Skip to main content
LOG INCAREERS
Try CybelAngel
Articles

Hackers miss out on the heist of the century because of a spelling error

By Olivia Skiffington Wed Mar 16, 2016
Des hackers loupent le casse du siècle

Hackers robbed over $951 million from the Federal Bank of Bangladesh, but “only” $81 million actually slipped through the cracks and into the hands of the criminals. The remaining $870 million were frozen and should be returned to the Federal Bank of Bangladesh.

Long, painstaking preparations

The hackers first studied the bank’s internal procedures and purloined employee ID cards. To initiate wire transfers, the cybercriminals also had to have access to cryptographic authentication keys, which may have been stolen before the attack. It is likely that the hackers were assisted by accomplices working for the bank. These facts suggest that the IT networks must have been compromised several months before the actual attack.

A race against the clock as soon as the first dollar is transferred

When the operation began, the money went through several stages: in all, more than 30 wire transfers were entered using the SWIFT transfer system and five of them succeeded for a total of $951 million. The money was initially wired to three American banks, then transferred to fraudulent accounts at Rizal Commercial Banking Corporation (RCBC). After being converted to Philippine pesos, the money was again transferred to the RCBC. At that point the money was traded for casino gaming chips, which were later turned in as winnings in exchange for cash. The funds were then moved to a Filipino-Chinese businessman’s account in Hong Kong.

A sophisticated theft and a rookie mistake

The many steps involved highlight the complexity of money laundering techniques and make it difficult for authorities to track it. Nevertheless, cybercriminals are not immune to mistakes. In a transfer request, there is an apparent typo in the “To” box on the form. The wire was directed to the “Shalika Fandation” rather than the “Shalika Foundation”, a Sri Lankan association. This goof made it possible to intercept $20 million dollars and raise the suspicions of banks and the authorities.

In the banking world, this high-stakes robbery points out the weaknesses of SWIFT, thus helping the cause of industry professionals who support a new type of transfer system along the lines of block chain, based on Bitcoin protocol. The banking sector is taking more interest in cryptocurrency in all its forms, especially because the current system continues to reveal new weaknesses.