The story of the Hackers who stole $100 million from the Bangladesh central bank.Read Full story How Hackers Hack 100 Million Dollars From New York Field Bank.
Hundreds of foreign governments including Bangladesh keep their dollar currency reserves on deposit at the New York Fed, in part to make it easy to invest in U.S. Treasury securities.
But what really happened?
As it turns out there is much more to the story, and as Bloomberg reports today now that this incredible story is finally making the mainstream, there is everything from casinos, to money laundering and ultimately a scheme to steal $1 billion from the Bangladeshi central bank. In fact, the story is shaping up to be “one of the biggest documented cases of potential money laundering in the Philippines. It risks setting back the Southeast Asian nation’s efforts to stamp out the use of the country to clean cash, and tarnishing the legacy of President Benigno Aquino as elections loom in May.”
And yes, it does appear that hackers managed to bypass the Fed’s firewall:
“Even as banks continue to harden their defenses against such sabotage, hackers too have upped their game to breach servers by utilizing both technical skills and rogue elements within the financial institutions,” said Sameer Patil, an associate fellow at Gateway House in Mumbai who specializes in terrorism and national security.
Hackers Hack 100$ Million New York Field Bank
Full Story Hackers Hack 100$ Million From Bangladesh New York Field
The Hacking News begins in Bangladesh, a country of about 170 million people that’s recently found itself with record foreign reserves thanks to a low wage-fueled export boom and inward remittances. Some of those reserves were held in an account at the Federal Reserve Bank of New York.
As reported previously, a Bangladesh central bank official who is part of a panel investigating the disappearance of the funds said Wednesday that a separate transfer of $870 million had been blocked by the Fed, something the Fed refused to comment on. It does not, however, explain why $100 million was released.
Essentially the dispute is about whether the Fed went through the right procedure when it received transfer orders.
Naturally, the Fed’s story is that it did nothing wrong. Bloomberg writes that according to a Fed spokeswoman, instructions to make the payments from the central bank’s account followed protocol and were authenticated by the SWIFT codes system. There were no signs the Fed’s systems were hacked, she said.
The problem is that the counterparty on the other side of the SWIFT order was not who the Fed thought, and what should have set off red lights is that the recipients was not the government of the Philippines but three casinos!
On the other hand, Bangladesh is quite – understandably – furious: a local official said the Fed should’ve checked the payment orders with the central bank to ensure they were authentic, even if they used the correct SWIFT codes. The official also said there are plans to take legal action against the Fed to retrieve missing funds.
If at this point flashing light bulbs are going off above the heads of some of our more industrious readers, we can understand why: after all if a fake SWIFT money order is all it takes to have the Fed send you $100 million dollars then…
Four requests to transfer a total of about $81 million to the Philippines went through, but a fifth, for $20 million, to a Sri Lankan non-profit organization was held up because the hackers misspelled the name of the NGO, Shalika Foundation.
Hackers misspelled “foundation” in the NGO’s name as “fandation“, prompting a routing bank, Deutsche Bank, to seek clarification from the Bangladesh central bank, which stopped the transaction, one of the officials said.
Also Read: How iPhone was Hacked with a Simple Toy
Luckily, the Fed stopped some of the $1 billion in total requested funds. The unusually high number of payment instructions and the transfer requests to private entities – as opposed to other banks – raised suspicions at the Fed, which also alerted the Bangladeshis, the officials said. The details of how the hacking came to light and was stopped before it did more damage have not been previously reported. Bangladesh Bank has billions of dollars in a current account with the Fed, which it uses for international settlements.
The transactions that were stopped totaled $850-$870 million, one of the officials said. At least $80 million made it through without a glitch.
Meanwhile, back in the Philippines, the gaming regulator said it is investigating reports that as much as $100 million in suspicious funds were remitted to the bank accounts of three casinos it didn’t identify.
The Philippine Daily Inquirer has led reporting on the theft. It wrote last month that cash may have entered the Philippines via the Jupiter Street, Makati City, branch of Rizal Commercial Banking Corp. The money was converted into pesos and deposited in the account of an unidentified Chinese-Filipino businessman who runs a business flying high net worth gamblers to the Philippines.
In other words, the Fed was funding gamblers, only these were located in Philippine casinos, not in the financial district. Ironically, that’s precisely what the Fed does, only it normally operates with gamblers operating out of Manhattan’s financial district.
Bloomberry Resorts investor relations director Leo Venezuela and City of Dreams Manila Vice President Charisse Chuidian didn’t reply to calls and phone messages.
Also Read: How Hackers Hack PayPal Account in 2016
And then, once the “gamblers” were done having their fun laundering freshly received Fed money, they moved the cash offshore: funds were later dispatched into accounts outside the Philippines, the paper said, including to Hong Kong. The Hong Kong Monetary Authority declined to comment, as did the Hong Kong police. The Inquirer separately reported the head of the Rizal branch where the transactions occurred had made a statement that top bank officials were aware of the transactions “at every stage.”
Were the banks in on this unprecedented theft? Probably, although it will be nearly impossible to prove.
The exact amount stolen from Bangladesh is still not exactly clear, as is what happens next in the dispute with the Fed. So read latest Hacking News and Tech News only on at iTech Hacks Network. Don’t Forget To Share This Post 🙂