EVENTS

 On May, 2015 the first initiatives for the Bangladesh bank attack were made, when four bank
accounts were opened in Philippine bank for being ready to future transactions. All of the
accounts were not used until the day of attack and were clearly established for attack only.
 On January, 2016 the breach to the Bangladesh Bank was made by exploiting the lack of firewall
and probably with helping hand from inside.
 Between February 4–5, 2016 hackers broke into BB's systems and generated fake payment
orders to steal US$ 951 million from the Bangladesh central bank's account with the Federal
Reserve Bank of New York when Bangladesh Bank's offices were closed.
 On the day of the theft in February, the New York Fed initially rejected 35 requests to transfer
funds to various overseas accounts. Later in the day, however, the cyber thieves resubmitted
those 35 requests. On the second try, the messages had the proper formatting. Thirty
transactions worth US$ 851 million were flagged by the banking system for economic
sanctions review, but five requests were granted worth US$ 101 million of which US$ 20
million to Sri Lanka and US$ 81 million lost to the Philippines
 One official in Sri Lanka-based Pan Asia Bank initially took notice of the transaction, the US$ 20
million transfer to Sri Lanka as too big for a country like Sri Lanka. Pan Asia Bank referred the
atypical transaction to Deutsche Bank. Deutsche Bank stopped the transaction after gaining
suspicion from a spelling error in the request to transfer the funds and sought clarifications
from Bangladesh Bank. The hackers misspelled ″Foundation″ spelling the word as ″Fundation″.
 On February 8, the unauthorized messages were notified in the Bangladesh bank and
Bangladesh Bank informed Rizal Commercial Banking Corporation (RCBC) in Philippines
through SWIFT to stop the payment, refund the funds, and to ″freeze and put the funds on
hold″ if the funds had already been transferred. February 8, 2016 was Chinese New Year and
the festival is a non-working holiday in the Philippines. The SWIFT message from Bangladesh
Bank was received by RCBC on 9th February.
 By this time, the attackers were able to withdraw $81M in total during the period of February 5
to 9 as fictitious people. Bangladesh Bank later recovered the Sri Lankan Funds.
 On March 3, The Bangladesh Bank heist came to light. The central bank officially informed
the finance minister about the matter on the 33rd day after the heist.
 INVESTIGATION
Bangladesh: On March 19 the government formed a 3-member investigation committee,
headed by central bank's former governor Dr Farashuddin. The probe committee handed its full
report to former finance minister AMA Muhith on 30 th May. The report has not been published
yet. Present finance minister AHM Mustafa Kamal told parliament that disclosure of
Farashuddin-led committee's investigation report may influence the probe by the Criminal
Investigation Department (CID). Meanwhile, CID has taken 57 dates to complete its probe as of
February 10, 2019.
However, Mohammed Farashuddin, head of the three-member body that probed the theft told
reporters that some central bank officials were either involved in the heist intentionally or just
got caught up in it. In the final report, they established that SWIFT is mainly responsible for the
theft and the New York Fed is also responsible. The main problem lay with the linking of the
Real time gross settlement (RTGS) and the SWIFT platform as stated by him. The former BB
governor demanded further investigation to find out whether the suspected Bangladesh Bank
officials were really involved in the cyber heist.
United States: A congressional committee launched a probe into the New York Fed's role in the
bank heist. The Fed branch claimed Bangladesh Bank and SWIFT hold primary responsibility for
preventing unauthorized transfers. Investigation reports by FireEye and World Informatix Cyber
Security, both US-based companies, revealed that the perpetrators' familiarity with the internal
procedures of Bangladesh Bank was probably gained by spying on its workers. The US Federal
Bureau of Investigation (FBI) reported that at least one bank employee acting as an accomplice,
with evidence pointing to several more people as possibly assisting hackers in navigating the
Bangladesh Bank's computer system. Forensic investigators in the United States suspected
possible links between the North Korea-based Lazarus Group and the theft of $81 million.
Philippines - Philippine banking regulators on 5 th August, 2016 imposed penalty on Rizal
Commercial Banking Corp. (RCBC) with a US$21.2 million fine for its non-compliance with
banking laws and regulations in connection with the cyber heist at Bangladesh Bank. On 10
January 2019, Maia Santos Deguito, a former manager at RCBC was sentenced to 4 to 7 years
imprisonment and was fined a total of $109 million at a Philippine court for money laundering.
 THE OTHER FACTORS
 North Korea Involvement: Some security companies, including Symantec Corp, a US based
software company and BAE Systems, a British multinational defense, security and aerospace
company state that the North Korea-based Lazarus Group, one of the world's most active
state-sponsored hacking collectives, were probably behind the attack. Kaspersky, a Russian
company, also pointed North Korea’s possible involvement in the bank heists conducted by
Lazarus. The U.S. has charged a North Korean computer programmer with hacking the
Bangladesh Bank, alleging this was carried out on behalf of the regime in Pyongyang.

In the case of Bangladesh bank heist it should be noted that due to difficult history, US might
have in their political interests to point North Korea as a scapegoat in the incident. Thus the
accusations of North Korea’s involvement shouldn’t be embraced without caution.

