Cybersecurity

Apparent cyberthieves used Bangladesh bank codes to get $100M from its Federal Reserve account

  •  
  •  
  •  
  • Print

Apparent cyberthieves took advantage of a disconnect between the work week in New York and the work week in Bangladesh to steal $100 million from the account held by the country’s central bank at the Federal Reserve Bank of New York.

However, it could have been worse: Unusually large transactions and a misspelling helped alert the New York Fed to the crime last month and at least one additional transfer that could have upped the total loss to nearly $1 billion was blocked, according to the Asia Times, Reuters and the Wall Street Journal (sub. req.) The articles rely on some unidentified sources for details about exactly what happened, but the basic facts of the huge theft were confirmed by multiple officials.

The Associated Press also has a story.

Of the $100 million transferred, it appears that only $80 million sent to the Philippines may still be missing: A $20 million transfer to the account of a non-governmental organization in Sri Lanka reportedly misspelled the NGO’s name, which resulted in a reversal of the transaction and recovery of those funds.

The huge heist is still being investigated to determine exactly what occurred and whether any Bangladesh Bank employees were involved. But malware installed by cybercriminals is suspected, the Reuters article says, and it seemingly was part of the plan that the transfers were requested on Friday, when Bangladesh Bank is closed for the weekend, the WSJ reports.

Officials at various banks are now pointing fingers at one another, with Bangladesh Bank blaming the New York Fed and the New York Fed saying that it is not to blame for processing “fully authenticated” transactions using standard protocols and the correct codes for Bangladesh’s central bank.

While declining further comment Thursday, the New York Fed said in a written statement provided to the WSJ on Tuesday, “To date, there is no evidence of any attempt to penetrate Federal Reserve systems in connection with the payments in question, and there is no evidence that any Fed systems were compromised.”

The statement also promises continued assistance by the Fed in working with Bangladesh Bank to address the incident.

Cyberthieves have been stealing large amounts from businesses, including big corporations, law firms and their clients in recent years, sometimes impersonating legitimate individuals online to perpetrate hacking schemes, as earlier ABAJournal.com stories have reported:

Lawyers and clients beware: Spoof phone calls may direct funds to scammers

Hackers are stealing closing funds by intercepting lawyer-client email, experts say

Red flag in email scams: ‘Have you already been contacted by (insert lawyer name)?’

Give us feedback, share a story tip or update, or report an error.