No firewall and $10 routers blamed in Bangladesh Bank heist

Rudimentary security procedures at Bangladesh Bank are being blamed for the massive online banking heist that saw the country's central bank lose $80 million in unathorised wire transfers.

2 comments

No firewall and $10 routers blamed in Bangladesh Bank heist

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

In early February hackers tried to transfer around $1 billion from Bangladesh Bank's account with the NY Fed, successfully stealing more than $80 million.

According to a report from Reuters, police investigating the attack say the central bank was vulnerable to hackers because it did not have a firewall and used second-hand, $10 routers to network computers connected to the Swift payment network.

Mohammad Shah Alam, head of the Forensic Training Institute of the Bangladesh police's criminal investigation department, told the newswire that the absence of a firewall and the use of cheap equipment was hampering attempts to trace the cash and apprehend the hackers behind the break in.

The police believe that both the bank and Swift were at fault for the lax security arrrangements, Alam said in an interview.

"It was their responsibility to point it out but we haven't found any evidence that they advised before the heist," he told Reuters in reference to Swift.

A spokesman for Bangladesh Bank said Swift officials told the bank to upgrade the switches only when their system engineers from Malaysia visited after the heist.

In the early days after the attack, officials at the central bank initially tried to divert the blame to the New York Federal Reserve, claiming a lapse in due diligence procedures that saw five of the fake wire transfers approved, while 30 other bogus transactions were blocked over the absence of beneficiary details.

Sponsored [Webinar] Banks and Credit Unions: How to Establish the Core Banking Blueprint

Comments: (2)

Hitesh Thakkar Technology Evangelist (Financial Technology) at SME - Fintech startups (APAC and Africa)

My experience with SWIFT infra setup does not accept the explanation of SWIFT statement of cheaper routers being used and needed upgrade.

SWIFT always advocated for secured setup and local technology agency ensure the same ( Atlease in India). 

Ketharaman Swaminathan Founder and CEO at GTM360 Marketing Solutions

@HiteshThakkar + 1, for more countries viz. Germany, UK, USA, where I've had personal experience with SWIFT infra setups. In fact, one of my past employers was a SWIFT partner and it was incumbent even upon us to reiterate SWIFT's stipulation for secure setups.

[Webinar] Using modern technology platforms to create an AI-driven bankFinextra Promoted[Webinar] Using modern technology platforms to create an AI-driven bank