Thread: How a hacker's typo helped stop a billion dollar bank heist

Spent a couple of days last week in the company of a former CISO of the CIA, who spoke at length about defences against hackers, primarily Russian and Chinese.
Got back and this popped up on my newsfeeds.

Frightening how easy this sort of shit is!

Oh, and for the record he said most antivirus is rubbish, he wouldn't use Kaspersky, and he recommended using one called Cylance.

I looked it up and it is an innovative product that treats everything as 0-day at looks at what it does rather than what signatures it contains.

Another one he mentioned was Bromium, that runs everything in isolation (basically a stripped VM). Interesting, but not quite as mature.

How a hacker's typo helped stop a billion dollar bank heist
Thu Mar 10, 2016 4:51pm EST

A spelling mistake in an online bank transfer instruction helped prevent a nearly $1 billion heist last month involving the Bangladesh central bank and the New York Federal Reserve, banking officials said.

Unknown hackers still managed to get away with about $80 million, one of the largest known bank thefts in history.

The hackers breached Bangladesh Bank's systems and stole its credentials for payment transfers, two senior officials at the bank said. They then bombarded the Federal Reserve Bank of New York with nearly three dozen requests to move money from the Bangladesh Bank's account there to entities in the Philippines and Sri Lanka, the officials said.

Four requests to transfer a total of about $81 million to the Philippines went through, but a fifth, for $20 million, to a Sri Lankan non-profit organization was held up because the hackers misspelled the name of the NGO, Shalika Foundation.

Hackers misspelled "foundation" in the NGO's name as "fandation", prompting a routing bank, Deutsche Bank, to seek clarification from the Bangladesh central bank, which stopped the transaction, one of the officials said.

There is no NGO under the name of Shalika Foundation in the list of registered Sri Lankan non-profits. Reuters could not immediately find contact information for the organization.

Deutsche Bank declined to comment.

At the same time, the unusually large number of payment instructions and the transfer requests to private entities - as opposed to other banks - raised suspicions at the Fed, which also alerted the Bangladeshis, the officials said.

The details of how the hacking came to light and was stopped before it did more damage have not been previously reported. Bangladesh Bank has billions of dollars in a current account with the Fed, which it uses for international settlements.

The transactions that were stopped totaled $850-$870 million, one of the officials said.

Last year, Russian computer security company Kaspersky Lab said a multinational gang of cyber criminals had stolen as much as $1 billion from as many as 100 financial institutions around the world in about two years.

Iraqi dictator Saddam Hussein's son Qusay took $1 billion from Iraq's central bank on the orders of his father on the day before coalition forces began bombing the country in 2003, American and Iraqi officials have said. In 2007, guards at the Dar Es Salaam bank in Baghdad made off with $282 million.

Bangladesh Bank has said it has recovered some of the money that was stolen, and is working with anti-money laundering authorities in the Philippines to try to recover the rest.

A bank spokesman could not be reached for comment late on Thursday.

The recovered funds refer to the Sri Lanka transfer, which was stopped, one of the officials said.

Initially, the Sri Lankan transaction reached Pan Asia Banking Corp PABC.CM, which went back to Deutsche Bank for more verification because of the unusually large size of the payment, a Pan Asia official said. "The transaction was too large for a country like us," the official said. "Then (Deutsche) came back and said it was a suspect transaction." A Pan Asia spokesman could not immediately be reached for comment.

The dizzying, global reach of the heist underscores the growing threat of cyber crime and how hackers can find weak links in even the most secure computer networks.

More than a month after the attack, Bangladeshi officials are scrambling to trace the money, shore up security and identify weaknesses in their systems. They said there is little hope of ever catching the hackers, and it could take months before the money is recovered, if at all.

FireEye Inc's (FEYE.O) Mandiant forensics division is helping investigate the heist, people familiar with the matter told Reuters on Thursday.

The sources said Silicon Valley-based FireEye, which has investigated some of the biggest cyber thefts on record, was brought in by World Informatix, a smaller firm that is advising Bangladesh Bank on the investigation.

Security experts said the perpetrators had deep knowledge of the Bangladeshi institution's internal workings, likely gained by spying on bank workers.

The Bangladesh government, meanwhile, is blaming the Fed for not stopping the transactions earlier. Finance Minister Abul Maal Abdul Muhith told reporters on Tuesday that the country may resort to suing the Fed to recover the money.

"The Fed must take responsibility," he said.

The New York Fed has said its systems were not breached, and it has been working with the Bangladesh central bank since the incident occurred.

