Hackers steal $101 mn of Bangla money from US Fed

11 Mar 2016

Bangladesh's central bank has confirmed that its account at the US Federal Reserve Bank was hacked and over $100 million stolen from its foreign reserves.

A Bangladesh Bank spokesman confirmed the theft on Wednesday amid a media uproar after sources in the central bank hinted that unknown hackers had stolen $101 million, of which $81 million entered the Philippines and the rest went to Sri Lanka to be used in a casino business.

''They ordered transfers out of a Federal Reserve Bank of New York account held by Bangladesh Bank,'' said central bank spokesman Subhankar Saha.

He said hackers had breached the security system of the bank in early February and stole credentials for payment transfers, in one of the biggest bank thefts in history.

The hackers had sent 35 advices to the US Federal Bank but only 5 of those were complied with before the theft was unearthed, he added.

Bangladesh Bank officials said while $81 million of the stolen amount entered the Philippine banking system on 5 February and several layers of subsequent transactions made their way out into Hong Kong, the remaining $20 million ended up in Sri Lanka.

They said the thieves thereafter made an attempt to launder a further $870 million through the same channel, but their plan was foiled after an American bank recalled the transfer order. ''The American bank contacted us when they got their anti-money laundering alert to confirm if the pay order actually came from us. We straightaway replied in the negative and so the payment was stopped,'' Saha said.

Cyber security experts said the perpetrators of heist had deep knowledge of the institution's internal workings which they might have gained by spying on bank workers.

The bank said they launched a massive investigation into the theft and expected the amount to be returned while unconfirmed reports said the central bank sent two of its officials to the Philippines to demand the return of the funds.

The US Federal Reserve Bank responded to the hacking, saying there was no evidence that its systems were compromised in the cyber attack, according to media reports.

The bank said they followed normal procedures when responding to requests that appeared to be from Bangladesh Bank, which were made and authenticated over Society for Worldwide Interbank Financial Telecommunication (SWIFT).

A Chinese-Filipino businessman was the mastermind of the theft who had moved the funds to three casinos, where they were converted into chips for betting at the gaming tables, according to the Philippine Daily Inquirer.

The chips were then converted back into cash and remitted to accounts in Hong Kong soon after by him.