Story of the Biggest Cyber Heist
From this week on, I am going to talk about some of the biggest cyber heists in the history and how it was planned and carried out, lessons learnt in next few articles. This week, I am going to talk about the how one of the biggest ever planned cyber heist from one of the banks in Bangladesh was carried out, the amount that was planned to be looted was close to a whopping one billion American dollars and was saved to some extent by a spelling mistake and impatience shown by the cyber criminals.
Some facts about this case : Bangladesh Bank cyber heist, was a theft that took place in February 2016. Thirty-five fraudulent instructions were issued by hackers via the SWIFT network to illegally transfer close to US$1 billion from the Federal Reserve Bank of New York account belonging to Bangladesh Bank, the central bank of Bangladesh. Five of the thirty-five fraudulent instructions were successful in transferring US$101 million, with US$81 million traced to the Philippines and US$20 million to Sri Lanka. The Federal Reserve Bank of New York blocked the remaining thirty transactions, amounting to US$850 million, due to suspicions raised by a misspelled instruction As of 2018, only around US$18 million of the US$81 million transferred to the Philippines has been recovered, and all the money transferred to Sri Lanka has since been recovered. Most of the money transferred to the Philippines went to four personal accounts, held by single individuals, and not to companies or corporations.
Modus Operendi of Cyber Heist :
The attack was meticulously calculated, beginning a year before with emails containing malware was sent to many employees of the bank, in the guise of a job seeker. one of the employees opened the email and got his computer infected. The cyber criminals traversed through the Bank’s computer network from the infected computer, till they reached the computer issuing SWIFT orders for transferring money internationally between banks. They also opened bank accounts in Malaysia and Srilanka and waited for the Chinese new year long weekend when the banks in Malaysia are closed for 3 days and used the time zone differences involved to get sufficient time for the theft. They also disabled the printer which prints the swift transactions for manual verification on the day of the attack to delay the detection of fraud. Just after the bank closue hours on Thursday, the cyber criminals sent 35 fraudulant SWIFT transfer requests to the US Federal bank for transfer of 951 US dollars from Bangladesh to banks located in Malaysia and Srilanka. Fed transferred only 20 million American dollars to Srilanka as the other related SWIFT requests as the hackers had misspelled “Foundation” as “Fundation” in them. FED transferred only US$101 million to Malaysian bank as the other SWIFT transfer requests had been suspended for further clarification, which was sought on mail, which the hackers missed as they did not wait wait long enough for the transactions to complete. Due to Chinese new year holidays, the frantic requests by the Bangladesh bank officials to stop further transfers and payments to the Malaysian bank officials went unheard of. This money was laundered through casinos and some later transferred to Hong Kong. It is suspected that the Lazarus group, a North Korean state-sponsored hacking group with a history of engaging in cyber espionage activities was behind this cyber heist.
Some of the lessons learnt from this Cyber Heist and corrections introduced include :
- SWIFT organization introduced significant reforms and security enhancements to its messaging system to prevent future cyberattacks.
- In the wake of the heist, the financial industry, including central banks and commercial banks, began to invest significantly in strengthening their cybersecurity measures. This included the adoption of multi-factor authentication, improved intrusion detection systems, and more vigilant monitoring.