BB's Achilles' heel

Cyber thieves might have found it easier to break into the Bangladesh Bank system after its local area network (LAN) was connected with its SWIFT operation, according to central bankers and investigators.

It became more evident when the BB, following advice from the SWIFT authority, cordoned off the production server on February 6 by disconnecting all LAN connections, including the RTGS (real time gross settlement) connectivity -- two days after the $101 million burgle.

The central bank launched the RTGS in October last year to facilitate instant settlements of payments online. The RTGS is a system of transferring money or securities from one bank to another in real time, and is part of a project jointly funded by the government and the Asian Development Bank.

Of the 56 banks in Bangladesh, only three became connected with the RTGS through the central bank's SWIFT operation, while the rest 53 are still using the virtual private network of the BB.

Earlier, the SWIFT operations and the central bank's IT operations were separate.

A central bank official said the linking of the BB's SWIFT operation with the central bank's whole IT operations in Dhaka and other cities through the launch of the real RTGS system might also have given the hackers a path to break into the BB's SWIFT platform.

The BB's SWIFT system was weakened as the linking to the RTGS was done without installing a strong firewall, said officials of the BB.

The heist showed that it is the central bank that made its own system vulnerable.

Questions also surfaced against the SWIFT as to whether the Belgium-based organisation had looked into the security arrangement before allowing the three banks to gain entry to the RTGS through the international network.

A chief executive of one of the three banks, seeking anonymity, said the bank used the SWIFT system for fast service in a more secure environment, although it was costlier compared to the VPN.

“We had no idea that the SWIFT platform could be hacked. The Bangladesh Bank and the SWIFT authority would have to ensure the safety,” he said.

Subhankar Saha, BB spokesperson and also an executive director, said almost 150 countries around the world use the RTGS system. They use both the SWIFT and the VPN to be linked with the RTGS, although most countries prefer the SWIFT system. 

“We used both the systems to be more inclusive,” he told this newspaper.

Nevertheless, it is evident that the link between the BB's SWIFT platform and the RTGS might have helped the hackers to plant the malware into the central bank's network. Investigators are currently looking how it got into the SWIFT platform.

Mirza Abdullahel Baqui, special superintendent of the Criminal Investigation Department (CID), told The Daily Star: “It is a priority of our investigation to find out if the malware got into the SWIFT system through the RTGS. It will be investigated. We are also looking into other areas.”

The CID, which is investigating the money laundering case filed by the BB, held several meetings with BB officials. It also held talks with two representatives of the SWIFT who arrived in Bangladesh on Thursday.

The SWIFT is doing its own investigation to see how their system was compromised, said Baqui, adding that the SWIFT representatives would submit a report of their findings to the central bank.

Talking about the nature of the crime and the investigation, a former central banker said, “Hackers are criminals but very talented. So, the CID investigation team should include cyber security experts for an effective probe.”

An interim report by US-based World Informatix Cyber Security and FireEye said the hackers installed a malware and deployed three sophisticated tools into the central bank's SWIFT servers to harvest credentials.

They detected the first suspicious log-in into the BB system on January 24. Five days later, the hackers installed SysMon, an advanced background monitor, in SWIFTLIVE and left it running for a full day, apparently to steal information.