2016 Bangladesh Bank heist

From Wikipedia, the free encyclopedia
Jump to: navigation, search
The Federal Reserve Bank of New York

In February 2016, instructions to steal US$951 Million from Bangladesh Bank, the central bank of Bangladesh, were issued via the SWIFT network. Five transactions issued by hackers, worth $101 million and withdrawn from a Bangladesh Bank account at the Federal Reserve Bank of New York, succeeded, with $20M traced to Sri Lanka (since recovered) and $81M to the Philippines. The Federal Reserve Bank of NY blocked the remaining 30 transactions, amounting to $850 million, at the request of Bangladesh Bank.[1]

Background[edit]

In 2012, the Philippines loosened restrictions on its gambling industry despite opposition from the Catholic Church. After the country's gambling industry benefited from Chinese President Xi Jinping's campaign against corruption, which drove gamblers further south of Macau,[2] its casinos lobbied against a 2012 amendment by the Philippine Senate of the 2001 Anti-Money Laundering Act that required them to report suspicious transactions. Senate President Juan Ponce Enrile had lobbied for the inclusion of casinos in the scope of the law. At that time, big casino firms in the Philippines such as the City of Dreams had not yet been established.[3]

Events[edit]

Hackers or insiders (it is not yet clear which) attempted to steal $951 million from the Bangladesh central bank's account with the Federal Reserve Bank of New York sometime between February 4–5 when Bangladesh Bank's offices were closed. The perpetrators managed to compromise Bangladesh Bank's system, observe how transfers are done, and gain access to the bank's credentials for payment transfers, which they used to send about three dozen requests to the FedBank to transfer funds to Sri Lanka and the Philippines. 30 transactions worth $851 million were prevented by the banking system but five requests were granted; $20 million to Sri Lanka (later recovered[4][5]), and $81 million lost to the Philippines, entering the Southeast Asian country's banking system on February 5, 2016. This money was laundered through casinos and some later transferred to Hong Kong.

Attempted fund diversion to Sri Lanka[edit]

The $20 million transfer to Sri Lanka was intended by hackers to be sent to the Shalika Foundation, a Sri Lanka-based private limited company. The hackers misspelled "Foundation" in their request to transfer the funds, spelling the word as "Fundation". This spelling error gained suspicion from Deutsche Bank, a routing bank which put a halt to the transaction in question after seeking clarifications from Bangladesh Bank.[6][4][7]

Sri Lanka-based Pan Asia Bank initially took notice of the transaction, with one official noting the transaction as too big for a country like Sri Lanka. Pan Asia Bank was the one which referred the anomalous transaction to Deutsche Bank. The Sri Lankan funds have been recovered by Bangladesh Bank.[4]

Funds diverted to the Philippines[edit]

The money transferred to the Philippines was deposited in five separate accounts with the Rizal Commercial Banking Corporation (RCBC); the accounts were later found to be under fictitious identities. The funds were then transferred to a foreign exchange broker to be converted to Philippine pesos, returned to the RCBC and consolidated in an account of a Chinese-Filipino businessman;[3][5] the conversion was made from February 5 to 13, 2016.[8] It was also found that the four U.S. dollar accounts involved were opened at the RCBC as early as May 15, 2015, remaining untouched until February 4, 2016, the date the transfer from the Federal Reserve Bank of New York was made.[8]

In February 8, 2016, during the Chinese New Year, Bangladesh Bank through SWIFT informed RCBC to stop the payment, refund the funds, and to "freeze and put the funds on hold" if the funds had already been transferred. Chinese New Year is a non-working holiday in the Philippines and a SWIFT message from Bangladesh Bank containing similar information was received by RCBC only a day later. By this time, a withdrawal amounting to about $58.15 million had already been processed by RCBC's Jupiter Street (in Makati City) branch.[8]

On February 16, the Governor of Bangladesh Bank requested Bangko Sentral ng Pilipinas' assistance in the recovery of its $81 million funds, saying that the SWIFT payment instructions issued in favor of RCBC on February 4, 2016 were fraudulent.[8]

