Hacker Typo Thwarts Billion Dollar Bank Heist

The frightening risk of cybercrime within the world’s online banking systems has been exposed after a billion dollar heist last month was apparently halted following a simple spelling mistake.

The attackers still managed to pocket at least $81m (£57m) however, making it one of the largest bank robberies in history. And to make matters worse, there is no word yet on any arrests.

Billion Dollars

This case centres around the Central Bank of Bangladesh after attackers managed to breach its computer system on the weekend of 6, 7 February, when no one was in the office.

It seems as though the attackers managed to obtain the Bangladesh Bank’s credentials for payment transfers.

They then bombarded the Federal Reserve Bank of New York with nearly three dozen requests to move money from the Bangladesh government account at the Federal Reserve to entities in the Philippines and Sri Lanka, Reuters quoted officials as saying.

Bangladesh Bank has billions of dollars in a current account with the Fed, which it uses for international settlements.

A statement posted on Bangladesh Bank’s website Monday night reportedly said Bangladesh’s Financial Intelligence Unit was cooperating with anti-money-laundering agencies in the Philippines to trace “funds hacked from a reserve held in the US.”

The statement reportedly said investigators in the Philippines had obtained court orders freezing the bank accounts to which the funds had flowed and had recovered some of the funds. The money sent to the Philippines was apparently further diverted to casinos in that country.

A spokeswoman for the Fed told the Wall Street Journal that there was no evidence of a breach of its systems.

According to Reuters, at least four requests to transfer a total of about $81m (£57m) to the Philippines went through, but a fifth, for $20m (£14m), to a Sri Lankan non-profit organisation was delayed after the hackers misspelled the name of the Shalika Foundation.

Hackers apparently misspelled “foundation” in the NGO’s name as “fandation”, prompting a routing bank, Deutsche Bank, to seek clarification from the Bangladesh central bank, which stopped the transaction.

And the high number of payment instructions and transfer requests to private entities (and not other banks) also apparently raised the suspicions of the Fed, which alerted the Bangladeshis.

That has not stopped the Bangladesh government from blaming the Fed for not stopping the transactions sooner, and the Bangladesh government has even threatened to sue the Fed to recover the money.

According to Reuters, the transactions that were stopped totalled $850m to $870m (£594m to £608m).

Bank Worries

This case highlights the ongoing threats that banks face in the increasingly online world.

Earlier this week Daniel Cohen, head of FraudAction at RSA explained how committing online fraud is just too easy nowadays.

Another expert revealed how it took him (hypothetically) just 20 minutes to breach the computer system of a major bank.

Kaspersky Lab also recently revealed that in 2015 hackers turned to hacking banks directly, rather than targeting end users. It said that more than two dozen large Russian banks were targeted by hacking gangs last year, with the loss of millions of pounds.

How much do you know about hackers and viruses? Take our quiz to find out!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

View Comments

  • Well it just shows that even criminals experienced a "cost" in taking a lazy approach to spelling and good grammar and whilst it was a mere £14m they lost it could have been much worse!

    I have noticed over several years how the standards of spelling, punctuation and grammar, especially in the printed and online media, has fallen to quite alarming levels.

    I was discussing this with a 30yr old recently who said well it doesn't matter because we all know what they're trying to say... really... so journalists whose JOB it is to bring us news stories from around the world and where WORDS are the tools of their trade, have allowed themselves to get sucked into this lazy attitude!

    I have said for a long time that one day this laziness will cause some serious damage and although this story is not a good example it is just a matter of time... watch this space!

Recent Posts

Apple, Google Mobile Ecosystems Should Be Investigated, CMA Told

CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation

2 days ago

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

2 days ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

2 days ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

3 days ago

Former Policy Boss At X, Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

3 days ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

3 days ago