Details about hacking Central Bank Bangladesh: a typo and a broken printer

The head of Bangladesh Central Bank Atiur Rahman [Atiur Rahman] resigned after in early February 2016, hackers managed to divert $ 81 million from the bank account of the Central Bank , which was at the disposal of the Federal Reserve Bank of the United States. At the same time, the government of Bangladesh learned about the incident not from the head of the Central Bank, but from the newspapers .

Daring Robbery

According to the senior managers who worked at the bank, to complete the operation, hackers first found vulnerability in protecting the internal network of the Central Bank of Bangladesh, tracked down and stole from there the keys and other data necessary for making transactions, and also studied the procedures of the bank. Judging by the comments hired by the bank to investigate the incident to the company FireEye Inc, spying software was installed on the computers of bank employees.
')
After that, hackers sent several dozen requests to the Federal Reserve Bank with orders to transfer millions of dollars from the Central Bank of Bangladesh to several accounts in the banks of the Philippines and Sri Lanka. In sum, for all requests, hackers tried to transfer almost a billion dollars to fake accounts.

Fatal mistake

Four requests of $ 81 million were successfully processed, sending money to the Philippines. Another request of $ 20 million was made to send money to an account in Sri Lanka. But in the last request, the hacker made a typo, and instead of transferring it to the Shalika Foundation, he tried to send them to the Shalika Fandation account. Due to an error, the intermediary bank of Deutsche Bank sent a request to the Central Bank of Bangladesh with a request to confirm the transaction.

The Federal Reserve Bank said that at about the same time a large number of unusually large transfers sent a signal to the bank’s security system, after which they also contacted the Central Bank of Bangladesh for confirmation.

As a result, $ 20 million going to Sri Lanka were returned, and hackers managed to transfer $ 81 million in Philippine banks further.

Printer problem

For employees of the central bank of Bangladesh, this story began with problems with the printer , which at night in automatic mode should print out operations carried out using the international SWIFT system. On Friday, February 5, the bank director discovered that transactions were not printed out, and the printer was not responding. He instructed the staff to deal with office equipment, and he went home, because Friday in Bangladesh is considered a day off.

On Saturday, when the director came to work, the problem did not dare - it turned out that the SWIFT terminal itself was not working. The error “A file is missing or changed” was displayed on the terminal. After the employees managed to reload the terminal and make it work, they found requests from the Federal Reserve Bank for 46 suspicious payment orders.

But since Saturday and Sunday were days off for the FRB, it was possible to contact bank officials only on Monday.

Results of the operation

The government of Bangladesh has accused the FBI of not suspecting suspicious operations on time. The Federal Reserve Bank responds to the allegations that the hackers did not break into their bank, the transactions were confirmed with real keys, and that the Federal Reserve Bank has been actively working with the Central Bank of Bangladesh since the incident.

The Philippines Entertainment and Gambling Administration joined in the investigation, since $ 81 million appears to have been transferred to the local casino accounts.