Global financial network SWIFT is primarily responsible for the hacking of the Bangladesh Bank reserve, head of a committee probing the sensational heist said today.
SWIFT now is telling that its job is to provide solutions and it is the responsibility of the client to ensure the safety of the system, Mohammed Farashuddin added.
Malware made by either Pakistani or North Korean hackers was used in stealing US$101 million from Bangladesh Bank account with Federal Reserve Bank of New York, Farashuddin told reporters after a meeting at BB in the afternoon.
“Okay, I admit that. But if SWIFT or any individual gives any system, it is the provider’s responsibility to supply device to keep the system secure.”
It is also the responsibility of the provider if the supplied system becomes insecure mid way, said Farashuddin, a former governor of the central bank.
SWIFT was responsible to ensure around 13 security measures for the safety of the system but it did not do so, he added.
On February 4, US$101 million was stolen online from the Bangladesh Bank's reserve with the Federal Reserve Bank of New York, through Rizal Commercial Banking Corporation in the Philippines and Pan Asia Banking Corporation in Sri Lanka.
Farashuddin said the SWIFT system has been working soundly in Bangladesh since 1995.
In March 2015, SWIFT in a letter told the BB that the Belgian organisation wants to link the SWIFT platform at the BB with the Bangladesh’s first real-time gross settlement (RTGS) system.
“The letter contained nothing other than excitement and flattery. It did not contain the benefit it will bring for Bangladesh and BB if the linking goes ahead,” said the chief of the probe team.
After receiving the letter, the bank’s executive committee approved it, he said terming the action as “irresponsible”.
And the money had gone out of the BB due to the RTGF, he said.
He said there was also debate on how much money actually had gone out of the BB through the hacking on February 4.
The hackers had made attempt to steal $950 million. Of them, advices worth $101 million were sent.
Bangladesh Bank got back $20 million because of misspelling of the beneficiary organisation in Sri Lanka.
Now, the amount of the missing money stood at $81.16 million.
The preliminary report of the probe findings was submitted to the government on April 20.
In the forwarding, the probe committee said the report is final on that part.
He said the committee had noticed that there was an effort to give a bad name to Bangladesh and Bangladesh Bank internationally.
“We have collected proof and evidence about it. There is some logic.”
Earlier in last week, Bangladeshi police and a bank official said BB became more vulnerable to hackers when technicians from SWIFT connected a new bank transaction system to SWIFT messaging three months before a $81 million cyber heist.
"We found a lot of loopholes," Mohammad Shah Alam, head of the Criminal Investigation Department of the Bangladesh police who is leading a probe, told Reuters in an interview in Dhaka. "The changes caused much more risk for Bangladesh Bank."
In response, SWIFT on May 9 rejected allegations that technicians with the global messaging system made the nation's central bank more vulnerable to hacking before the heist.