No firewall and $10 routers blamed in Bangladesh Bank heist

No firewall and $10 routers blamed in Bangladesh Bank heist

Rudimentary security procedures at Bangladesh Bank are being blamed for the massive online banking heist that saw the country's central bank lose $80 million in unathorised wire transfers.

In early February hackers tried to transfer around $1 billion from Bangladesh Bank's account with the NY Fed, successfully stealing more than $80 million.

According to a report from Reuters, police investigating the attack say the central bank was vulnerable to hackers because it did not have a firewall and used second-hand, $10 routers to network computers connected to the Swift payment network.

Mohammad Shah Alam, head of the Forensic Training Institute of the Bangladesh police's criminal investigation department, told the newswire that the absence of a firewall and the use of cheap equipment was hampering attempts to trace the cash and apprehend the hackers behind the break in.

The police believe that both the bank and Swift were at fault for the lax security arrrangements, Alam said in an interview.

"It was their responsibility to point it out but we haven't found any evidence that they advised before the heist," he told Reuters in reference to Swift.

A spokesman for Bangladesh Bank said Swift officials told the bank to upgrade the switches only when their system engineers from Malaysia visited after the heist.

In the early days after the attack, officials at the central bank initially tried to divert the blame to the New York Federal Reserve, claiming a lapse in due diligence procedures that saw five of the fake wire transfers approved, while 30 other bogus transactions were blocked over the absence of beneficiary details.

Comments: (2)

Hitesh Thakkar
Hitesh Thakkar - SME - Fintech startups (APAC and Africa) - India 22 April, 2016, 16:52Be the first to give this comment the thumbs up 0 likes

My experience with SWIFT infra setup does not accept the explanation of SWIFT statement of cheaper routers being used and needed upgrade.

SWIFT always advocated for secured setup and local technology agency ensure the same ( Atlease in India). 

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 22 April, 2016, 19:041 like 1 like

@HiteshThakkar + 1, for more countries viz. Germany, UK, USA, where I've had personal experience with SWIFT infra setups. In fact, one of my past employers was a SWIFT partner and it was incumbent even upon us to reiterate SWIFT's stipulation for secure setups.