Source: Dhaka Tribune
Here’s when a tiny spelling error became a billion dollar mistake for this group of hackers.
UK Telegraph reports that a group of unknown hackers have had their scheme to steal $1 billion (RM4.1 billion) involving the Bangladesh central bank and the New York Fed thwarted because of a simple typo that alerted banks to their fraudulent money transfers. According to Reuters, the hackers had broken into Bangladesh’s central bank in the past month at some point between the 4th and 5th of February and surreptitiously transferred large sums to private accounts in the Philippines and Sri Lanka from an account held at the Federal Reserve Bank of New York.
Two senior officials at the Bangladesh central bank disclosed that the hackers managed to pull of the heist by breaching Bangladesh Bank’s systems and stealing its credentials for payment transfers. The criminals had then used the bank’s transfer codes they accessed to send the Federal Reserve Bank of New York nearly three dozen requests to move money from the Bangladesh Bank’s account there to the private entities in the Philippines and Sri Lanka.
Alas for the hackers for only four of the requests to transfer went through successfully, although they still managed to get away with over $81 million in their successful transfers to the Philippines, still making it one of the largest known bank thefts of its time. The Verge reports that the requests involved shifting money from the Bangladesh bank to banks in the Philippines, where the funds were then transferred to casinos and converted into chips. The chips were then cashed out and sent to Hong Kong bank accounts.
However, once it came to the fifth transfer for $20 million supposedly to a Sri Lankan non-profit organisation called Shalika Foundation, the attempt was held up because the hackers misspelled the name of the NGO. Instead, the hackers had attempted to transfer some $20 million to Shalika Fandation, after a typo in spelling “foundation” as “fandation”. When staff at a routing bank, Deutsche Bank, spotted the error, this prompted the Deutsche Bank to contact with the Bangladesh central bank to seek clarification, which halted the transaction and stopped the funds from going through. Reuters reports that they were unable to find contact information for the organization and in fact there is no NGO existing under the name of Shalika Foundation in the list of registered Sri Lankan non-profits.
At the end of the day, the New York Federal Reserve got suspicious and alerted the Bangladesh bank about the unusually high transfer requests which were coming from them that had private entities as opposed to other banks as the recipients, which ultimately alerted the bank to the theft. This helped the bank put a stop to all the other remaining transactions initiated by hackers. The ploy was a bust.
Bangladesh Bank has billions of dollars in a current account with the New York Fed, which it uses for international settlements. Bank officials stated that the attempted transactions had totalled between $850 million to $870 million, and were successfully cancelled before further damage. Had the hackers been able to pull through with their heist, they would have pulled off the biggest bank heist in history.
Bangladeshi, American, and Filipino officials are said to be now working closely to solve the case. Out of the $81million that was successfully transferred, the Bangladesh bank has confirmed that reportedly around $20 million that was laundered in Sri Lanka has been retrieved. As some of the money was believed to be subsequently directed to casinos in Philippines, the Bangladesh central bank is working with anti-money laundering authorities in the Philippines to recover the rest.
Throughout all this, not much is known on the perpetrators, and officials claim that there is not much hope in catching them since the attacks had also originated from outside the country. Security experts believe that it is likely that the hackers had deep knowledge of the security protecting the bank’s system, and that they had likely spied on bank workers for some time ahead of the heist.
However, the Bangladesh central bank is accusing the New York Federal Reserve for not doing more to stop the hackers and not stopping the transaction. Bangladesh’s government is planning a lawsuit to sue the Federal Reserve in order to recover some of the funds that were lost, the Dhaka Tribune reported.
“The fault that caused the hacking was in the Federal Reserve of United States, so we will file a case in the international court against the US Fed,” stated the Bangladesh Finance Minister, Abul Maal Abdul Muhith.
 The Verge
 UK Telegraph
 Ars Technica