There is evidence that the workers who installed the SWIFT system in BCB did not follow official guidelines and that could have opened up security vulnerabilities.In Manila, Philippines, workers at the Riza Commercial Banking Corporation allowed the attackers to open accounts using fake driving licenses these accounts were then used to receive and traffic stolen funds.And human error played a great part in the BCB attack, at several points during which the theft could have been stopped: You can have the most sophisticated state-of-the-art security systems in the world, but if people are cutting corners or failing to follow instructions, then criminals can exploit that. But what can organizations learn from it? It was one of the most audacious and successful bank robberies in history.
While a series of spelling and formatting errors in the thieves’ SWIFT instructions halted the vast majority of the transactions, a total of $81 million was transferred to banks in Southeast Asia and quickly laundered through, among other places, the Manila casino system. By the time the BCB reactivated its printer and received the notifications of the transfers – and requests from the New York Fed for clarification - it was already too late and the money had been sent. This meant the bank’s employees in Bangladesh were not aware that the heist was going on. But in this case, the attackers disabled the BCB’s printers with a piece of malware. SWIFT usually notifies banks of transfers by sending the order to a bank’s printers. Pretending to be the BCB, the thieves sent fake instructions over SWIFT to the New York Fed, asking for some funds to be transferred to bank accounts in Southeast Asia. Federal Reserve (which holds many international banking assets) into transferring funds to accounts owned by the thieves. The theft involved manipulating the SWIFT system – a digital messaging platform that manages many of the world’s interbank financial transfers – to fool the New York branch of the U.S. The hack was highly complex, and took place over several lines of attack: Understanding exactly what went wrong in the BCB hack – which has been suggested by some to be linked to the WannaCry ransomware attack of May 2017 – can provide businesses with invaluable lessons in how to improve their security strategies. But their success was, more than anything else, down to weaknesses in the institutions they robbed. The thieves were organized, well networked, and well funded. The attempt is considered one of the biggest bank heists of all time. Much of this was eventually recovered, but the thieves still managed to get away with $81 million. 
Over the weekend of 5th February 2016, a group of still-unidentified hackers attempted to steal $951 million from the Bangladesh Central Bank (BCB) in Dhaka. It takes time, planning, manpower – and capitalizing on your target’s vulnerabilities.
0 kommentar(er)
