To steal $ 81 million from the Central Bank of Bangladesh was possible thanks to switches for $ 10 and the lack of software protection network

In early February 2016, the attackers managed to steal $ 81 million from the bank account of the Central Bank of the country. This account was (and is) at the disposal of the US Federal Reserve Bank. As reported , hacking took place in several stages. At the first stage, hackers found a vulnerability in protecting the internal network of the Central Bank of Bangladesh and stole all the information necessary for authorization during transactions. This information was obtained using Trojans installed on the organization’s PCs.

As a result, hackers sent dozens of requests to the Federal Reserve Bank, with instructions to transfer funds from the Central Bank of Bangladesh account to the accounts of intruders. It was originally planned to divert funds by about $ 1 billion, but because of a typo, it turned out to transfer “only” $ 81 million. But how did hackers penetrate the central bank network of Bangladesh? It turns out that in this situation the bank can only blame itself - the network switches at the price of $ 10, purchased by the organization earlier, let down. Savings should be economical, but it does not seem to be the case.

Network equipment was also not new, but used. Usually, switches and other network equipment worth hundreds of dollars are installed to protect the network, such devices usually provide network hardware protection, in addition to software protection systems. The software necessary to protect the PC (firewalls) was not installed. It turned out, as in the saying, where the "miser pays" twice. Saving on hardware and software, the bank left its network virtually unprotected. Therefore, hackers easily managed to execute the planned attack by installing malicious software on the computers of employees of the Central Bank of Bangladesh. These PCs were connected to the global SWIFT payment system, so the hackers killed two birds with one stone - they received the necessary data for the transactions, and also took control of the transactions in the SWIFT system.
')
Information security specialists from BAE Systems report that the software used by the attackers made it possible to manipulate the SWIFT customer account management system. At the same time, hackers managed to wipe the traces of unauthorized transactions, hiding these operations until the moment money was withdrawn to the accounts.

Representatives of SWIFT have already announced a planned update of the system, which will occur on April 25. The update will improve customer security, as well as identify inconsistencies in local databases.