May 11, 2016
Technicians from the global payment network SWIFT left Bangladesh’s Central Bank vulnerable to an attack that saw attackers steal £57 million, according to Bangladeshi police and bank officials speaking to Reuters.
In February, unknown hackers broke into the Bangladesh Bank and almost got away with just shy of £700 million. In the event, their fraudulent transactions were cancelled after they managed to transfer £57 million when a typo raised concerns about one of the transactions. That money is still unrecovered. In April, we learned that preliminary investigations had revealed the use of cheap networking and a lack of firewalls, both contributing to the attack.
The new report sheds further light on the incident. The SWIFT organisation is owned by 3,000 financial companies and operates a network for sending financial transactions between financial institutions. Technicians from the organisation worked at the central bank last year when they were connecting the Bangladesh’s real-time gross settlement (RTGS) system to the SWIFT network. Mohammad Shah Alam, leading the probe for the Bangladesh police, told Reuters that the technicians doing this work left “a lot of loopholes” that were not subsequently addressed.