Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Crime Security The Almighty Buck

How Cybercriminals Almost Stole $1 Billion From Bangladesh's National Bank (bbc.com) 49

Posted by EditorDavid from the breaching-banks dept.
"In 2016 North Korean hackers planned a $1bn raid on Bangladesh's national bank," reports the BBC, "and came within an inch of success — it was only by a fluke that all but $81m of the transfers were halted, report Geoff White and Jean H Lee...

"It all started with a malfunctioning printer..." It was located inside a highly secure room on the 10th floor of the bank's main office in Dhaka, the capital. Its job was to print out records of the multi-million-dollar transfers flowing in and out of the bank. When staff found it wasn't working, at 08:45 on Friday 5 February 2016, "we assumed it was a common problem just like any other day," duty manager Zubair Bin Huda later told police. "Such glitches had happened before." In fact, this was the first indication that Bangladesh Bank was in a lot of trouble. Hackers had broken into its computer networks, and at that very moment were carrying out the most audacious cyber-attack ever attempted. Their goal: to steal a billion dollars.

To spirit the money away, the gang behind the heist would use fake bank accounts, charities, casinos and a wide network of accomplices.... When the bank's staff rebooted the printer, they got some very worrying news. Spilling out of it were urgent messages from the Federal Reserve Bank in New York — the "Fed" — where Bangladesh keeps a US-dollar account. The Fed had received instructions, apparently from Bangladesh Bank, to drain the entire account — close to a billion dollars. The Bangladeshis tried to contact the Fed for clarification, but thanks to the hackers' very careful timing, they couldn't get through... The bank's HQ in Dhaka was beginning two days off. And when the Bangladeshis began to uncover the theft on Saturday, it was already the weekend in New York... And the hackers had another trick up their sleeve to buy even more time. Once they had transferred the money out of the Fed, they needed to send it somewhere. So they wired it to accounts they'd set up in Manila, the capital of the Philippines. And in 2016, Monday 8 February was the first day of the Lunar New Year, a national holiday across Asia...

They had had plenty of time to plan all of this, because it turns out the Lazarus Group had been lurking inside Bangladesh Bank's computer systems for a year... Once inside the bank's systems, Lazarus Group began stealthily hopping from computer to computer, working their way towards the digital vaults and the billions of dollars they contained... But they still had one final hurdle to clear — the printer on the 10th floor. Bangladesh Bank had created a paper back-up system to record all transfers made from its accounts. This record of transactions risked exposing the hackers' work instantly. And so they hacked into the software controlling it and took it out of action.

With their tracks covered, at 20:36 on Thursday 4 February 2016, the hackers began making their transfers — 35 in all, totalling $951m, almost the entire contents of Bangladesh Bank's New York Fed account.
There's more to the story — it's a whole episode on a 10-episode BBC World Service podcast which they're calling an example of "the new front line in a global battleground: a murky nexus of crime, espionage and nation-state power-mongering. And it's growing fast."

The story has a surprise ending — but alongo the way, the BBC's article points out that the consequences for the bank's governor were almost instant. "He was asked to resign," says U.S.-based cyber-security expert Rakesh Asthana. "I never saw him again."
This discussion has been archived. No new comments can be posted.

How Cybercriminals Almost Stole $1 Billion From Bangladesh's National Bank More

How Cybercriminals Almost Stole $1 Billion From Bangladesh's National Bank

Comments Filter:

  • Very Interesting Series (Score:3)

    by MJL0624 ( 6881060 ) on Monday June 21, 2021 @08:45AM (#61506196)
    I stumbled onto this podcast after having listened to the Darknet Diaries episode(s? - I cant remember) on this topic and found it very fascinating. The initial episodes covered much of the same stuff as DD did, but they also go on some tangents and indepth in different places ... especially in the later episodes of the series. Its well worth a listen I think.

  • from Bangladesh's National Bank and almost stole $1 Billion

    • Re: (Score:3)

      by MrL0G1C ( 867445 )

      all but $81m of the transfers were halted

      If that's literally what happened then there was only $81 left, the summary does state that hackers took $951 million from Bangladesh Bank's New York Fed account.

      It sounds like they got away with it. There's probably some NK hackers with a ton of crypto currencies right now.

      • Re:So really: How Cybercriminals Stole $81 Million (Score:5, Informative)

        by ShanghaiBill ( 739463 ) on Monday June 21, 2021 @10:23AM (#61506496)

        If that's literally what happened, then there was only $81 left, the summary does state that hackers took $951 million

        There were 35 transfers totaling $951 million. 30 of the 35 were stopped before they could complete. So $81M was transferred to accounts in Manila. $18M of that was later recovered. So the net take was $63M.

        There's probably some NK hackers ...

        Perhaps, but these people had too much knowledge of internal operations. They knew about the protocols for verifying transactions. They know about a specific printer and how it operated.

        This was an inside job.

        • In that case you better alert the authorities of your brilliant dedication.

          • In that case you better alert the authorities of your brilliant dedication.

            No need. The authorities are well aware that insiders were likely involved.

            From Wikipedia [wikipedia.org]: "the perpetrators were suspected to have been aided by insiders within the targeted banks, who assisted in taking advantage of weaknesses in the banks' access to the SWIFT global payment network."

        • Working in the digital forensic space, many, many, many, many, (i'll say it again) many, corporations still have networks where once you're inside, you're trusted. This means easy access to e-mails. You'd be surprised how much detail about a company's infrastructure, operations, organization, supply chains, points of vulnerability that you can gather just by reading employee e-mails. People send diagrams all over the place, ask questions about systems, ask about product purchases, have invoices, account num

        • This was an inside job.
          Or just a clever IP address scan from a random compromised computer in the network.

