Tagged: heist Toggle Comment Threads | Keyboard Shortcuts

  • jkabtech 5:14 pm on March 29, 2016 Permalink | Reply
    Tags: , heist, helped   

    How a hacker’s typo helped stop a $1B bank heist 

    A spelling mistake in an online bank transfer instruction helped prevent a nearly $1 billion heist last month involving the Bangladesh central bank and the New York Fed, banking officials said.

    Unknown hackers still managed to get away with about $80 million, one of the largest known bank thefts in history.

    The hackers breached Bangladesh Bank’s systems last month and stole its credentials for payment transfers, two senior Bangladesh Bank officials said.

    Commuters pass by the front of the Bangladesh central bank building Commuters pass by the front of the Bangladesh central bank building

    They then bombarded the Federal Reserve Bank of New York with nearly three dozen requests to move money from the Bangladesh bank’s account there to entities in the Philippines and Sri Lanka, the officials said.

    Four requests to transfer a total of about $81 million to the Philippines went through, but a fifth, for $20 million, to a Sri Lankan non-profit organisation got held up because the hackers misspelled the name of the NGO.

    The full name of the non-profit could not be learned. But one of the officials said the hackers misspelled “foundation” in the NGO’s name as “fandation”, prompting a routing bank, Deutsche Bank, to seek clarification from the Bangladesh central bank, which stopped the transaction.

    Deutsche Bank declined to comment.

    At the same time the unusually high number of payment instructions and the transfer requests to private entities — as opposed to other banks — made the Fed suspicious, which also alerted the Bangladeshis, the officials said.

    The details of how the hacking came to light and was stopped before it did more damage have not been previously reported. Bangladesh Bank has billions of dollars in a current account with the Fed, which it uses for international settlements.

    The transactions that got stopped totaled between $850 million and $870 million, one of the officials said.

    Last year, Russian computer security company Kaspersky Lab said a multinational gang of cybercriminals had stolen as much as $1 billion from as many as 100 financial institutions around the world in about two years.

    SHOW COMMENTS Please add a username to view or add commentsPublic Username for Commenting

    View the original article here

    Advertisements
     
  • jkabtech 4:57 pm on March 22, 2016 Permalink | Reply
    Tags: , , heist, , Spoil,   

    Security News This Week: Hackers Spoil Their $1 Billion Bank Heist With a Typo 

    Caption: Getty Images

    Skip Article Header. Skip to: Start of Article. Vault-a0007-000162a.jpg Getty Images
     
  • jkabtech 11:26 pm on March 20, 2016 Permalink | Reply
    Tags: alarm, , heist, trips   

    Typo trips the alarm in $101M cyber bank heist 

    Kara Scannell and Victor Mallet Friday, 11 Mar 2016 | 1:33 AM ETFinancial Times

    A $101 million cyber heist has left central bank officials from Bangladesh to New York arguing over what may be one of the largest and most audacious bank raids in history.

    Hackers allegedly breached the Bangladesh central bank’s security system and then masqueraded as Bangladeshi officials to submit a series of requests for the New York Federal Reserve to transfer large tranches of money from its account there.

    Bangladesh Bank told the Financial Times last night that a total of $101 million was wrongly transmitted, of which $20 million went to a Sri Lankan bank. It was this last payment that raised suspicions over the authenticity of the transfers.

    “The Sri Lankan bank did not disburse it immediately and we could recover the full amount. The remaining $81m was transmitted to a few accounts of a Philippine bank,” the central bank said. Anti-money laundering authorities in the Philippines were co-operating with Bangladesh and had already frozen the relevant bank accounts, it added.

    More from FT.com

    Health care sector warned against hack attacks
    One in four companies hit by cyber attack
    How companies are hit by email scams

    An experienced cyber expert, who had worked at the World Bank and is currently employed as an “IT governance specialist” on a Bangladesh Bank project, was investigating the case with his forensic team, the central bank said. “We have confidence the stolen funds will be recovered in full.”

    Central banks are ripe targets for criminal groups given the potential windfall they can make if just one of their attempts succeeds.

    While the money may ultimately be recovered there is a growing dispute over who is to blame for allowing the transfers.

    Abul Maal Abdul Muhith, Bangladesh’s finance minister, told reporters in Dhaka this week that his government was considering filing a case against the New York Fed and that he was also surprised by the failure of his own country’s central bank to report the crime.

    He said that the Fed officials “cannot avoid their responsibility in any way”, and added that he first learned of the scam from press reports. “Bangladesh Bank authorities did not inform [us] of the matter,” he said.

    A spokesperson for the NY Fed said, however, that its systems were not hacked and the transfers were made after it followed protocol.

    “To date, there is no evidence of any attempt to penetrate Federal Reserve systems in connection with the payments in question, and there is no evidence that any Fed systems were compromised.”

    The Fed spokesperson added, “The payment instructions in question were fully authenticated by the SWIFT messaging system in accordance with standard authentication protocols. The Fed has been working with the central bank since the incident occurred, and will continue to provide assistance as appropriate.”

    Other transfers were reportedly attempted, but were ultimately stopped before $1bn could be stolen from the account.

    Bangladesh banking officials told Reuters that the cyber criminals were ultimately stopped when they made a spelling mistake in one of their transfer instructions. The hackers misspelled the name of a Sri Lankan non-governmental organisation, writing “foundation” as “fandation”. That prompted a routing bank to query the transaction and led to the crime being stopped, Reuters reported.

    Criminal organisations have made a business of “spoofing” email accounts and impersonating individuals, company executives and others into transferring money offshore. Cyber criminals have targeted the US financial sector in the past.

    JPMorgan Chase was hacked in 2014 and last year US authorities announced charges against several individuals who were allegedly involved in a securities fraud scheme. US prosecutors have also charged a UK citizen for hacking into the Federal Reserve and stealing sensitive personal information and other US government agencies. Those charges are still pending.

    SHOW COMMENTS Please add a username to view or add commentsPublic Username for Commenting

    View the original article here

     
c
Compose new post
j
Next post/Next comment
k
Previous post/Previous comment
r
Reply
e
Edit
o
Show/Hide comments
t
Go to top
l
Go to login
h
Show/Hide help
shift + esc
Cancel
%d bloggers like this: