This is a crazy story about some cyber criminals who went for it and kinda got away with it.
The first week of February earlier this year turned out to be a nightmare for the Bangladesh Bank, the Central Bank of Bangladesh and the financial lifeline of the country since 1971. In just two days, between February 5th and 6th, cyber criminals were able to make off with $101 million from the bank. They would have gotten more, another $20 million, but it barely managed to stay back with the Federal Reserve Bank of New York due to a mistake in the transferee’s spelling.
It all went down on a Friday of a holiday weekend in Bangladesh’s and the sophisticated cyber criminals were counting on the fact that even if there were minor hiccups, there wouldn’t be anyone around to double check or raise an alarm.
In a matter of hours, the hackers transferred $101 million to the Federal Reserve Bank of New York and then sent in dozens of requests to have this money transferred to several other accounts in the Philippines and Sri Lanka. Through these channels, the team of hackers – experts are now pegging them as probably some of the best organized out there – managed to transfer $81 million to various safe accounts.
The only reason the last $20 million transfer was held back because of a misspelling. The hackers spelled the word “foundation” in Shalika Foundation, an NGO in Sri Lanka, as “fandation” and the routing bank involved in the transaction, Deutsche Bank, held up the transfer in lieu of a green signal from Bangladesh Bank. Yet another chunk of the amount was saved when the bank in Sri Lanka stopped further transfer of the money and returned it. The money that reached the Philippines however, remains lost.
The $101 million that the hackers managed to whisk away from the Bangladesh Bank was only a small percentage of what was initially planned. A two-week stalking exercise had seen the criminals, but extremely skilled group of hackers, get into the computer system of the bank, deploying malware on the banks own servers. This malware was then put to work to make the transactions seem legitimate, which is why the Federal Reserve Bank of New York failed to see anything wrong in the money transfers.
So what was the original amount the hackers intended to whisk away? Initial reports peg the amount to be to the tune of $1 billion…Go big or go home.
In spite of the considerably large amounts involved, there was a considerable delay in any action on part of Bangladesh Bank, which is why most of the transferred amount managed to find its way into the hands of the hackers. The reason behind the delay was a printer problem and software glitch that engineers managed to set right only on February 6th, which is when bank authorities discovered the New York bank’s transaction details that were sent across.
The man at the center of the controversy, and the one who has paid a hefty price, is Atiur Rehman, who is considered the man who revamped the banking system of Bangladesh and has enjoyed a brilliant career, even bagging the tag of Central Banker of the Year in Asia.
Now, less than five months from his retirement, he has had to resign from his post as the country’s Central Bank Governor, for failing to inform the Bangladeshi government in time and then citing moral responsibility for the multimillion dollar heist.
“My family says I’ve done so much good work,” Rahman said. “Now this is what I am getting,” says a forlorn Rehman.
While we feel bad for Rehman, there’s always someone who has to take the fall and as of now the $80million is still out there somewhere.