWIFT (Society for Worldwide Interbank Financial) identification code. With the bank's unique identifier in hand, the hackers were able to pose as the bank and make withdrawals on its behalf.

The thieves sent five requests to the New York Fed to withdraw money from Bangladesh's reserves. They managed to deposit just over $80 million in bank accounts in the Philippines and in Sri Lanka, but their fifth attempt to draw money drew suspicion.

Attempting to transfer money to a non-governmental organization in Thailand named "Shalika Foundation," one of the hackers misspelled the word "foundation" as "fandation." The spelling error was brought to the attention of Deutsche Bank, which later found out that Shalika Foundation isn't even registered on the list of Sri Lankan NGOs.

Those anomalies were accentuated by the amount the hackers were attempting to withdraw, which totaled about $1 billion.

Even the money that was successfully siphoned attracted attention. The money that went to Sri Lanka raised eyebrows at Pan Asia Banking Corporation, where an official stated that the transaction was too large for an economy of its size.

Bangladesh banks with the Fed and keep money there to settle issues with other countries. It reports that it has been able to recover some of the stolen money, while counter-laundering squads in the Philippines have been working to keep the money from being cleaned.

SWIFT of Belgium also indicated that it is helping to remedy the issue.

"SWIFT and the Central Bank of Bangladesh are working together to resolve an internal operational issue at the central bank," SWIFT stated. "SWIFT's core messaging services were not impacted by the issue and continued to work as normal."

The attacks began early last month. The hackers were able to exploit a vulnerability in the banking system and then sat seemingly dormant for weeks before they began to launch their assaults.

ⓒ 2018 All rights reserved. Do not reproduce without permission.
Real Time Analytics