Bangladesh Bank suffered a security incident that resulted in a millionaire robbery; they point to the possible participation of North Korean hackers
According to ethical hacking and network
security experts from the International Institute of Cyber Security,
Bangladesh Bank has filed a lawsuit with the federal Court of new York to try
to recover the approximately 80 million of dollars.
In the lawsuit, the central bank of Bangladesh
accuses the Philippine financial institution Rizal Commercial Bank Corp. (RCBC),
in complicity with other institutions and individuals, to be part of a
conspiracy to rob about one billion dollars from the Bangladesh Bank account at
the New York Federal Reserve.
According to reports of network security
specialists, the conspirators injected a variant of malware into the bank’s
systems, thus being able to send fraudulent messages through the SWIFT
interbank system. The attackers managed to steal 100 million dollars, of which
about 81 million have not yet been recovered.
An investigation conducted by the U.S.
Department of Justice (DOJ) has concluded that these funds were transferred to
four RCBC-controlled accounts and then distributed through multiple casinos in the
Philippines. All accounts were registered with false names.
Bangladesh Bank, for its part, is responsible
for these attacks to groups of hackers sponsored by the North Korean
government, and also states that these groups were responsible for sending the
assets to the Philippines.
Network security specialists believe that the
attackers were able to use Fedwire (an electronic transfer system designed by
the U.S. government) to expedite the transactions of these large sums, which
was instrumental in completing the attack. “The use of the Fedwire system
was vital for the conspiracy, as it allowed the attackers to transfer money to
the intermediaries without delay.”
Although Bangladesh Bank has formally initiated
the legal process, it is still unclear whether the court has jurisdiction or
whether the U.S. law is applicable in this case. The demand emphasizes how the
U.S. Fedwire system was adjusted to the hacker scheme; however, most of the
money laundering process was carried out outside of North American territory.
Still, the central Bank of the Philippines
(BSP), decided to investigate on its own to RCBC and impose a fine of 1 billion
Philippine pesos (about $20 million dollars). In addition, in December 2016,
the governor of the Bangladesh Central Bank, Mohammed Farashuddin, stated that
a government-integrated committee to investigate the robbery pointed to five RCBC
officials as guilty of the incident.
Finally, on 10 January last, a court of first
instance of the Philippines that convicted the administrator of the RCBC, Maia
Santos Deguito, of eight charges of money laundering and imposed a fine of 109
million dollars, in addition, the officer faces a sentence of up to 56 years in
prison. The defendant anticipates that they will appeal this sentence.
