Last February, a group of hackers using what investigators believe is sophisticated malware technology was able to breach the Bangladesh central bank's computer systems, stealing credentials that were required for money transfers. The group then proceeded to initiate a number of requests to the Federal Reserve Bank of New York, asking the American financial firm to transfer money from the Bangladeshi's account with the Fed to a number of international firms.
For the most part, the plan was ingenious, and it worked pretty well, too. In fact, four transfers to accounts in the Philippines amounting to about $80 million worked. Unfortunately for the hackers, a fifth request, which was supposed to be sent to a Sri Lankan foundation, became just a bit suspicious.
What caused the suspicion was not the $20 million transfer request. Rather, it was the fact that the letter requesting for the funds carried a particularly interesting error. Fortunately, the hackers ended up spelling the name of the organization wrong, typing the word "foundation" as "fandation."
Due to the error, the Sri Lankan bank asked for clarification, and it was only then that the Fed was able to notice something was wrong. The American financial giant then stopped all remaining transfer requests, amounting to about $850 million.
While the thieves were able to run away with a substantial amount of $80 million, the total amount that was stolen could easily have been a lot worse.
According to investigators working on the case, the brazen theft could have been a lot worse. Apparently, the hackers were able to steal the Bangladesh Bank's credentials for the SWIFT messaging system, a highly secure network utilized by banks to communicate with each other.
"SWIFT and the Central Bank of Bangladesh are working together to resolve an internal operational issue at the central bank. SWIFT's core messaging services were not impacted by the issue and continued to work as normal," Belgium-based SWIFT said in a statement.
Bangladesh's finance minister has placed the blame on the Fed for the theft, stating that the bank would file a case against the American financial firm in the international court. The Fed, however, has asserted its innocence in the matter.
"There is no evidence of any attempt to penetrate Federal Reserve systems in connection with the payments in question" or that the institution's systems were compromised," a Fed spokesman said.
