Bangladesh central bank hack may be an insider job, says FBI

The U.S. Federal Bureau of Investigation has found evidence that at least one employee of Bangladesh’s central bank was involved in the theft of US$81 million from the bank through a complex hack, according to a newspaper report.

The number of employees involved could be higher, with people familiar with the matter suggesting that a handful of others may also have assisted hackers to negotiate Bangladesh Bank’s computer system, The Wall Street Journal reported on Tuesday.

Bangladesh Bank officials could not be reached for comment.

The attackers tried to transfer $951 million out of Bangladesh Bank’s account at the Federal Reserve Bank of New York in February, but most of the transfers were blocked before they could be completed. Some $81 million were sent to accounts in the Philippines.

Bangladeshi officials have partly blamed the hack on the SWIFT financial network, with a bank official and police officer investigating the hack telling Reuters that the connection of SWIFT to the country’s first real-time gross settlement (RTGS) system left loopholes for hackers.

Bangladesh Bank is responsible for the security of its own systems interfacing with the SWIFT network, starting with basic password protection practices, the SWIFT global financial network said in a statement. It rejected the allegations by the bank and the police as “false, inaccurate and misleading.”

The police official, Mohammad Shah Alam, told Reuters that his force wants to interview SWIFT technicians to find out whether their actions were intentional or negligent.

Representatives of the Bangladesh Bank, SWIFT and the New York Federal Reserve Bank are meeting in Basel on Tuesday, when the suspicions of the FBI about an insider hand and the role of the SWIFT integration are likely to come up.