Hackers had link with Bangladesh Bank insiders!
13 March 2016, Nirapad News: The perpetrators of over US$100 million digital heist from Bangladesh Bank’s account with the US Fed might have worked in direct liaison with the bank’s employees concerned, according to IT experts.
Or, they say, somebody had spied in disguise to trade out the basic information.
The experts, who are familiar with such situations, said before the incident-rated one of the biggest cybercrimes in the world-the criminals had to first gather information about Bangladesh Bank’s procedures for ordering transfers, so that the fraudulent requests could not raise red flags.
They claimed that the systems were not upgraded regularly, which facilitated the digital stealing of the funds from the central bank’s account in the US Federal Reserve Bank in New York.
They said improvement upon security and their continued upgrading are needed to avert such type of cyber-burgling.
A question cropped up whether the central bank is equipped well for handling such things with local manpower. They were critical of involving foreigners in handling such technologies in matters of high secrets.
Zakaria Swapan, one of the IT experts consulted, is not in agreement with many who suspect malware software might have been somehow installed with central bank’s computer systems to steal the dollars.
But he argued that if the cybercrime was software-based, then the illegal payments were continuing.
“Whereas the heists were stopped after certain payments, the malware software might not be involved in it,” said Mr Swapan.
“But my suspicion about the heist is persons may be insiders or outsiders,” he said.
A group of IT people at a programme in the city Saturday also said there is need for probe to detect how the crime really committed.
They noted that all parties involved with the electronic payments have been denying the allegations about failure of their systems. If every system works well, then how the hell it happened, the IT experts argued.
Bangladesh government officials blamed the Fed for the attack when they disclosed the loss. The New York Fed responded: there was no evidence its systems were compromised in the attack, one of the biggest bank thefts in history.
The Fed said it followed normal procedures while responding to requests that appeared to be from Bangladesh Bank, which were made and authenticated over SWIFT. The Belgian-based SWIFT, a member-owned cooperative that banks use for account-transfer requests and other secure messages, declined to comment on specifics of the case.
However, M. Rokonuzzaman, a professor at the department of electrical and computer engineering at North South University, said international rating agencies may take it into consideration to factor in as lack of confidence in central bank’s ability to play the role of custodian of reserves.
He fears it may lead to downgrading economic outlook of Bangladesh.
“Foreign investors, lenders and buyers may lose confidence in Bangladesh Bank’s ability to comply with long-term foreign currency payment obligation,” he posted on the facebook.
The professor also said Bangladeshis working outside may have less confidence in sending foreign currencies home.
“If we lose significant portion of foreign-currency reserves, there will be sharp fall of value of BDT. Due to restriction on import and export, production will halt; people will lose jobs; and society will be in chaos,” he wrote in the cyber-post.
He said due to incompetence (maybe, also maliciousness) of employees and consultants, who are paid by the people of Bangladesh, the country may move into serious crisis.
He called for actions to facilitate fair investigation leading to immediate removal of those who failed to protect the interests of poor people of Bangladesh.
He said the policy of borrowing foreign funds to recruit foreign consultants to develop and audit critical technology infrastructure must stop.
“Investment must be made to build local human capacity to lead the design, development, installation, verification and the auditing of nation’s critical technology infrastructures,” Mr Rokonuzzaman said in the facebook post.
Fahim Masroor, a former president of the Bangladesh Association of Software and Information Services, said the central bank should have its own IT people as it is very much important.
“If they don’t have such people, they should develop immediately for future security,” Mr Masroor said.
He also said Bangladesh Bank needs information-security guidelines and their regulator audit.
Former Governor of Bangladesh Bank (BB) Dr. Mohammed Farashuddin has suggested the authorities concerned to keep watch on officials who are responsible for overall foreign-exchange-reserve management, as per the system.
“The transaction mechanism should be reviewed immediately,” the former BB governor told the FE Saturday while explaining the immediate measures after the stealing more than $100 million foreign-exchange reserves of Bangladesh from the Federal Reserve Bank of New York.
He believes officials of the central bank are patriotic, honest and efficient. The former governor, however, said if any of them was involved in the incident, then he/she must be identified with the cooperation of all.
Dr Farashuddin also suggested high alert where the country’s forex reserves are being deposited to avoid recurrence of such trans-border heist.
“The transaction of forex reserves can be halted for one or two days, if necessary,” he explained.
The former governor also sought clarification from the central bank why the finance minister said on March 7 last that he was not aware about such incident which occurred on February 5.
He also recommended that the central bank let the people know about the matter to remove their confusion.
He welcomed the moves of the central bank of Sri Lanka as it had played due role in preventing the fund transfer.
But he was frustrated as to whether the stolen funds from the Philippines could be retrieved. He urged the authorities concerned to work hard to bring back the money.
Siddique.email@example.com and firstname.lastname@example.org