While the SWIFT interbank messaging service took its share of the blame in a report issued by a government-appointed committee investigating the hack of the central bank of Bangladesh that left $81 million AWOL, the more eye-catching detail is the suggestion that it may have been, in part, an inside job.
Mohammad Farashuddin, a former central banker who led the committee, definitely called out SWIFT and said it “could not escape blame” for the breach. Farashuddin claims that SWIFT exposed Bangladesh's network to the Web while installing equipment and software, though SWIFT denies that claim. However, Farashuddin also alluded to the possibility that central bank officials were aware of and in support of the massive bank breach.
That is, in and of itself, something of a surprise, since, earlier this month, Farashuddin said his committee found no evidence of insider involvement. On Monday (May 30), he said without elaborating that there were “some changes” regarding the possible involvement of Bangladesh Bank officials.
He said no more, and as of yet, the committee's findings are not public.
Subhankar Saha, a spokesman for Bangladesh Bank, said: “If anyone within the bank is found to be involved, we will take legal action as appropriate.”
Bangladesh Bank has already terminated two senior officials and transferred many others as a result of the robbery. The central bank's chief also resigned after taking moral responsibility.
As of yet, no arrests have happened.
Current operating theories on the hack include North Korea, which Farashuddin notes is tied to the malware used in the attack by forensic evidence.
North Korea has declined to comment on Farashuddin’s earlier claims. The Pakistani Embassy in Dhaka and the Pakistani Foreign Ministry didn’t respond to emails seeking comment (Pakistan is the other known location associated with the development of the malware used in the Bangladesh hack).