Breach, Threat Management, Data Security

Typo spells trouble for hackers, foils Bangladesh bank plot – UPDATE

A plot to steal up to $1 billion from Bangladesh's central bank by siphoning funds out of its U.S. Federal Reserve account was by and large foiled after a hacker's typo triggered an investigation, Reuters reported.

The hackers breached the Bangladesh bank's systems, stealing credentials needed to authorize payment transfers from the country's monetary reserves in the Federal Reserve Bank of New York to fraudulent accounts based in the Philippines and Sri Lanka. Before their plan was exposed, the perpetrators swindled the South Asian nation out of approximately $81 million between Feb. 4 and 5, but the damage could have been worse if not for a grammatical slip-up.

After the first four payment transfers were approved, routing bank Deutsche Bank became suspicious when the hackers requested funds be transferred to the imaginary “Shalika Fandation” [sic]. Confused by the misspelling of “Foundation,” Deutsche Bank sought clarification from Bangladesh's bank, which immediately stopped the fraudulent transaction. The Fed also separately alerted Bangladesh due to the anomalous number of payment instructions it had received.

Update: Citing Bangladesh bank officials, Reuters reported last Friday that the perpetrators installed malware in the bank's systems and silently lurked for likely weeks while lurking how to manipulate funds. The report also notes that the hackers appear to have stolen the bank's credentials for the SWIFT (Society for Worldwide Interbank Financial Telecommunications) messaging system, a network that banks around the world use to secure financial communications through a standardized system of codes.

Update Mar. 21: Reuters has further reported that the FBI met with Bangladesh police on Sunday, Mar. 20 to help investigate the criminal network behind the heist, which apparently involves suspects in six countries. Meanwhile, Bengali cybercrime expert Tanveer Hassan Zoha, who previously told reporters that he recognized three of the user names involved in the incident, was allegedly kidnapped last Thursday from a motorized rickshaw by unknown assailants, according to the expert's wife.

Finally, it was also reported that former Bangladesh finance secretary Fazle Kabir took over this past weekend as the head of the central bank following the resignation Atiur Rehman, who has been accused of withholding news of the bank heist from government officials.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.