Hackers stole $80 million from a central bank because it had $10 routers and no firewall

Jrs30

Level 11
Thread author
Verified
Honorary Member
Top Poster
Well-known
Feb 4, 2016
549
DHAKA (Reuters) - Bangladesh's central bank was vulnerable to hackers because it did not have a firewall and used second-hand, $10 switches to network computers connected to the SWIFT global payment network, an investigator into one of the world's biggest cyber heists said.

The shortcomings made it easier for hackers to break into the system earlier this year and attempt to siphon off nearly $1 billion using the bank's SWIFT credentials, said Mohammad Shah Alam, head of the Forensic Training Institute of the Bangladesh police's criminal investigation department.

"It could be difficult to hack if there was a firewall," Alam said.

The lack of sophisticated switches, which can cost several hundred dollars or more, also means it is difficult for investigators to figure out what the hackers did and where they might have been based, he added. The institute Alam heads includes a cyber crime division.

The police believe both the bank and SWIFT should take the blame for the oversight, Alam said in an interview.

"It was their responsibility to point it out but we haven't found any evidence that they advised before the heist," he said, referring to SWIFT.

A spokeswoman for Brussels-based SWIFT declined comment.

SWIFT has previously said the attack was related to an internal operational issue at Bangladesh Bank and that SWIFT's core messaging services were not compromised.

A spokesman for Bangladesh Bank said SWIFT officials advised the bank to upgrade the switches only when their system engineers from Malaysia visited after the heist.

"There might have been a deficiency in the system in the SWIFT room," said the spokesman, Subhankar Saha, confirming that the switch was old and needed to be upgraded.

"Two (SWIFT) engineers came and visited the bank after the heist and suggested to upgrade the system," Saha said.

Cyber criminals broke into the bank's systems and tried to make fraudulent transfers totalling $951 million from its account at the Federal Reserve Bank of New York in early February.

Most of the payments were blocked but $81 million was routed to accounts in the Philippines and diverted to casinos there. Most of those funds remain missing.

Another $20 million was sent to a company in Sri Lanka but the transfer was reversed because the hackers misspelled the name of the firm, raising a red flag at the routing bank.

The heist, which sent alarm bells ringing across the global financial system about cyber security, has turned into a global whodunit.

Bangladesh police said earlier this week it has identified 20 foreigners involved in the heist but they appear to be people who received some of the payments rather than those who initially stole the money. There is no clue to the identity of the hackers or who was behind the plot.

Lax Security

Bangladesh Bank has about 5,000 computers used by officials in different departments, Alam said.

The SWIFT room is roughly 12 feet by 8 feet, a window-less office located on the eight floor of the bank's annex building in Dhaka. There are four servers and four monitors in the room.

All transactions from the previous day are automatically printed on a printer in the room.

The SWIFT facility should have been walled off from the rest of the network. That could have been done if the bank had used the more expensive, "managed" switches, which allow engineers to create separate networks, Alam said.

Moreover, considering the importance of the room, the bank should have deployed staff to monitor activity round the clock, including weekends and holidays, he said.

Communications between the Fed and the Bangladesh central bank were hampered and the heist was discovered only after a delay because it happened between Feb 4 and 5, over the Bangladeshi weekend.
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Now we know the reason, not a deserving place to still maintain poor system without any improvement.

Firewall even the simplest one should be implement and configure properly, that's not so difficult at all. ;)
 

Entreri

Level 7
Verified
May 25, 2015
342
Not too surprising, these are third world countries. As a bank one of the priorities has to be IT security.

I wonder if they are running Windows...95?

Infecting is easy though, the weakest link being the human, email.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top