Being a cheapskate can sometimes backfire spectacularly as a central Bank in Bangladesh just found out. The bank was robbed of $80 million by hackers, who took advantage of the second hand $10 switches in the network and the lack of a firewall.
Reports are scarce, but it seems that a group of hackers attempted to siphon nearly $1 billion using the bank’s SWIFT credentials, according to Mohammad Shah Alam, head of the Forensic Training Institute of the Bangladesh police’s criminal investigation department. Alam said that the lack of a firewall made things much easier for the robbers. Also, the lack of a more sophisticated switch means it’s much harder for the cyber-attacks department to figure out what the hackers did and where they might have been based. Alam also said that the bank has a major fault for overlooking such a major security flaw, but SWIFT can also be blamed for not pointing out this flaw.
“It was their responsibility to point it out but we haven’t found any evidence that they advised before the heist,” he said, referring to SWIFT.
The cyber-criminals attempted to steal a total of $951 million, but most of the transfers were blocked. However, $81 million was routed to accounts in the Philippines and diverted to casinos there. They could have stolen another $20 million, but apparently misspelled the name of a Sri Lankan company to which the money was headed, which raised a big flag.
The moral of the story is quite simple I guess: get a better router… especially if you’re a bank.
