Former Bangladesh Bank (BB) governor and head of the probe body formed to investigate central bank heist Mohammad Farashuddin yesterday blamed the Society for Worldwide Interbank Financial Telecommunication (SWIFT) for the cyber heist of Bangladesh’s foreign exchange reserves kept at the Federal Reserve Bank of New York. “The authorities at SWIFT are responsible for the theft of the Bangladesh Bank reserves.
The concerned central bank officials have also been negligent. The Federal Reserve Bank also cannot evade responsibility,” Farashuddin said.“Either Pakistani or North Korean hackers have used malware to steal USD 101 million from Bangladesh Bank’s account with the Federal Reserve Bank,” he added.
The malware was installed in the server of Bangladesh’s central bank for the purpose of stealing the money, the probe body head said. “The management of the Federal Reserve Bank of New York cannot bypass responsibility for the theft,” he told journalists while exiting the Bangladesh Bank office yesterday. On February 4, USD 101 million was stolen by hackers from the Bangladesh Bank’s reserves with the Federal Reserve Bank of New York, through Rizal Commercial Banking Corporation (RCBC) in the Philippines and Pan Asia Banking Corporation in Sri Lanka.
The Criminal Investigation Department (CID) of Bangladesh Police and BB officials said that the SWIFT server of Bangladesh Bank has become vulnerable to hacking due to the negligence of SWIFT technicians. They said that USD 20 million sent to Sri Lanka has been recovered, but not the remaining USD 81 million that went to the Philippines.
Meanwhile, on May 9, SWIFT rejected the allegations made by Bangladeshi officials that technicians with the global banking system have made the nation’s central bank more vulnerable to hacking prior to the USD 81 million cyber heist in February.
SWIFT stated that it is not its responsibility to ensure cyber security of its members, including Bangladesh Bank. SWIFT also sent the same statement to its member banks. Bangladesh Bank has appointed US-based cyber security companies World Informatix and FireEye to investigate the technical aspects of the reserves theft.
On the basis of a portion of the probe report into cyber security, Reuters said in a report that three hacker groups are still lurking in the Bangladesh Bank network.
Citing the same investigative report on cyber security, Bloomberg News has specified that of the three hacking groups, one is from Pakistan and another from North Korea. The available data is not sufficient to determine where the third group, the actual culprit, is a criminal network or the agent of another nation.
In reply to a question, Farashuddin told the journalists that the malware was created either in Pakistan or in North Korea. “In our interim probe report, we have suggested to the Bangladesh government to put pressure on the RCBC Bank of the Philippines to recover the lost amount.
Diplomatic readiness is necessary to recover the entire amount,” he said. The Farashuddin-led probe committee submitted its interim report to the government on April 20, but finance minister AMA Muhith has refused to reveal the report before it is completed and finalised.