No proof yet that BB officials were involved in cyber heist: CID
The Criminal Investigation Department is yet to get proof nine months into its probe that any Bangladesh Bank official benefitted financially from the cyber heist in February.
“Different issues such as account information of Bangladesh Bank officials are being investigated. We have not yet got any evidence of their benefitting financially,” Shah Alam, additional deputy inspector general of CID, told reporters yesterday.
Following a case filed by the central bank, the CID opened the probe into the incident on March 15 -- more than a month after hackers made off with $81 million from the central bank's reserves with the Federal Reserve Bank of New York.
The agency has interrogated many officials and seized 66 computers.
Forensic analysis of the confiscated computers is ongoing with assistance from the US investigation agency FBI and France-based Interpol.
However, the CID is not yet certain whether the central bank officials were involved in the crime, one of the biggest banking heists in history. Alam said the system for sending payment orders from the BB was originally very secure, but some officials from the BB and some foreign agencies made it vulnerable step by step.
He referred to the linking of the BB's SWIFT operation with the central bank's whole IT operations in October last year for the launch of the real-time gross settlement (RTGS) system. Previously, the SWIFT operations and the central bank's IT operations were separate.
It is believed that the linking might also have given the hackers a path to break into the BB's SWIFT platform as it was done without installing a strong firewall. “Those who did this are experts on the subject and possess knowledge on IT.”
Alam also said many steps were taken in connecting the BB's secure payment system with RTGS. Both locals and foreigners were involved in the process, but he did not name anyone. Besides, to make a payment instruction, a card has to be punched that was supposed to be stored in a secure vault. “But during investigation they found that the card was attached to the computer. Asked why it was with the computer the BB officials did not have any answer.”
Alam said five false accounts were opened with the Philippines' bank RCBC on May 15, 2015.
The CID is sure that the accounts were opened with the sole purpose of bringing in huge sums of money from other countries.
When the accounts were opened the BB SWIFT system was not linked with the whole central bank operation; the BB's SWIFT platform became vulnerable much later. He said the evidences related to the BB reserve heist were scattered in 11 countries.
During the investigation, the CID found that 23 of the people involved with the hacking are non-Filipinos who took out millions of dollars outside their countries using casinos. “The CID knows details about each of them. We are trying to find out whom they handed over the stolen money and who were behind this.” He said the CID has been working with the law enforcing agencies of the concerned countries to unearth the crime.