Cyber criminals managed to swindle $81 million (Dh297 millon) from Bangladesh Central Bank’s account with the Federal Reserve Bank of New York last month, but a typo by hackers saved the country up to $870 million (Dh3.17 billion).
In one of the largest known cyber heists in history, unknown hackers managed to transfer $80 million from the Bangladesh Central Bank’s accounts with the Federal Reserve Bank of New York.
The cybercriminals allegedly breached the computer systems of Bangladesh Bank, stole its payments transfer password and credentials.
Then, between February 4 and 5, the alleged cybercriminals flooded the Federal Reserve Bank of New York’s systems with more than 30 requests to move hundreds of millions of dollars from the Bangladesh Bank’s account to casinos in the Philippines and a supposed NGO in Sri Lanka.
The first four transfer transactions, amounting to about $81 million to various entities in the Philippines went through, but a fifth transfer request for $20 million(Dh73 million) to a Sri Lankan NGO got stuck.
The reason? The hackers misspelled the name of the NGO, Shalika Foundation. Instead of ‘Foundation’, they punched in ‘fondation’, which prompted one of the routing banks to withhold that and subsequent transfers – amounting to a staggering $870 million (Dh3.17 billion) – to seek clarification from Bangladesh Bank.
Of late, cybercriminals have used sophisticated techniques in attempts to skim billions off banks and financial organisations.
Last month, software security group Kaspersky Labs said that the year 2015 saw the rise of cybercriminals who steal money from banks directly.
“Several groups have mastered APT tools and techniques, dipping their hands into the ‘pockets’ of at least 29 big Russian banks,” the firm said.
The firm said in 2015 that up to $1 billion was stolen in about two years from financial institutions worldwide.
“These bank heists were surprising because it made no difference to the criminals what software the banks were using. So, even if its software is unique, a bank cannot get complacent. The attackers did not even need to hack into the banks’ services: once they got into the network, they learned how to hide their malicious plot behind legitimate actions. It was a very slick and professional cyber-robbery,” Sergey Golovanov, Principal Security Researcher at Kaspersky Lab’s Global Research and Analysis Team, had then said.
“In 2015, the criminals behind Metel took aim at banks, specifically ATM machines. Using their savvy and a malicious campaign, these criminals turned their common credit cards into limitless ones. Imagine printing money, but even better,” Kaspersky said.