 The weekend caper: The weekend protocols also should be considered as a vulnerability in
banking sector. On Thursday, Feb. 4, the hackers began sending fraudulent payment orders
via SWIFT. It was late evening in Bangladesh and most of the staff had gone home. The
hackers appear to have timed the heist to coincide with the weekend that in Bangladesh
began the following day, Feb 4 and 5. Communications between the Fed and the Bangladesh
central bank were hampered over the weekend. On 6th February, upon realizing missing files
and fed queries, Bangladesh Bank sent e-mails to contact the Fed in New York to stop all
payment instructions immediately, it was the weekend and Fed staff did not respond. The
success of the heist was mostly relying on timing during weekend: the lack of sufficient
monitoring and means of communication during weekend made it possible that the
unauthorized transactions were noticed not until four days after the attack. In other words
the success of this cyber-attack was relying on not only cyber domain but the physical also.

 Possible Identification of Hacker On April 3, 2017 Russian-based Kaspersky released a 58-

page report on Lazarus, a group linked to the heist in Bangladesh. Among its findings, the
report said Lazarus hackers made a direct connection from an IP address in North Korea to a
server in Europe that was used to control systems infected by the group. They cite
similarities between the methods used in the Bangladesh heist and those in other cases,
such as the hack of Sony Pictures Entertainment in 2014, which U.S. officials also attributed
 to North Korea. Kaspersky researcher Vitaly Kamluk told Reuters by telephone that the
finding marked the first time they had seen a direct connection between North Korea and
Lazarus, a hacking group whose activities dating back to 2009 have been documented by the
world's biggest cyber security firms.

Loopholes/Why it occurred:

 Lax Security Bangladesh Bank had not protected its computer system with a firewall and it had used
second-hand $10 electronic switches to network computers linked to the SWIFT global payment
system. The SWIFT facility should have been walled off from the rest of the network. Moreover, the
bank didn’t deploy staff to monitor activity round the clock, including weekends and holidays
considering the importance of the room.
 Weak defense against cyber attack The Real time gross settlement (RTGS) deals with local
transactions whereas the SWIFT platform has been used for Bangladesh's international transactions
since 1995. By linking the two, they had created a local area network of more than 5,000 computers
used by officials in different departments in Bangladesh Bank and the defence was gone. It was done
at the instructions of the SWIFT people. BB officials did not even know how the system works.
 Internal Control breakdown SWIFT’s core messaging platform is backed by ‘state-of-the-art’
hardware-based Public Key Infrastructure technology. In the case of Bangladesh, it is learned
that three independent BB officials dealt with three authentication instruments respectively
SWIFT-specific public key, the digital certificate and the finger print in order to create a valid
SWIFT message. While the first two authentication instruments could be hacked or stolen, the
instrument of finger print would be impossible to be hacked. It indicates an internal control
breakdown within Bangladesh Bank.
 Identification error The New York Fed lacked a system for spotting potential fraud in real time. The
payment orders sent by the hackers were exceptional in several ways. They were incorrectly
formatted at first, secondly they were mainly to individuals and thirdly they were very different from
the usual run of payment requests from Bangladesh Bank.
 Fraudulent intention The “Stop-payment” order by BB was received by RCBC in the morning
of 9th February, 2016 but RCBC responded to the Bangladesh Bank’s stop payment request at
7:45pm almost at the end of the day. Had the stop payment request been honored, then $58
million of the $81 million would have been preserved.
 Recommendation
 All financial organizations should carefully scan their networks for the presence of malware and upon
detection report the intrusion to law enforcement, both national and international.
 Test human response and coordination in case of cyber attacks
 Regulations surveillance should be put in place before launching an IT system. Ensure people
have and follow protocols
 Allow security personnel to share information effectively 
 Bureaucratic hurdles should be eased to let the security firm start its operations for
preventing similar fraud attempts
 The heist revealed reliance on SWIFT messaging, its lack of alternative communications and
its inertia became apparent. The most important thing is to focus on re-visioning and
enhancing the cybersecurity of financial messaging networks and the cybersecurity strategies
of individual banks.
CONCLUSION
An international inquiry is needed to fully understand the entire situation which is behind this
cybercrime. While the Philippines Senate led the inquiry, the Government of Bangladesh and its
central bank authority maintained an opacity from the very beginning. The person responsible
for authorization and duty should maintain professional ethics in them. In this case, we have
seen that there was a lack of professional ethics in the authority of Bangladesh Bank & Philippine
Bank. If they were honest and sincere to their duty, an event such as this would never happened.
It is a remarkable incident in the history of Bangladesh and we should be aware of such types of
highly risky area and technological issues. It is clear, that the global monetary network is only as
secure as the weakest bank in the alliance. Though a high-powered inquiry committee led by a
former BB governor, Dr. Mohammed Farashuddin, produced a report about the heist, the
government kept it unpublished for no apparent reason. This continued opacity is further
hurting a potential recovery of the stolen money. The evolving platform of international
payment settlement is also at risk.