Instead of blaming the US Federal Reserve after $101 million went missing, Bangladesh should look in the mirror.
That’s the conclusion of cyber security experts after a breach that saw funds from Bangladesh's account at the New York Fed transferred to the Philippines and beyond. Attempts to withdraw another $850 million were foiled in part because the hackers misspelled the name of one of the recipients.
"Relying on poor spelling should not be a security policy," Andrey Dulkin, a senior director at CyberArk, a Jerusalem-based cyber security company, said in an e-mail. "If the Bangladesh Bank had been monitoring the activity of these accounts, it could've quickly identified the anomalous behaviour and not have been completely reliant" on third parties to flag suspicious activity, he said.
Bangladesh Finance Minister Abul Maal Abdul Muhith has lashed out at the Fed and his own central bank as the government leads a multi-country effort to retrieve the funds. Last week he accused the Fed of "irregularities" that led to the unauthorised money transfer and promised a legal battle. On Sunday, he called Bangladesh Bank's handling of the situation "very incompetent."
'Quite shocking'
There's little dispute that Bangladesh could've done more to prevent a bold heist that is turning into a cautionary tale for central banks around the globe. The issue is particularly urgent for developing countries like Bangladesh that have seen growth rates and foreign reserves jump in recent years.
"All central banks have since looked into their systems," Sri Lanka central bank Governor Arjuna Mahendran said in an interview with Bloomberg Television in Singapore on Tuesday. "The messaging system with the Fed is under scrutiny. The key is people. They get lazy, they develop bad habits."
Bangladesh should be "very concerned" about the risk of copy-cat attacks, said Victor Keong, a partner at consultant Deloitte Touche Tohmatsu Ltd. in Singapore.
"It is quite shocking," Keong said. "If a central bank can have such lapses – and it is the regulator – then those it regulates might not be so well protected."
While countries like Singapore, South Korea and Japan have introduced coherent cyber policies to protect their institutions, nations including Thailand and the Philippines needed to improve their defenses, according to 2015 rankings on "cyber maturity" published by the Canberra-based Australian Strategic Policy Institute, known as ASPI. Bangladesh, absent from the ranking in 2015, will be included this year.
Finger wagging
"It is interesting that the Bangladeshi government came and finger wagged at the Fed to deflect attention from their own bank," said Tobias Feakin, director of the national security program at ASPI.
The US, Canada, Norway, Brazil and Germany rank among the highest in a Global Cybersecurity Index published by ABI Research and the International Telecommunication Union. Toward the bottom are smaller less developed economies, including Cambodia, Cuba and Honduras.
A Fed spokeswoman said last week that instructions to make payments from the Bangladesh central bank's account followed protocol and were authenticated by the SWIFT codes system commonly used for international transactions. There were no signs the Fed's systems were hacked, she said.
'Weakest link’
Malicious software code, known as malware, had been introduced into the bank's systems in January without the knowledge of the bank's information systems staff, according to an official familiar with the Bangladesh Bank investigation. The hackers struck the systems on Feb 4, said the official, who declined to be named because he's not authorised to speak about the probe.
"We don't know how the malware got into the system, but there seemed already to be high-level understanding of how this bank operated and information about the people going in and out," said Feakin from ASPI. "With cyber, it will always be the case of targeting the weakest link."
Bangladesh Bank is investigating eight officials who carry out foreign exchange transactions by rotation, according to a Finance Ministry official who asked not to be identified because he's not authorised to speak about the probe. Some of the officials found the central bank's computer systems inoperative a day after the theft, but didn't immediately inform their supervisors, the official said.
Forensic team
Bangladesh Bank said the integration of all modern protection systems on its information technology platform to prevent future cyber attacks "was progressing fast."
Subhankar Saha, a spokesman for Bangladesh Bank, said it had no comment on the Finance Minister's remarks accusing it of incompetence. The central bank has set up a forensic team led by Rakesh Asthana, chief executive officer of World Informatix, a Virginia-based cyber security company. The bank also hired Mandiant, a unit of US-based cyber security firm FireEye Inc.
"Asia’s financial institutions face increasingly sophisticated cyber threat actors, and most need to improve their capabilities in order to better protect their systems," said Bryce Boland, chief technology officer for Asia Pacific at FireEye.
‘Bigger targets’
The Philippines is also helping out following reports that the money ended up in Manila. Authorities are preparing charges and hope to return some of the stolen cash, Teresita Herbosa, the chairman of the Securities and Exchange Commission, told reporters in Manila on Monday.
