Investigators suspect unknown hackers installed malware in the Bangladesh central bank’s computer systems and watched, probably for weeks, for how to go about withdrawing money from its US account, two bank officials briefed on the matter said on Friday.
More than one month after hackers breached Bangladesh Bank’s systems and attempted to steal nearly US$1 billion from its account at the Federal Reserve Bank of New York, cybersecurity experts are trying to find out how the hackers got in.
FireEye’s Mandiant forensics division is helping investigate the cyberheist, which netted hackers more than US$80 million before it was uncovered.
The hackers appeared to have stolen Bangladesh Bank’s credentials for the Society for Worldwide Interbank Financial Telecommunication (SWIFT) messaging system, which banks around the world use for secure financial communication.
In a statement on Friday, Belgium-based SWIFT said: “SWIFT and the central bank of Bangladesh are working together to resolve an internal operational issue at the central bank. SWIFT’s core messaging services were not impacted by the issue and continued to work as normal.”
Banks and other businesses are eager to learn more about how the central bank was compromised so they can review their own networks for signs that they are vulnerable to similar attacks or might already have been breached, security professionals and bank executives told reporters.
The incident could prompt central banks worldwide to beef up security and regulate financial institutions more tightly to prevent similar attacks, cybersecurity firm Seculert chief technology officer Aviv Raff said.
“If banks are not better regulated this will for sure happen again,” Raff said.
Investigators suspect that malicious software code, often referred to as malware, which allowed hackers to learn how to withdraw the money, could have been installed several weeks before the incident, which took place between Feb. 4 and Feb. 5, Bangladesh Bank officials briefed on the matter said.
Investigators believe the attack was sophisticated, describing the use of a “zero-day” and referring to an “advanced persistent threat,” the officials said.
A zero-day is a vulnerability in software that has yet to be identified or patched.
This makes it easier for hackers to infect a targeted computer without the victim’s knowledge, even if it is protected with security software.
Advanced persistent threat refers to long-term attacks where hackers remain inside a network for months or even years.
Security experts said they hope samples of the malware will be made available to researchers so they can determine whether they are truly advanced, or if Bangladesh Bank’s security protections were not strong enough to block the attack.
“The next piece of the puzzle that will likely emerge is a sample of the malware and/or if a true zero-day vulnerability was used,” cybersecurity firm Optiv consultant Jeff Wichman said.
The Bangladesh Bank officials acknowledged weaknesses in their systems and said it could take two years or more to repair the problems.
Wichman said he suspects one of the tools was a customized version of a common piece of malware known as a “remote access trojan,” or RAT, which gives attackers the ability to gain remote control of a victim’s computer.
So far investigators have not found any proof that central bank staff in Bangladesh were involved, one of the officials said, but said the probe was continuing.
The New York Federal Reserve, which provides banking services to about 250 central banks and other institutions, has said that its systems were not compromised.
Bangladesh Bank had billions of US dollars in its current account, which it used for international settlements, officials have said.
The stolen money made its way to various parts of the world.
About US$80 million are believed to have ended in the Philippines, further diverted to casinos and then to Hong Kong, according to bank officials.
One US$20 million transaction was directed to a nonprofit organization in Sri Lanka.
However, the unusually large transaction for the island nation and a misspelling of the organization’s name raised red flags that helped to bring the robbery to light.
The transaction was blocked, as was another huge payment instruction that was for between US$850 million and US$870 million.
CONFRONTATION: The water cannon attack was the second this month on the Philippine supply boat ‘Unaizah May 4,’ after an incident on March 5 The China Coast Guard yesterday morning blocked a Philippine supply vessel and damaged it with water cannons near a reef off the Southeast Asian country, the Philippines said. The Philippine military released video of what it said was a nearly hour-long attack off the Second Thomas Shoal (Renai Shoal, 仁愛暗沙) in the contested South China Sea, where Chinese ships have unleashed water cannons and collided with Philippine vessels in similar standoffs in the past few months. The China Coast Guard and other vessels “once again harassed, blocked, deployed water cannons, and executed dangerous maneuvers” against a routine rotation and resupply mission to
GLOBAL COMBAT AIR PROGRAM: The potential purchasers would be limited to the 15 nations with which Tokyo has signed defense partnership and equipment transfer deals Japan’s Cabinet yesterday approved a plan to sell future next-generation fighter jets that it is developing with the UK and Italy to other nations, in the latest move away from the country’s post-World War II pacifist principles. The contentious decision to allow international arms sales is expected to help secure Japan’s role in the joint fighter jet project, and is part of a move to build up the Japanese arms industry and bolster its role in global security. The Cabinet also endorsed a revision to Japan’s arms equipment and technology transfer guidelines to allow coproduced lethal weapons to be sold to nations
Thousands of devotees, some in a state of trance, gathered at a Buddhist temple on the outskirts of Bangkok renowned for sacred tattoos known as Sak Yant, paying their respects to a revered monk who mastered the practice and seeking purification. The gathering at Wat Bang Phra Buddhist temple is part of a Thai Wai Khru ritual in which devotees pay homage to Luang Phor Pern, the temple’s formal abbot, who died in 2002. He had a reputation for refining and popularizing the temple’s Sak Yant tattoo style. The idea that tattoos confer magical powers has existed in many parts of Asia
ON ALERT: A Russian cruise missile crossed into Polish airspace for about 40 seconds, the Polish military said, adding that it is constantly monitoring the war to protect its airspace Ukraine’s capital, Kyiv, and the western region of Lviv early yesterday came under a “massive” Russian air attack, officials said, while a Russian cruise missile breached Polish airspace, the Polish military said. Russia and Ukraine have been engaged in a series of deadly aerial attacks, with yesterday’s strikes coming a day after the Russian military said it had seized the Ukrainian village of Ivanivske, west of Bakhmut. A militant attack on a Moscow concert hall on Friday that killed at least 133 people also became a new flash point between the two archrivals. “Explosions in the capital. Air defense is working. Do not