Security & Fraud

Fed 'Lapse' Details Emerge In Bangladesh Bank Heist Case

News continues to circulate around the $101 Bangladesh bank heist that's been catching headlines for the past two weeks.

On Tuesday (March 22) officials in the Philippines reported that they have filed two criminal complaints against two businessmen believed to be the leaders of the heist that stole over $100 million from Bangladesh's Central Bank. Those named in the case are casino junket operators Weikang Xu and Kam Sin Wong, whom allegedly received a sum of money that was taken during the hacking.

As a result, the Philippines' Department of Justice has filed money laundering complaints against the individuals. This case has also involved the FBI, as that $101 million was stolen from the central bank's account with the New York Federal Reserve, which was eventually funneled into accounts in the Philippines and Sri Lanka.

Meanwhile, the Bangladesh bank has also officially hired a lawyer, reported Reuters, for a potential lawsuit against the New York Federal Reserve.

That news comes as a new report from Bloomberg suggests that the Federal Reserve Bank of New York had what's being referred to as a "major lapse" in catching up to what was happening when the money was being transferred into off-shore accounts, which delayed it from flagging any such transactions as suspicious.

This internal document that was reportedly seen by Bloomberg's team gives some insight into the Fed's plan to recover the stolen funds and what action it can take on the legal side. It also appears to show communication between the Fed and the central bank, which includes heightened security measures following the hacking.

Even before the hacking was publicly reported, the Fed reportedly blocked $850 million in transactions (30 transactions) because they lacked the necessary credentials. But after that? There were still five transactions that went through which were, according to the documents: "subsequently flagged for due diligence review."

“We view this as a major lapse on the part of FRB NY," the document obtained by Bloomberg reads. Bangladesh officials are reportedly bringing in legal support "to establish precise grounds of initiating lawsuit claiming recompense."

The Fed has not formally responded to the most recent reports.

Also on Tuesday came remarks from U.S. Congresswoman Carolyn Maloney who said she wanted an investigation into the cyber heist.

"We need a thorough investigation to determine how these criminals were able to manipulate the system so that banks and financial institutions can institute standards that will prevent hackers and cyber criminals from siphoning money out of accounts like those held at the New York Fed again," she said in a press statement.

The details of the breach that have been reported indicate that $81 million was taken from the New York Fed and stashed into a Philippines personal bank account. The remaining $20 million was routed to a Sri Lanka bank. Details released from a Bangladesh Bank official and an official of the Ministry of Finance say that unknown cybercriminals were involved in 35 transfer requests through the interbank SWIFT messaging system in February, which was then used to gain access to the funds using the codes. SWIFT uses a multilayered authentication process for financial institutions, which involves sending and receiving millions of messages each day between one another.

The government officials said whoever used the SWIFT transfer codes had the codes necessary to put in the request for payments during a weekend. As a result, Bangladesh’s finance minister has posed questions about the security standards in the country for their banking officials. He also questioned the Fed’s ability to detect an incident as irregular as this from occurring over the weekend.

The Fed announced it is working with Bangladesh to investigate the matter, but did confirm that its security systems have not been compromised. No one from the New York Fed has publicly commented on the matter, nor would anyone provide comment about if an event like this had occurred before.

The news of this breach officially broke in early March after the New York Fed was alerted with a series of payments instructions for a $1 billion transfer from the Bangladeshi account. That amount, of course, set off red flags. Those requests also asked to send funds into private accounts in the Philippines and Sri Lanka, and the Fed believes they also came from the Bangladeshi central bank’s servers in the country’s capital.

Because the bank was closed by then, the hacker was able to move around $100 million through the account, but the other $850 million was blocked as it set off a money laundering alert from the Fed. This was, of course, because the money was being requested into personal accounts and to the Philippines, nonetheless.

——————————

NEW PYMNTS STUDY: ACCELERATING THE REAL-TIME PAYMENTS DEMAND CURVE – NOVEMBER 2020

About: Accelerating The Real-Time Payments Demand Curve:What Banks Need To Know About What Consumers Want And Need, PYMNTS  examines consumers’ understanding of real-time payments and the methods they use for different types of payments. The report explores consumers’ interest in real-time payments and their willingness to switch to financial institutions that offer such capabilities.

TRENDING RIGHT NOW