Investigation[edit]

Bangladesh[edit]

Initially, Bangladesh Bank was uncertain if its system had been compromised. Governor of the Central bank engaged World Informatix Cyber Security, a US based firm, to lead the security incident response, vulnerability assessment and remediation. World Informatix Cyber Security brought in the leading forensic investigation company Mandiant, a FireEye company for the investigation. These cyber security experts found "footprints" and malware of hackers which suggested that the system had been breached. The investigators also said that the hackers were based outside Bangladesh. An internal investigation has been launched by Bangladesh Bank regarding the case.[4]

The Bangladesh Bank's forensic investigation found out that malware was installed within the bank's system sometime in January 2016, which gathered information on the bank's operational procedures for international payments and fund transfers.[8]

Philippines[edit]

The Philippines' National Bureau of Investigation (NBI) launched a probe and looked into a Chinese-Filipino who allegedly played a key role in the money laundering of the illicit funds. The NBI is coordinating with relevant government agencies including the country's Anti-Money Laundering Council (AMLC). The AMLC started its investigation on February 19, 2016 of bank accounts linked to a junket operator.[8] AMLC has filed a money laundering complaint before the Department of Justice against a RCBC branch manager and 5 unknown persons with fictitious names in connection with the case.[9]

A Philippine Senate hearing was held on March 15, 2016, led by Senator Teofisto Guingona III, head of the Blue Ribbon Committee and Congressional Oversight Committee on the Anti-Money Laundering Act.[10] A closed-door hearing was later held on March 17.[11] Philippine Amusement and Gaming Corporation (PAGCOR) has also launched its own investigation.[4]

United States[edit]

FireEye's Mandiant forensics division and World Informatix Cyber Security, both US based companies, are investigating the hacking case. According to investigators, the perpetrators' familiarity with the internal procedures of Bangladesh Bank was probably obtained by spying on its workers. The government of Bangladesh is considering suing the Federal Reserve Bank in a bid to recover the stolen funds.[4]

Other attacks[edit]

Computer security researchers have linked the theft to as many as 11 other attacks, and alleged that North Korea had a role in the attacks, which if true would be the first known incident of a state actor using cyberattacks to steal funds.[12][13]

Response from linked organizations[edit]

Atiur Rahman, Governor of Bangladesh Bank who resigned from his post in response to the case.

The Rizal Commercial Banking Corporation said it did not tolerate the illicit activity in the RCBC branch involved in the case. Lorenzo Tan, RCBC's president, said that the bank cooperated with the Anti-Money Laundering Council and the Bangko Sentral ng Pilipinas regarding the matter.[14] Tan's legal counsel has asked the RCBC Jupiter Street branch manager to explain the alleged fake bank account that was used in the money laundering scam.[15]

RCBC President Lorenzo Tan also filed an indefinite leave of absence to give way to the investigation by the authorities on the case and to clear his name in the issue. RCBC's board committee also launched a separate probe into the money laundering scam.[16][17] Helen Yuchengco-Dee, daughter of RCBC founder Alfonso Yuchengco, will take over the bank's operations. The bank also apologized to the public for its involvement in the heist.

Bangladesh Bank chief governor Atiur Rahman resigned from his post amid the current investigation of the heist and money laundering. He submitted his resignation letter to Prime Minister Sheikh Hasina on March 15, 2016. Before the resignation was made public, Rahman stated that he would resign for the sake of his country.[18]

Ramifications[edit]

The case threatens the reinstatement of the Philippines to the blacklist, by the Financial Action Task Force on Money Laundering, of countries making insufficient efforts against money laundering.[19] Attention was given to a potential weakness of Philippine authorities' efforts against money laundering after lawmakers in 2012 managed to exclude casinos from the roster of organizations required to report to the Anti-Money Laundering Council regarding suspicious transactions.

