Security & Fraud

IT Technicians May Have Helped Bangladesh Bank Hackers

A Bangladesh police deputy inspector general investigating the theft of $81 million from the Bangladesh central bank is focusing his investigation on some of the information technology technicians at the bank.

According to a report by Reuters, the investigator, Mohammad Shah Alam, suspects some of the IT technicians hooked up the central bank’s transaction system to the public internet, which paved the way for the hackers to get in. The investigator, in a series of interviews during December, disclosed his hunch in details discussing how insiders at Bangladesh Bank could have helped the bad guys in the massive cyberattack and theft. Alam said he was looking into why a password token that protects the SWIFT international transactions network was left in the SWIFT server for a few months before the theft. That password token is required to be removed and locked in a vault each day. By leaving the token in the server, the hackers could get in without anyone knowing to infect it with malware and then do the fake transfer, noted the report.

The report noted that Alam said, based on the investigation, central bank IT staffers were likely providing insider help to the hackers. When asked if he has any proof, Alam responded by saying: “There were a number of other things, which, if the Bangladesh Bank people had not done, the hacking would not have been possible.” By linking the SWIFT network to the public internet, which Alam contends the IT workers did last year, it made a very secure network accessible to any computer outside of the network.

Earlier this month, Alam told Reuters he had solid leads into who was behind the cyberattack and that some Bangladesh central bank officials are believed to have purposely exposed the financial institution’s computer systems, which enabled hackers to pull off what’s considered to be the largest bank heist in history. Now, Alam is expanding that to say it was IT workers.


Featured PYMNTS Study: 

With eyes on lowering costs to improving cash flow, 85 percent of U.S. firms plan to make real-time payments integral to their operations within three years. However, some firms still feel technical barriers stand in the way. In the January 2020 Making Real-Time Payments A Reality Study, PYMNTS surveyed more than 500 financial executives to examine what it will take to channel RTP interest into real-world adoption. Here’s what we learned.

Click to comment