        • But don't talk about it being an inside job or you might go missing for a few days

          Tanveer Missing [livemint.com]

  • $81 Million Dollars... (Score:4, Interesting)

    by dark.nebulae ( 3950923 ) on Monday June 21, 2021 @09:22AM (#61506306)

    They only got away with 81m? Seriously? That's the line you want to go with?

    Me, I'd be happy with just 1m, let alone 81m...

  • That took great patience. They were in the network for a year... are they already in yours?
  • Back in the day a Billion Dollar goal with an $81m take would be a Michael Mann movie worthy of Heat.

    Nowadays it's just a bunch of nerds sitting in front of screens for a year.

    And it's getting worse. Covid is killing the raw material for heist movies and the criminals are working from home.
    • Is that the movie where the criminals didn't realize $1B $100 bills would weigh 22,000 pounds and for a little movie humor their getaway vehicle of choice was a Chevy Nova?

  • In other news... (Score:4, Interesting)

    by RogueWarrior65 ( 678876 ) on Monday June 21, 2021 @10:00AM (#61506434)

    Bangladesh has a billion dollars in the bank.

    • Bangladesh has a billion dollars in the bank.

      Why wouldn't it? It's the national bank of a country with 163million people. It sounds like a lot to you but compare it to a western equivalent of says Deutche Bank, less than half the population, but with 1300x the amount of assets.

    • Bangladesh has foreign exchange reserves of $45B currently, in 2016 they were between just below and just above $30B . Not surprising as Bangladesh has one of the largest expat populations in the world and a large chunk of that will send money in dollars back home. For comparison with neighbouring countries, Pakistan has reserves of $23B and India has reserves of $600B
    • They cant print dollars on demand so yes they need to have money in the bank

  • The Fed should have caught this (Score:3)

    by Ecuador ( 740021 ) on Monday June 21, 2021 @10:56AM (#61506598) Homepage

    The Fed should have caught this. Most regular banks have systems detecting unexpected behaviour, contacting you before giving permission, and the Fed is not a regular bank, they are supposed to be more careful. And yet, they would let through orders to empty-out a $1 billion account to various entities unquestioned. Per the article, the only reason not the full $1 billion was transferred was that the target bank of the transactions contained "Jupiter street" as an address and there was an automatic filter searching for the reference "Jupiter" due to a similarly named Iranian ship.
    So the Fed will stop your transactions if your bank's address contains any random irrelevant word they have on a list, including ship names, but will happily process $1billion of what seems like an obvious scam pattern.

  • Hackers stole $81m?

  • Paper systems worked before before there ever was a computer, electronics and VoIP. A system architect, Fx Manager or CPA specified a hard copy backup which turns out saved Bangladeshi bank millions almost billion.

    Great lesson analog teaches in a post digital world

  • On a much smaller scale, I witnessed something similar happen to one of my coworkers.

    One morning she called me in a panic. Her inbox was being innundated by spam. I'd never seen anything like it. Literally one message per second or more at times. And they were coming from all over like a DDOS. A hacker had used a malicious service to subscribe her to every conceivable mailing list on the planet, so she started getting tons of messages. We didnt give it much thought, because we were in the middle of investigating a string of vulgar, sexually inappropriate emails that appeared to be coming in to her and another lady with insider info that only a coworker would know. In the moment, we chalked it up to that suspected pervert ex-employee taking the harassment to the next level.

    Later that day, I heard back from her again. It turns out somebody had hacked her account and had harvested enough info about her bank to do a password reset and transfer almost all of the money out of her bank. The emails were a smoke screen so that she hopefully wouldnt notice the password reset email come through. And it worked. The reset message scrolled right by and she never saw it due to the confusion. She found it after talking to her bank after finding out she suddenly had no money in her checking account to buy lunch.

    I'm not sure if she ever got her money back. But I found out she lost her new dream home. They were in the middle of closing when it happened. When the finance company saw the attack during the final credit check, they immediately halted the sale because as far as they could see, she had just emptied her bank accounts, making her a risk.

    People suck.

    • I'm not sure if she ever got her money back. But I found out she lost her new dream home. They were in the middle of closing when it happened. When the finance company saw the attack during the final credit check, they immediately halted the sale because as far as they could see, she had just emptied her bank accounts, making her a risk.

      She should try again, especially if this happened in the USA. All the signs I'm seeing point to a complete return to the bad old days of the housing bubble, which makes me suspect that banks are up to their old tricks of not asking too many questions of people who borrow money for homes.

    • hen the finance company saw the attack during the final credit check, they immediately halted the sale because as far as they could see, she had just emptied her bank accounts, making her a risk.
      How is this possible?
      How can a financing company have access to your bank account(s)?

      • hen the finance company saw the attack during the final credit check, they immediately halted the sale because as far as they could see, she had just emptied her bank accounts, making her a risk.
        How is this possible?
        How can a financing company have access to your bank account(s)?

        During closing, I believe they can do basic verification of funds to verify liquidity as part of the final checks. ("can you confirm she has $X in the bank) I know we had the option of disclosing our cash on hand when we did our mortgage and were told it cannot fall below that until after closing. (So dont go out buying lots of stuff for the new house until afterward) Or possibly it red flagged her credit. Not sure.

  • ...and "Alongo" was its name-o.

Slashdot Top Deals

He has not acquired a fortune; the fortune has acquired him. -- Bion

Close