The case also highlights the threat of cyber attacks to both government and private institutions by cyber criminals using real bank codes to make orders look genuine. SWIFT has advised Banks using SWIFT Alliance Access system to strengthen their cyber security posture and ensure they are following SWIFT security guidelines. Bangladesh is reportedly the 20th most cyber-attacked country, according to a cyber threat map developed by Kaspersky Lab which runs in real time.[20]

References[edit]

  1. ^ Congresswoman wants probe of ‘brazen’ $81M theft from New York Fed
  2. ^ Alcuaz, Coco (10 March 2016). "Philippine Bank Claims Innocence In Bangladesh-Federal Reserve Money Laundering Controversy". International Business Times. Retrieved 11 March 2016. 
  3. ^ a b Ager, Maila (3 March 2016). "Senate to probe $100-M laundering via PH, says Osmeña". Philippine Daily Inquirer. Retrieved 11 March 2016. 
  4. ^ a b c d e f Quadir, Serajul (11 March 2016). "Spelling mistake stops hackers stealing $1 billion in Bangladesh bank heist". The Independent. Retrieved 13 March 2016. 
  5. ^ a b Byron, Rejaul Karim (10 March 2016). "Hackers' bid to steal $870m more from Bangladesh central bank foiled". Asia News Network (The Daily Star). Retrieved 11 March 2016. 
  6. ^ http://www.reuters.com/article/us-usa-fed-bangladesh-sri-lanka-idUSKCN0WX1UI
  7. ^ http://www.ceylontoday.lk/print20160321CT20160630.php?id=730
  8. ^ a b c d e f Byron, Rejaul Karim; Rahman, Md Fazlur (11 March 2016). "Hackers bugged Bangladesh Bank system in Jan". Asia News Network (The Daily Star). Retrieved 13 March 2016. 
  9. ^ "RCBC manager, others face anti-money laundering complaint". Rappler. March 5, 2016. Retrieved March 5, 2016. 
  10. ^ Pasion, Patty (15 March 2016). "RCBC manager invokes right vs self-incrimination at Senate probe". Rappler. Retrieved 20 March 2016. 
  11. ^ Yap, Cecilia; Calonzo, Andreo (17 March 2016). "Printer error foiled billion-dollar bank heist". Sydney Morning Herald. Retrieved 20 March 2016. 
  12. ^ Shen, Lucinda (27 May 2016). "North Korea Has Been Linked to the SWIFT Bank Hacks". Fortune. Retrieved 28 May 2016. 
  13. ^ Agcaoili, Lawrence (10 March 2016). "RCBC denies alleged money laundering". The Philippine Star. Retrieved 11 March 2016. 
  14. ^ "Explain 'fake account,' RCBC chief tells branch manager". ABS-CBN News. March 13, 2016. Retrieved March 13, 2016. 
  15. ^ Dumlao-Abadilla, Doris (March 23, 2016). "RCBC chief goes on leave amid $81M dirty money probe". Philippine Daily Inquirer. Retrieved March 24, 2016. 
  16. ^ Agcaoili, Lawrence (March 23, 2016). "RCBC president goes on leave". The Philippine Star. Retrieved March 24, 2016. 
  17. ^ "Bangladesh central bank governor quits over $81m heist". The Daily Star/Asia News Network. March 15, 2016. Retrieved May 11, 2016. 
  18. ^ Remitio, Rex (3 March 2016). "Sen. Osmeña: PH may suffer if money laundering is proven". CNN Philippines. Retrieved 11 March 2016. 
  19. ^ Tweed, David; Devnath, Arun (10 March 2016). "$1 Billion Plot to Rob Fed Accounts Leads to Manila Casinos". Bloomberg. Retrieved 11 March 2016. 
Hacking in the 2010s
Major incidents
Groups
Individuals
Vulnerabilities
discovered
Malware
Retrieved from "https://en.wikipedia.org/w/index.php?title=2016_Bangladesh_Bank_heist&oldid=724695466"