Cyber Heist of the Century
A very small part of me has always been slightly attracted to the notion of Robin Hood robbing the rich to feed the poor.
For that reason, I find a potential $1 billion cyber hack committed against one of the poorest nations on Earth repulsive.
As we reported in our daily newsletter, Stop Press, last week an attempt would appear to have been made to steal a vast sum of money from the Bangladeshi Central Bank in what is the largest publicized cyber theft so far this century.
What do we know so far?
Operations staff came into work in early February to discover problems with a printer in their secure payments room and an error message indicating some form of “SWIFT corruption”. Upon further inquiry, they were horrified to discover the following trail:-
- 35 valid payment instructions had been tampered with leading to $951 million of payment messages sent via SWIFT to the New York Fed (the central bank’s US dollar nostro);
- 30 of these orders were not processed by the FED for reasons that are not totally clear;
- $101 million (five orders) were processed leading to fraudulent transfers;
- Unfortunately for Bangladesh $ 81 million of fraudulent orders were processed via RCBC, a Filipino bank.
Of this final amount, $29 million was sent to Bloomberry Resorts, $21 million to Eastern Hawaii Leisure Company and $ 31 million was delivered in cash to “Weikang Xu, via a casino in the Philippines.
All of $81 million has now disappeared via the casino industry.
Risk Audit will be running a one-day course on Thursday 26th May 2016examining the major challenges in Cyber Risk Management. This course will include an analysis of the lessons that can be learnt from this incident.
Early indications are pointing towards the following areas of focus:-
Malware
It is clear that the crooks managed to install some form of “malware” on the central bank’s servers. Exactly how this was achieved remains to be disclosed but see below.
E-Mail Spearphishing
This is a term referred to the practice of identifying employees that can be exploited and then seeking to take advantage of information they hold (e.g. passwords). It would appear that this technique may have been used to compromise an insider.
The Role of the Fed
The Federal Reserve has issued a statement denying any culpability for the hack and the ease with which the crooks managed to transfer these vast amounts of money.
Normal practice is for correspondent banks to rely on the authentication facilities of SWIFT to determine their authorization to rely on electronic instructions. The Fed has claimed that this is exactly what it is relying on.
But!!!
Something alerted the Fed to the need to block thirty of the orders. It is understood that it had some of query in relation to the remaining five orders. The Bangladesh Central Bank is asserting that if the Fed had waited for answers to further queries none of the funds would have been transferred.
Is there a possibility that additional banking mandate checks to validate unusual SWIFT instructions were not complied with? Time will tell.
Taking Advantage of Bank Holidays
One of the classic fraudster’s trick is to attempt the deceit during bank holidays. Please note that some transactions occurred on a Sunday when Bangladesh is open but New York is closed. More importantly monies were transferred to the Philipines and the cash drained out of the system on local bank holiday.
Client On-Boarding
The crooks selected the Philipines and, in particular, the casino industry. They took advantage of weak bank account opening and on-going “know your business” controls in the industry.
Investigations are on-going.
Cyber risk management is all about “defence-in-depth” strategies that rely not only on IT technicians but also all staff to apply their awareness training and comply with well-designed security policies.