A typo helped prevent a group of hackers from successfully stealing one billion dollars during a bank heist that occurred last month. In the heist, a group of attackers infiltrated Bangladesh Bank's systems and made off with the credentials necessary for making payment transfers, reports Reuters.
Bangladesh Bank The hackers subsequently abused those credentials by making nearly three dozen requests of the Federal Reserve Bank of New York, at which Bangladesh Bank stores billions of dollars, to move approximately one billion dollars out of the bank's account to entities in the Philippines and Sri Lanka. Four requests totaling approximately $81 million made it through to the Philippines, but a fifth transfer of $20 million was held up by a routing bank, Deutsche Bank, when the hackers misspelled "foundation" in the name of the transfer's destination, an NGO called "Shalika Foundation." Reuters has determined that there is no organization named "Shalika Foundation" listed under Sri Lanka's list of registered non-profits. Deutsche Bank contacted Bangladesh Bank for clarification, which prompted the latter to terminate the transfer. At the same time, the Fed became suspicious of other transfers involved in the heist when it noticed that all of the requests were bound to private entities and not banks. It therefore alerted Bangladesh Bank and worked with the financial organization to stop a series of transactions totaling $850 million to $870 million. Currently, the identities of the hackers are unknown. Bangladesh Bank is hoping to recover the $81 million stolen from its accounts, but even if it is reimbursed for the theft, it said that it would take months before it would see the money again. To try and recover some of the lost monies, officials with the Bangladesh government have stated that they might sue the Fed.
“The Fed had the responsibility to keep the money safe,” said Shamim Ahamad, the press minister at the American Bangladesh Embassy, as quoted by TechWorm. “We are suspecting that Chinese hackers have done it.”
In the meantime, the Federal Reserve maintains that its systems were not compromised. News of this heist comes approximately one year after the Carbanak hacker group stole approximately one billion dollars from a collective of 30 financial institutions.
Financial Services Cybersecurity Regulations
Learn how Tripwire's strategies bolster cybersecurity in the financial sector. Facing heightened risks, financial organizations can benefit from Tripwire's expertise in security configuration management and file integrity monitoring, ensuring compliance with critical regulations and safeguarding sensitive data.