You can’t call yourself cyber geek if you don’t know about greatest hacks in our history. Some of them were solved and some remained unsolved till now. Today we toptechpal are going to start our new series called as ” Greatest hacks unraveled”, where we will discuss greatest hacks performed in our history. We are going to start this new series with the legendary cyber heist performed in our history, Bangladesh bank cyber heist.
We are going to discuss how the central bank of Bangladesh was hacked. This is quite an interesting article. Bangladesh bank robbery is not a simple heist with a simple plan but was pull out by someone with the brain of professor and we can’t say confidently the identity of that professor till now 2020. I am starting my new series Greatest hacks unraveled with this cyber heist. This will be more like a real storytelling. You will think about how is this even possible after reading about it.
What is Bangladesh bank cyber heist?
Bangladesh bank robbery, also known as Bangladesh bank cyber heist took place in February 2016. Thirty-five fraudulent instruction of illegally transferring almost USD$1 billion was sent from the federal reserve bank of New York account belonging to the central bank of Bangladesh by security hackers using the SWIFT network.
Five out of the thirty-five instructions given by hackers were successful in transferring $101 million, with $20 million to Sri Lanka and $81 million to the Philippines. The Federal Reserve Bank of New York blocked the remaining transactions, amount of $850 million, due to suspicions that were caused by misspelled instructions.
Bangladesh bank robbery- Greatest hacks unraveled
Friday, 5 February 2016, Bangladesh had a weekend as usual. Some staff at Central Bank of Bangladesh looked upon printer and found that the printer connected with their banking software wasn’t working. It was supposed to have a pile of transaction records in real-time but it didn’t have a single piece of paper printed. Next day Saturday, 6 February 2016, they fixed the printer and it began to pile the statements in an unusual way at a high rate.
When the staff looked upon the statements they found something which drove everybody crazy. There were statements of thirty-five unauthorized transactions of ridiculously high amounts to foreign countries of all together $951 million from the central bank of Bangladesh accounts at federal reserve bank of new york proceeded using the SWIFT network. They tried to stop transaction but transactions had already proceeded. At that moment they knew they were hacked
According to the report by world Informatix Cyber Security, malware named Dridex was installed into the system of the bank through the spear-phishing method sometime around January 2016. Between that 1 month interval, they collected the SWIFT credentials of the bank and learned how the transaction is proceeded by the bank. SWIFT is used by most of the banks of the world for foreign money transactions and have the security of military class.
On 4 February 2016, Thursday, when the staff went home after their work, hackers began their operation while nobody was around. Thirty transactions of amount $850 million were flagged due to misspelled letters while rest passed successfully. The transactions which passed were $81 million to the Philippines and $20 million to Sri Lanka.
The transfer of $20 million to Sri Lanka was to an organization named as Shalika foundation. Hackers misspelled Foundation with Fundation. This arose suspicion. Deutsche Bank found that typo suspicious and contacted the federal reserve bank of new york. The federal bank contacted Bangladesh bank but got no response. It was 5 February 2016. Friday, a weekend in Bangladesh and nobody was around on Bangladesh bank to provide a response to federal bank.
There was one more thing. They delayed the printer of the bank by 1 day which prevented from real-time printing their transactions and confirmations and SWIFT statements in the bank making Staff unknown about what was going on. Some staff who were around though there might be an error on the printer as not a single piece of paper was printed. They fixed the printer the next day.
Now here comes another interesting part. This heist didn’t begin on 4 February but was already set up 9 months before the transfer. Four fake accounts were open in the Philippines at Rizal commercial banking corporation (RCBC) on May 5 2015. Those accounts were registered under fake identities and remained untouched till the day of the heist. When that $81 million was transferred to the Philippines, it was transferred to those four fake accounts on RCBC and some to another fake account in same bank.
This means attackers weren’t expecting money to be transferred anywhere but to only at those 4 accounts in the Philippines. They might have misspelled transactions of $850 million so, that they could create diversion and transfer $101 million successfully to Sri Lanka and Philippines. Another interesting thing is that they misspelled foundation with Fundation while transferring to Sri Lanka creating diversion to money transferred in the Philippines which sounds like not real in banking transactions as every transaction needs to be checked.
After Bangladesh bank fixed the printer they printed the transactions. Everyone drove craze when they saw unauthorized statements of $951 million transferring to some foreign banks. They contacted the federal bank on Saturday, 6 February 2016, informing about the transactions but there was no one around to provide a response as Saturday and Sunday are weekends on new york.
Federal Reserve Bank of New York got a response and they told that Bangladesh bank was hacked. They immediately contacted RCBC. It was Chinese new year, what a beautiful day. Of course, there was a holiday on Philippines. Nobody was around to response back to federal reserve bank of new york.
In those time period money was successfully transferred and converted in philippines pesos and then transferred to various casinos where they converted digital money into hard cash. There is no proper record of transactions on casinos and mostly covered by money laundering lords. There was no trace back to money from there.
Full operation was a masterpiece, art and full of beautiful timing. Not only technical things but other things of entire operations were planned beautifully. FBI and Interpol along with top cybersecurity firms assisted police department of Bangladesh in the investigation but they couldn’t find real mastermind behind it neither found concrete proof.
According to the investigation they found some IP addressed pointing to north Korea and said north Korean hackers were behind this operation but this could also be done to frame north Korea and that’s what we know till 2020. RCBC staff cases were closed due to lack of proof and there was no traceback to the mastermind. This is how one of the greatest hacks look like which you might have got forgotten.
This is the end for our another interesting article. Our next article will be quite interesting like this one. Feel free to join our telegram channel @thetechrim. Stay updated for tips and tricks, tutorial and tech news. Share and support us.