Hacker Typo Thwarts Billion Dollar Bank Heist

Pile of money in the form of US dollars

Sheer scale of banking crime revealed after prevention of billion dollar bank heist, but attackers still pocketed $80m

The frightening risk of cybercrime within the world’s online banking systems has been exposed after a billion dollar heist last month was apparently halted following a simple spelling mistake.

The attackers still managed to pocket at least $81m (£57m) however, making it one of the largest bank robberies in history. And to make matters worse, there is no word yet on any arrests.

Billion Dollars

This case centres around the Central Bank of Bangladesh after attackers managed to breach its computer system on the weekend of 6, 7 February, when no one was in the office.

It seems as though the attackers managed to obtain the Bangladesh Bank’s credentials for payment transfers.

BankThey then bombarded the Federal Reserve Bank of New York with nearly three dozen requests to move money from the Bangladesh government account at the Federal Reserve to entities in the Philippines and Sri Lanka, Reuters quoted officials as saying.

Bangladesh Bank has billions of dollars in a current account with the Fed, which it uses for international settlements.

A statement posted on Bangladesh Bank’s website Monday night reportedly said Bangladesh’s Financial Intelligence Unit was cooperating with anti-money-laundering agencies in the Philippines to trace “funds hacked from a reserve held in the US.”

The statement reportedly said investigators in the Philippines had obtained court orders freezing the bank accounts to which the funds had flowed and had recovered some of the funds. The money sent to the Philippines was apparently further diverted to casinos in that country.

A spokeswoman for the Fed told the Wall Street Journal that there was no evidence of a breach of its systems.

According to Reuters, at least four requests to transfer a total of about $81m (£57m) to the Philippines went through, but a fifth, for $20m (£14m), to a Sri Lankan non-profit organisation was delayed after the hackers misspelled the name of the Shalika Foundation.

Hackers apparently misspelled “foundation” in the NGO’s name as “fandation”, prompting a routing bank, Deutsche Bank, to seek clarification from the Bangladesh central bank, which stopped the transaction.

And the high number of payment instructions and transfer requests to private entities (and not other banks) also apparently raised the suspicions of the Fed, which alerted the Bangladeshis.

That has not stopped the Bangladesh government from blaming the Fed for not stopping the transactions sooner, and the Bangladesh government has even threatened to sue the Fed to recover the money.

According to Reuters, the transactions that were stopped totalled $850m to $870m (£594m to £608m).

Bank Worries

This case highlights the ongoing threats that banks face in the increasingly online world.

Earlier this week Daniel Cohen, head of FraudAction at RSA explained how committing online fraud is just too easy nowadays.

Another expert revealed how it took him (hypothetically) just 20 minutes to breach the computer system of a major bank.

Kaspersky Lab also recently revealed that in 2015 hackers turned to hacking banks directly, rather than targeting end users. It said that more than two dozen large Russian banks were targeted by hacking gangs last year, with the loss of millions of pounds.

How much do you know about hackers and viruses? Take our quiz to find out!