Fed had ‘major lapse’ in cyber heist: Bangladesh

cybercrime copy

Dhaka / Bloomberg

Bangladesh’s Central Bank has suggested the Federal Reserve Bank of New York had a “major lapse” in allowing hackers to transfer $101 million in transactions that it later flagged as suspicious, according to an internal document seen by Bloomberg.
The document, dated March 13, sheds new light on Bangladesh Bank’s interpretation of a cyber heist in which hackers tried to steal nearly $1 billion last month.
It outlines the strategy for recouping the stolen cash, including possible legal measures, and doesn’t appear to include input from anyone outside the central bank.
It also shows the New York Fed and Bangladesh put in place greater security measures on transfers immediately after the theft.
In early February, the Federal Reserve Bank of New York blocked 30 transactions from Bangladesh’s account valued at $850 million because of a lack of beneficiary details, according to the Bangladesh Bank
document. However, the New York Fed allowed another five transactions to go through “which they subsequently flagged for due diligence review,” it says.
“We view this as a major lapse on the part of FRB NY,” the document says, referring to the New York Fed. Bangladesh is engaging legal counsel in New York City “to establish precise grounds of initiating lawsuit claiming recompense,” it says.
Fed Response
New York Fed spokeswoman Andrea Priest said they aren’t commenting beyond a statement earlier this month. The instructions to make the payments from the account of Bangladesh’s central bank followed standard protocols and were authenticated by the SWIFT message system used by financial institutions, a Fed spokeswoman said on March 8.
Subhankar Saha, spokesman for Bangladesh Bank, said he won’t comment on any internal document or any part of the investigation.
Investigators are still trying to determine the masterminds of the heist. Earlier this month Bangladesh Finance Minister Abul Maal Abdul Muhith said the Fed was responsible for the stolen funds.

Weekend phone calls
About $81 million ended up in the Philippines and most has disappeared. Philippine authorities have accused a branch manager at Rizal Commercial Banking Corp. of laundering money, a charge she has denied. Another $20 million sent to Sri Lanka was returned by Pan Asian Banking Corp. after it spotted a spelling error in the beneficiary’s name and flagged that to Bangladesh authorities.
The suspect transfers were made on Thursday, Feb. 4. Bangladesh’s central bank — with limited staffing on the Friday-Saturday weekend — didn’t detect the fraud until two days later, in part because of a printer error. It also received two SWIFT messages from the New York Fed dated Feb.
4 “mentioning about ‘doubtful’ Payment Instructions,” according to the
document.
On February 6, Bangladesh Bank immediately contacted SWIFT about the issue and was advised to “cordon off” the local server while damage assessments were carried out, according to the document. Bank also called the New York Fed on a phone number that appeared on its website, but couldn’t connect with anyone, it said. Central bank officials sent four e-mails and a fax to the New York Fed to try and get them to stop payment, it said.

Leave a Reply

Send this to a friend