In order to carry out the attack on the central bank, hackers would've had to target Bangladesh Bank system administrators and application accounts that would enable an attacker to operate inside its network and execute high volume transfers, said Dulkin from CyberArk.
He said the attack on Bangladesh Bank was similar in nature to recent attacks carried out by the Carbanak gang, which stole as much as $1 billion from banks and other financial institutions and described in a Feb 2015 report by Kaspersky Lab, Russia's biggest maker of antivirus software.
"Attackers look for the credentials that would enable them to reach their goals," Dulkin said. "We can expect attacks of this nature to become more aggressive and cyber attackers in general to become bolder and more audacious, going after bigger targets for greater sums."
Bloomberg
Tue Mar 15 2016
Bank robbers successfully made five transfers out of the Bangladesh bank's account at the New York Fed. Of the $101 million they stole, $80 million ended up in accounts located in the Philippines, and $21 million went to Sri Lankan accounts.
ISIS Malaysia's perspective of Budget 2025
An excellent rakyat-centric budget under the overarching principle of a caring and humane economy.
Budget 2025: Record increase in STR, SARA aid initiatives
The government will provide a significant boost to the Sumbangan Tunai Rahmah (STR) and Sumbangan Asas Rahmah (SARA) initiatives next year.
Budget 2025: EPF contributions to be made mandatory for foreign workers – PM Anwar
The government plans to make it compulsory for all non-citizen workers to contribute to the Employees Provident Fund (EPF).
What policies to expect from Indonesia's new President Prabowo
Prabowo will be open to foreign investment, his aide has said, such as by offering investors management of airports and sea ports.
Budget 2025: Govt allocates RM470 mil to empower women's participation in PMKS
The Women's Leadership Apprenticeship Program will be intensified as an effort to produce more female corporate personalities.
Israel sends more troops into north Gaza, deepens raid
Residents of Jabalia in northern Gaza said Israeli tanks had reached the heart of the camp, using heavy air and ground fire.
Indonesia ramps up security ahead of Prabowo's inauguration
Prabowo Subianto will be sworn in as Indonesia's president on Sunday with Vice President-elect, Gibran Rakabuming Raka, also taking office.
Immediate allocation of RM150 mil for local authorities, DID to tackle flash floods
Datuk Seri Anwar Ibrahim said this allocation is intended to address the recent flash floods that hit the capital and several major towns.
Budget 2025: Sabah, Sarawak to continue receiving among highest allocations - PM
Sabah and Sarawak continues to be prioritised under Budget 2025, with allocations of RM6.7 billion and RM5.9 billion respectively.
NFOF will be operational in November 2024 with funding of RM1 bil
PM Anwar Ibrahim said NFOF will support venture capital fund managers to invest in startup companies with RM300 million set aside for 2025.
Minimum wage to increase to RM1,700 effective Feb 1, 2025
The Progressive Wage Policy would be fully enforced next year with an allocation of RM200 million, benefiting 50,000 workers.
Bursa Malaysia ends higher on Budget 2025 optimism
The benchmark index, which opened 1.85 points higher at 1,643.29, moved between 1,641.71 and 1,649.31 throughout the trading session.
Five important aspects relating to people’s lives in Budget 2025 - PM
The focus is on driving the MADANI Economy, speeding reforms, cutting red tape, raising wages, and tackling the cost of living.
Economic outlook: Govt plans to leverage, expand existing city transit system
The expansion aims to provide a more efficient and reliable public transportation network, reduce congestion, and improve accessibility.
Economic outlook: Budget 2025 to lay foundation for a digital-driven economy
The report said Budget 2025 will entail efforts to position Kuala Lumpur as a top 20 global startup hub by 2030 through the KL20 initiative.
Economic outlook: Corruption and lack of accountability hinder economic progress
Special Cabinet Committee on National governance is established to curb corruption, law reforms to modernise outdate regulations, MoF said.
National Wages Consultative Council will be strengthened
The govt will also incentivise hiring women returning from career breaks, offer job matching and improve care services facilities.
Economic outlook: Ensuring 11 years of compulsory education for all children
Budget 2025 will continue prioritising upskilling and retraining initiatives to equip workers with the latest skill sets necessary.
Consolidated public sector projected to record lower surplus of RM41.7 bil 2024
The MoF said the consolidated general government revenue is estimated to increase slightly to RM384.7 billion in 2024.
PM announces substantial Budget 2025 hastening Malaysia to become Asian economic powerhouse
Datuk Seri Anwar Ibrahim said it would create jobs and also tackle financial leakages to enhance public spending efficiency.