The cyberattackers behind a successful cyberheist which left the Bangladesh central bank $81 million out of pocket targeted the PC of a Bangladeshi official to conduct the theft.
According to Reuters, a Bangladesh diplomat admitted on Thursday that a computer belonging to a Bangladesh central bank official was targeted in the attack.
In February, cyberattackers raided a bank account belonging to Bangladesh’s central bank, held by the New York-based Federal Reserve Bank.
After installing malware in systems at the banks’ Dharka headquarters, the malware — while unknown, at the least contained surveillance features — allowed the group to spend several weeks spying upon the bank’s systems and processes.
When the time was right, the group sent a flurry of fraudulent transaction requests through the SWIFT financial messaging service, leading to the transfer of $81 million to agents in the Philippines.
It was only due to a small spelling error on one of these transactions which raised an alert, blocking other queries which had not yet been processed.
If the clerical error had not been discovered and a flag raised, the cyberattackers could have made off with a large chunk of the bank’s reserves. This could have been up to approximately $1 billion, based on the transactions requests which were turned down.
Atiur Rahman, who served as Governor of the Bangladesh Bank, resigned from his position in March due to the security breach.
John Gomes, Bangladesh Ambassador to the Philippines, told attendees at a panel that stolen funds ended up in Manila, the capital city of the Philippines — but investigators do not believe the cyberattackers came from either this country or Bangladesh.
A small portion of the stolen funds have been recovered, but Bangladesh officials are still considering the prospect of taking the US financial system to court to recover the remainder.
In related news, the Bank of England has taken note of the $81 million heist, ordering UK financial institutions to take steps to avoid becoming a victim of a similar scheme.
The bank has requested that all UK banks bring their cybersecurity practices up to scratch and conduct a formal security review by mid-to-late April.