MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
had
Search

How Cybercriminals Almost Stole $1 Billion From Bangladesh's National Bank

Monday June 21, 2021. 01:34 PM , from Slashdot
'In 2016 North Korean hackers planned a $1bn raid on Bangladesh's national bank,' reports the BBC, 'and came within an inch of success — it was only by a fluke that all but $81m of the transfers were halted, report Geoff White and Jean H Lee...

'It all started with a malfunctioning printer...'

It was located inside a highly secure room on the 10th floor of the bank's main office in Dhaka, the capital. Its job was to print out records of the multi-million-dollar transfers flowing in and out of the bank. When staff found it wasn't working, at 08:45 on Friday 5 February 2016, 'we assumed it was a common problem just like any other day,' duty manager Zubair Bin Huda later told police. 'Such glitches had happened before.' In fact, this was the first indication that Bangladesh Bank was in a lot of trouble. Hackers had broken into its computer networks, and at that very moment were carrying out the most audacious cyber-attack ever attempted. Their goal: to steal a billion dollars.

To spirit the money away, the gang behind the heist would use fake bank accounts, charities, casinos and a wide network of accomplices.... When the bank's staff rebooted the printer, they got some very worrying news. Spilling out of it were urgent messages from the Federal Reserve Bank in New York — the 'Fed' — where Bangladesh keeps a US-dollar account. The Fed had received instructions, apparently from Bangladesh Bank, to drain the entire account — close to a billion dollars. The Bangladeshis tried to contact the Fed for clarification, but thanks to the hackers' very careful timing, they couldn't get through... The bank's HQ in Dhaka was beginning two days off. And when the Bangladeshis began to uncover the theft on Saturday, it was already the weekend in New York... And the hackers had another trick up their sleeve to buy even more time. Once they had transferred the money out of the Fed, they needed to send it somewhere. So they wired it to accounts they'd set up in Manila, the capital of the Philippines. And in 2016, Monday 8 February was the first day of the Lunar New Year, a national holiday across Asia...

They had had plenty of time to plan all of this, because it turns out the Lazarus Group had been lurking inside Bangladesh Bank's computer systems for a year... Once inside the bank's systems, Lazarus Group began stealthily hopping from computer to computer, working their way towards the digital vaults and the billions of dollars they contained... But they still had one final hurdle to clear — the printer on the 10th floor. Bangladesh Bank had created a paper back-up system to record all transfers made from its accounts. This record of transactions risked exposing the hackers' work instantly. And so they hacked into the software controlling it and took it out of action.
With their tracks covered, at 20:36 on Thursday 4 February 2016, the hackers began making their transfers — 35 in all, totalling $951m, almost the entire contents of Bangladesh Bank's New York Fed account.
There's more to the story — it's a whole episode on a 10-episode BBC World Service podcast which they're calling an example of 'the new front line in a global battleground: a murky nexus of crime, espionage and nation-state power-mongering. And it's growing fast.'

The story has a surprise ending — but alongo the way, the BBC's article points out that the consequences for the bank's governor were almost instant. 'He was asked to resign,' says U.S.-based cyber-security expert Rakesh Asthana. 'I never saw him again.'

Read more of this story at Slashdot.
rss.slashdot.org/~r/Slashdot/slashdot/~3/lj2IUAWClIA/how-cybercriminals-almost-stole-1-billion-from-...
News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Current Date
Mar, Fri 29 - 07:30 CET