Bangladesh $80 Million Bank Hack Blamed On $10 Second-Hand Routers


In March, hackers were found to have siphoned $80 million from the Central Bank of Bangladesh. If the hackers did not misspell a word in one of their attempted money transfers, they might not have been caught and would have stolen up to $1 billion.

An investigator on the case, which is already regarded as one of the biggest cyber crimes in the world, places much of the blame on the Central Bank of Bangladesh, which was found to have serious shortcomings in its security measures.

The bank was found to have no firewall, and in addition, used second-hand $10 routers on its computers connected to the SWIFT global payment network.

The lack of proper security made it easy for the hackers to break into the bank's systems and launch money transfers, said Mohammad Shah Alam, the head of the Bangladesh police's Forensic Training Institute.

The second-hand routers meant that basic security measures to filter out private and public network traffic were not implemented, with the cheap hardware also hindering the investigation into the matter. Cheap routers do not collect an ample amount of network data, which could be analyzed to track the hackers and their methods.

If the Central Bank of Bangladesh instead invested in proper routers costing hundreds of dollars each, then its systems would have been secure against such a cyberattack. The bank is at fault when it chose to use such cheap hardware, and it is now embroiled in an issue that would cost them millions, though thankfully not $1 billion as the hackers initially targeted.

The hackers were able to send five requests to the Federal Reserve Bank of New York to withdraw money from the reserves of Bangladesh, depositing more than $80 million in bank accounts located in the Philippines and Sri Lanka.

The fifth attempt, however, drew suspicion as the transfer was being made to a certain Shalika Fandation, which is a spelling error on the word "foundation." The foundation was then found to be a bogus one.

Most of the siphoned cash is yet to be recovered.

ⓒ 2018 All rights reserved. Do not reproduce without permission.
Real Time Analytics