Dive Brief:
- An investigator said Bangladesh’s central bank had no firewall and utilized poor security practices prior to becoming the victim of a record-breaking heist in February, according to a Reuters report.
- The investigator said Bangladesh Bank used cheap, second-hand switches to network computers connected to the SWIFT global payment network.
- The hackers sought to steal nearly $1 billion in a heist involving a complex web of international transfers, but they made a simple spelling error, severely diminishing the amount they got away with to about $80 million.
Dive Insight:
Given today’s threat environment, it’s critical to ensure advanced security practices are in place not just at financial institutions, but at all institutions. Tom Kellermann, a former member of the World Bank security team, told Reuters he believes there are "a handful" of central banks in developing countries that are just as insecure as the one in Bangladesh. But those banks are often connected to the global banking system, putting many organizations at risk.
Though the Bangladesh heist was an extreme example of cybersecurity gone wrong, it serves as a warning for organizations to take security seriously.
The lack of security made it easy for the hackers to break into the Bangladesh central bank system, said Mohammad Shah Alam, head of the Forensic Training Institute of the Bangladesh police's criminal investigation department. The lack of advanced switches has also made it more challenging for investigators to track the thieves, who still have not been found.
Security experts called the lack of security at the bank "egregious."
"You are talking about an organization that has access to billions of dollars and they are not taking even the most basic security precautions," Jeff Wichman, a consultant with cyber firm Optiv, told Reuters.
Investigators have been able to determine that some of the missing funds were sent to casinos in the Philippines, but most of the funds remain unaccounted for.
