Malware Suspected in $81million New York Fed Heist

Ray Walsh

Ray Walsh

March 14, 2016

Cybersecurity experts have managed to shed some light on the robbery of 81 million dollars from an account at the Federal Reserve Bank of New York. The account in question belongs to the central bank of Bangladesh and was frisked of the money on 4 February 2016. Luckily for both banks involved, the cyber attack was noticed (and halted) at that point – before cyber criminals managed to take the whole sum that they had in mind (just shy of a billion dollars).

The cyber stickup is now thought to have been initiated with malware that the hacker (or hackers) somehow delivered onto the Bangladesh central bank’s computers. For now, the means by which that payload was placed on the banks systems is unknown. Though, it is more than likely that it was delivered using social engineering techniques.

The news that malware was involved comes courtesy of FireEye Inc’s digital forensics department, who have been investigating the digital heist alongside Virginia-based cybersec firm World Informatix. FireEye now believes that the hackers might have been inside the Bangladesh Banks system for weeks, watching, and learning the necessary codes to carry out the heist.  Finally – with all the required information accumulated – the cyber attackers (who remain unknown to the press at this time) successfully used the interbank messaging system Swift to extract the money via international transfers.

According to Bangladesh central bank spokesperson Subhankar Saha, the specifics of the heist are as follows: The money was stolen via five transfer requests of just over 20 million a piece. Four of those ended up in bank accounts in the Philippines, with one believed to have been illegally transferred to a bank account in Sri Lanka (already thankfully recuperated).

In a statement made on Friday, the Belgian company Swift (which banks all over the world use to securely transfer money) said the following,

‘SWIFT and the Central Bank of Bangladesh are working together to resolve an internal operational issue at the central bank. SWIFT’s core messaging services were not impacted by the issue and continued to work as normal.’

FireEye’s belief (that malware was used to get hold of the banks credentials as well as to figure out how to orchestrate the cyber robbery) is corroborated by the New York Fed. It says that the transfer requests came from the Bangladesh central bank’s servers in Dhaka and were ‘fully authenticated’ with the right codes.

Amazingly (considering the careful execution of the other aspects of the cyber attack),  it is believed that the sole reason that the hack was noticed was because of a spelling error in one of the transaction requests. In that particular request (one of around 35 requests in total) the word ‘foundation’ was accidentally spelled ‘fandation’ – alerting the New York Fed to the possibility of a problem – before the rest of the cash was successfully transferred.

Due to the widespread use of the Swift interbank messaging system, other banks and businesses are extremely interested to know all the details about how the cyberheist was carried out  The worry being that similar malware could be delivered (or might have already been delivered) onto their servers also.

According to the Bangladesh’ Finance Minister Abul Maal Abdul Muhith, the government will be making an enquiry into how the central bank of Bangladesh handled the situation following the cyber heist. Muhith claims that the central bank was slow in coming forward to declare the problem; which he feels amounts to incompetence. ‘Bangladesh Bank had the audacity not to inform me. I am very unhappy about it. The handling of the matter by Bangladesh Bank is very incompetent,’ he said on Sunday.

For now, both the Bangladeshi and Philippine governments are working together to find out exactly what happened. Meanwhile, the central bank of Bangladesh is investigating eight officials whose job it is to carry out international transfers at the bank; with the hope that they will be able to pinpoint exactly where in the chain of authority the hackers managed to penetrate.

Frustratingly for the central bank of Bangladesh -despite the money having been stolen from the Fed in New York – evidence so far reveals that it was Bangladeshi’ systems and not New York that was hacked. This leaves Muhith’s claim (made last week) that the Fed in New York was responsible for the money; in a rather weak position.

Also of interest; it is now understood that authorities in the Philippines are preparing a case against cyber criminals that it has reason to believe were involved. According to local press in the Philippines – sources that wish to remain anonymous – have suggested that the money may have gone into the country via a branch of Rizal Commercial Banking Corp. At which point it may have been changed into pesos and placed into the bank account of an (as yet unnamed) travel agent involved in flying wealthy Chinese gamblers out to casinos in the Philippines.

Lorenzo Tan, chief executive officer at Rizal, was quick to deny allegations that the bank was in any way involved in enabling the stolen money to be transferred to its branch – even offering to go on leave while investigations are underway.

Exclusive Offer
Get NordVPN for only