Rudimentary security procedures at Bangladesh Bank are being blamed for the massive online banking heist that saw the country's central bank lose $80 million in unathorised wire transfers.
In early February hackers tried to transfer around $1 billion from Bangladesh Bank's account with the NY Fed, successfully stealing more than $80 million.
According to a report from Reuters, police investigating the attack say the central bank was vulnerable to hackers because it did not have a firewall and used second-hand, $10 routers to network computers connected to the Swift payment network.
Mohammad Shah Alam, head of the Forensic Training Institute of the Bangladesh police's criminal investigation department, told the newswire that the absence of a firewall and the use of cheap equipment was hampering attempts to trace the cash and apprehend the hackers behind the break in.
The police believe that both the bank and Swift were at fault for the lax security arrrangements, Alam said in an interview.
"It was their responsibility to point it out but we haven't found any evidence that they advised before the heist," he told Reuters in reference to Swift.
A spokesman for Bangladesh Bank said Swift officials told the bank to upgrade the switches only when their system engineers from Malaysia visited after the heist.
In the early days after the attack, officials at the central bank initially tried to divert the blame to the New York Federal Reserve, claiming a lapse in due diligence procedures that saw five of the fake wire transfers approved, while 30 other bogus transactions were blocked over the absence of beneficiary details.