Forensic team examining BB computers
A forensic team of international IT experts is examining all computers of Bangladesh Bank to detect how a malware hacked into the payment system of the central bank and stole $101 million.
The detection will be done with the help of a monitoring software programme that is already examining some 5,000 computers of the BB.
The team will hand its report by next two weeks, detailing how the fraudulence took place and if any BB officials were involved in the heist.
The BB said this to a team from the Banking Division of the finance ministry when it visited the central bank yesterday.
The hacking took place on the night of February 4, a Thursday, using information stolen through the malware, which sent a total of 35 transfer orders to the Federal Reserve Bank of New York where the BB has an account. The next two days -- Friday and Saturday -- were weekend in Bangladesh.
But eight officials of the BB, as they do by rotation, came to the office for carrying out foreign exchange transactions both on Friday and Saturday but found their computers inoperative, the BB informed the Banking Division officials.
However, the BB officials did not inform the higher authorities about the computer malfunction, said an official.
He said the BB high-ups came to know about the issue on Sunday and its IT department fixed the problem by restarting the system.
The powerful malware not only hacked into the system, but also destroyed the system on the computers itself, which are used by the officials to make transfer orders. Data on the printers were also destroyed by the malware.
The Banking Division expressed resentment over the BB not informing it about the case immediately and also over the fact that the bug was able to penetrate the supposedly powerful IT system in the first place, the official added asking not to be named.
To this, BB officials said the malware was powerful enough to outsmart the BB security wall.
After a meeting with deputy governors, Banking Division Secretary Aslam Alam told reporters that the central bank appointed a forensic team to investigate the case, whose probe was already underway.
“The investigators are checking all computers of the BB,” he said, adding, no doubt that there were flaws in BB's IT system.
After the heist, the government came to the realisation that the country's biggest risk lies in IT security, he said.
“IT security is not only about the Bangladesh Bank, but also about all financial institutions. Every bank has IT security systems in place. We have to examine anew how secure they are.”
The BB will hold an emergency board meeting tomorrow, where the whole issue will be discussed and the next course of action determined, he said.
Speaking to the media, Deputy Governor Abu Hena Mohammad Razi Hassan said it would take two more weeks to complete the investigation.
An analysis of the IT security system of the central bank as well as the whole banking sector would be conducted and the systems of each bank would be checked.
He said the FBI had a strong cyber security unit and the capability to see what is happening around the world.
A negotiation with the FBI is underway. “We have had a preliminary discussion with them. We have to send the FBI a formal request.”
Hassan said some issues related to the due diligence by the New York Fed over the fund transfer are yet to be looked into.
He said the Fed enquired about some transfer orders purportedly sent from the BB. As a result, the payment of most of the funds was stopped. The Fed also wanted to know about the five transfer orders that slipped through.
“After getting no response from our side, those payments were made... There is a need to look into the issue. It now remains to be seen whether due diligence was done.”
On bringing back money that ended up in the Philippines and Sri Lanka, he said the accounts which have been frozen in the Philippines hold only $68,000 although $81 million was wired into the country.
The money had gone out of the banking channel, he said.