Skip to main content

How Spelling mistake prevented hackers taking $1bn in bank heist

A spelling mistake in an online bank transfer instruction helped prevent a nearly $1bn heist last month involving the Bangladesh central bank and the New York Fed, banking officials said.

Unknown hackers still managed to get away with about $80m, one of the largest known bank thefts in history.

The hackers breached Bangladesh Bank’s systems and stole its credentials for payment transfers, two senior officials at the bank said. They then bombarded the Federal Reserve Bank of New York with nearly three dozen requests to move money from the Bangladesh Bank’s account there to entities in the Philippines and Sri Lanka, the officials said.

Four requests to transfer a total of about $81m to the Philippines went through, but a fifth, for $20m, to a Sri Lankan non-profit organisation was held up because the hackers misspelled the name of the NGO, Shalika Foundation.

How Spelling mistake prevented hackers taking $1bn in bank heist

Hackers misspelled “foundation” in the NGO’s name as “fandation”, prompting a routing bank, Deutsche Bank, to seek clarification from the Bangladesh central bank, which stopped the transaction, one of the officials said.

There is no NGO under the name of Shalika Foundation in the list of registered Sri Lankan non-profits. Reuters could not immediately find contact information for the organisation.

Deutsche Bank declined to comment.

At the same time, the unusually high number of payment instructions and the transfer requests to private entities – as opposed to other banks – raised suspicions at the Fed, which also alerted the Bangladeshis, the officials said.

The details of how the hacking came to light and was stopped before it did more damage have not been previously reported. Bangladesh Bank has billions of dollars in a current account with the Fed, which it uses for international settlements.

The transactions that were stopped totalled $850m to $870m, one of the officials said.

Last year, Russian computer security company Kaspersky Lab said a multinational gang of cyber criminals had stolen as much as $1bn from as many as 100 financial institutions around the world in about two years.

Iraqi dictator Saddam Hussein’s son Qusay took $1bn from Iraq’s central bank on the orders of his father on the day before coalition forces began bombing the country in 2003, American and Iraqi officials have said. In 2007, guards at the Dar Es Salaam bank in Baghdad made off with $282m.

Bangladesh Bank has said it has recovered some of the money that was stolen, and is working with anti-money laundering authorities in the Philippines to try to recover the rest.

A bank spokesman could not be reached for comment late on Thursday.

The recovered funds refer to the Sri Lanka transfer, which was stopped, one of the officials said.

Initially, the Sri Lankan transaction reached Pan Asia Banking Corp, which went back to Deutsche Bank for more verification because of the unusually large size of the payment, a Pan Asia official said.

“The transaction was too large for a country like us,” the official said. “Then [Deutsche] came back and said it was a suspect transaction.”

A Pan Asia spokesman could not immediately be reached for comment.

The dizzying, global reach of the heist underscores the growing threat of cybercrime and how hackers can find weak links in even the most secure computer networks.

More than a month after the attack, Bangladeshi officials are scrambling to trace the money, shore up security and identify weaknesses in their systems. They said there is little hope of ever catching the hackers, and it could take months before the money is recovered, if at all.

Security experts said the perpetrators had deep knowledge of the Bangladeshi institution’s internal workings, probably gained by spying on bank workers.

The Bangladesh government, meanwhile, is blaming the Fed for not stopping the transactions earlier. The finance minister, Abul Maal Abdul Muhith, told reporters on Tuesday that the country may resort to suing the Fed to recover the money.

“The Fed must take responsibility,” he said.

The New York Fed has said its systems were not breached, and it has been working with the Bangladesh central bank since the incident occurred.

The hacking of Bangladesh Bank happened sometime between 4-5 February, over the Bangladeshi weekend, which falls on a Friday, the officials said. The bank’s offices were shut.

Initially, the central bank was not sure if its system had been breached, but cybersecurity experts brought in to investigate found hacker “footprints” that suggested the system had been compromised, the officials said.

These experts could also tell that the attack originated from outside Bangladesh, they said, adding the bank is looking into how they got into the system and an internal investigation is ongoing.

The bank suspects money sent to the Philippines was further diverted to casinos there, the officials said.

The Philippine Amusement and Gaming Corp, which oversees the gaming industry, said it has launched an investigation. The country’s anti-money laundering authority is also working on the case.

Source: TheGuardian

Popular posts from this blog

Meta NOINDEX is better than Blocking Robots

Hello Friends, welcome back to the blog; today I come with topics why Meta NOINDEX is better than blocking search engines by robots. As you all know about these two properties of Search Engine Optimization but let me explain it first for new webmasters.

Meta is property that webmaster keep in head tags of a HTML webpage that helps Search Engines to know basic facts about the site.

Example of Meta Property, the given meta property is called description:
<meta content='Something about the page' name='description'/>

Robot or called as Robots.txt is another property of SEO that helps the crawlers of different search engines helps in knowing whether are the areas to crawl and what are areas not to be crawled by them.

Example of Robots.txt (Our Robot text):
Visit: http://www.youthhustle.com/robots.txt

So, the question arises why should I not to be use Robots txt for blocking robots or why Meta NOINDEX is better. The answer is very simple and clear but first known How …

Download Sanrachna Typing Tool

Sanrachna Typing Tool is an powerful unicode hindi typing tool that helps in converting English letters in Hindi. Sanrachnacan be used to write in Hindi Unicode without learning Hindi Keyboard layout. Sanrachna is compatible with all versions of Windows like Windows Vista, Windows 7, Windows 8 and Windows 8.1 too.
For Sanrachna you must need .NET Frame Work 2 installed on your PC. Sanrachna have made easy for working on many websites. Sanrachna Typing Tool is wonderful and can be onned by "pressing *Caps Lock*" for typing in hindi. If user want to type in English user need to be press *Caps Lock* again. Download Sanrachna Hindi Typing Tool for Windows VistaDownload Sanrachna Hindi Typing Tool for Windows 7 and Windows 8

Download Google Now Launcher APK 1.4.002

Google Now Launcher is orginally made by Google LLC. that gives an amazing experience to your Android device. It have included Google Now that can be used by just a left swipe over the android glass.

It can be installed on any Android which is higher than 4.1 (Jelly Bean). It have a Google Search tool right on the front screen that immediately opens Google Search that makes searching anything on Google much easier. You can even call Google just by saying "Ok Google" (You need to setup your Google Now voice command).

It have an simple up to down design of the menu. You can get all the application right there.
Download the Software (Google Now Launcher 1.4.002): File Name: Google_Now_Launcher_1.4.large-104002%28youthhustle.com%29.apk
Software Name: Google Now Launcher
Version: 1.4.002
Developer: Google LLC
Official Link: http://google.com/
Download Google Now Launcher 1.4.002