BB files case over $101m cyber theft
The Bangladesh Bank yesterday filed a case in connection with last month's heist of $101 million from its account with the Fed.
The case was filed with the Motijheel police station against anonymous persons under the anti-money laundering law and the Information Technology Act.
Soon after the case was filed -- by Md Zubair Bin Huda, who is a BB joint director -- the police transferred it to the Criminal Investigation Department.
The case narrated what went wrong at the central bank. As is practice, the confirmations of the previous day's SWIFT transactions are automatically printed overnight.
In the case, Huda, who works in the BB dealing room, said his colleague, Rafique Ahmed Majumder, went to collect the print-outs at around 10.30am on February 5 and discovered that they did not come out despite being logged into the SWIFT server.
They tried to print the SWIFT acknowledgement receipts manually but failed despite repeated attempts. Huda thought it was a repeat of a previous printing-related problem and verbally directed the other back office officials to continue trying to solve the problem.
The following day, on February 6, he once again attempted to solve the problem but failed.
He noticed that day that the SWIFT terminal was not responding. When an attempt was made to restart the terminal, a message flashed: "A file is missing or changed".
At around 12.30pm, he managed to get the terminal up and running again through an alternative system.
With the verbal approval of the department's general manager and deputy general manager, he manually printed the acknowledgement receipts, after a delay of one day.
The print that came out said the terminal was corrupt.
"Sensing a disaster in our SWIFT system, we immediately contacted the case manager, requesting him to analyse the issue."
At around 1:30pm, they emailed the Federal Reserve Bank in New York asking it to stop all its payments until further notice, he said.
On February 7 at 6:15pm, the BB got to open its SWIFT's backup server.
They tried to contact the New York Fed but failed as it was a bank holiday in the US for the weekend.
On February 8, after analysing the information in the SWIFT server, they discovered that four unauthorised SWIFT messages were sent from their end against which $101 million were remitted to the Philippines and Sri Lanka.
On request from the BB, Pan Asia Banking Corporation of Sri Lanka cancelled the payment of $20 million to its ultimate beneficiary.
But the $81 million that entered the Philippine banking system were credited to beneficiary accounts with the Rizal Commercial Banking Corporation and eventually withdrawn.
The BB also explained why it took so much time to file the case: it was trying to recover the money through its own system.
Investigations by the BB and international experts also delayed the filing of the case.
Comments