The hacking of Bangladesh Bank happened sometime between Feb. 4-5, over the Bangladeshi weekend, which falls on a Friday, the officials said. The bank's offices were shut.

Initially, the central bank was not sure if its system had been breached, but cyber security experts brought in to investigate found hacker "footprints" that suggested the system had been compromised, the officials said.

These experts could also tell that the attack originated from outside Bangladesh, they said, adding the bank is looking into how they got into the system and an internal investigation is ongoing.

The bank suspects money sent to the Philippines was further diverted to casinos there, the officials said.

The Philippine Amusement and Gaming Corp, which oversees the gaming industry, said it has launched an investigation. The country's anti-money laundering authority is also working on the case.

How a hacker's typo helped stop a billion dollar bank heist | Reuters

There was a thread about it a couple of days ago.

https://teakdoor.com/thailand-and-asi...hs-us-fed.html ($100 million missing from Bangladesh's US Fed Reserve Bank account)

Originally Posted by Neverna

There was a thread about it a couple of days ago.

https://teakdoor.com/thailand-and-asi...hs-us-fed.html ($100 million missing from Bangladesh's US Fed Reserve Bank account)

No mention of how it was done there though.

Is TD a player in this? In which case NOT FO and cease playing with my head space.

Originally Posted by Munted

Is TD a player in this? In which case NOT FO and cease playing with my head space.

Is TD a player in what?

Is TD a player in the OP post? Obviously not. In which case do not fuck off and cease playing with my head space. More of the same please. You should have learnt after 32K that there are some who take the piss and others who don't.

Oi Munted ya twat, take your meds . It's an interesting thread.

Originally Posted by harrybarracuda

Originally Posted by Neverna

There was a thread about it a couple of days ago.

https://teakdoor.com/thailand-and-asi...hs-us-fed.html ($100 million missing from Bangladesh's US Fed Reserve Bank account)

No mention of how it was done there though.

There isn't any such wealth or worth to steal, is there?

Of course you did you slimy shit head sellout genocide encouraging [at][at][at][at]. They pay your wages you [at][at][at][at].

"I spent the last few days with the CIA"

They then bombarded the Federal Reserve Bank of New York with.........

go on, go on , tell me , how many ?
a hundred thousand ??
a million ???

nearly three dozen requests to move money

36
thirty fucking six ?
bombarded ......
Sounds like the journalist has as good an understanding of English as the hackers

Originally Posted by blue

Sounds like the journalist has as good an understanding of English as the hackers

Harry posts biased shit for his organ grinder employers, what do you expect mate?

Originally Posted by Dapper

Of course you did you slimy shit head sellout genocide encouraging [at][at][at][at]. They pay your wages you [at][at][at][at].

"I spent the last few days with the CIA"

Uh huh...
Sure he did.

Originally Posted by thaimeme

Originally Posted by Dapper

Of course you did you slimy shit head sellout genocide encouraging [at][at][at][at]. They pay your wages you [at][at][at][at].

"I spent the last few days with the CIA"

Uh huh...
Sure he did.

Dapper struggles with big words like "former".

He's not very bright you know.

Originally Posted by thaimeme

Originally Posted by harrybarracuda

Originally Posted by Neverna

There was a thread about it a couple of days ago.

https://teakdoor.com/thailand-and-asi...hs-us-fed.html ($100 million missing from Bangladesh's US Fed Reserve Bank account)

No mention of how it was done there though.

There isn't any such wealth or worth to steal, is there?

Tell that to the fellers walking around with $80 million....

Oh, and for the record apparently the Chinkies are normally after intellectual property, the Russkies prefer going after cash.

And of course they both love government intelligence.

Butterfly.

Originally Posted by Luigi

Butterfly.

I don't think Buttplug did it, he thinks you install a modem with Regedit.

apparently it was the north koreans

code that was used in the sony intrusion was found to have been reused

Originally Posted by harrybarracuda

I don't think Buttplug did it

maybe butters has a couple of north koreans up his arse controlling the puppet

Originally Posted by baldrick

apparently it was the north koreans

code that was used in the sony intrusion was found to have been reused

I did notice that, but maybe the North Koreans bought it rather than wrote it.

Originally Posted by baldrick

apparently it was the north koreans

maybe bank staff were using Harry's favorite password manager ?

Originally Posted by Dragonfly

Originally Posted by baldrick

apparently it was the north koreans

maybe bank staff were using Harry's favorite password manager ?

Maybe you don't know much about password managers.

Come on, Buttplug, you're the shit hot hacker, hack my Teakdoor password you fucking loser.

I'm still waiting.