CID: FBI to find BB heist hackers

If Bangladesh Bank can be hacked today, no one can assure that other banks will not be hacked

 

Bangladesh police’s Criminal Investigation Department yesterday said that they would work jointly with the Federal Bureau of Investigation of the USA to solve the much-talked digital heist of $101 million from Bangladesh Bank.

After holding an hour-long meeting with the FBI representatives at the CID Headquarters, Additional Deputy Inspector General Shah Alam yesterday afternoon said that they would take assistance from the FBI to solve the case in an organised manner.

He said that they wanted to identify the computer from where the command had been made and find the final beneficiaries of the laundered money.

The official said that the FBI wanted to identify the hackers’ group with the help of its IT forensic experts so that the criminals could not commit such crimes again. “The CID wants to solve the case so that we can bring the money back and put the criminals behind the bar.”

An investigation source said that they were preparing to visit Sri Lanka and the Philippines to identify the final beneficiaries. “If the criminals can be arrested, it will be easier for the investigators to identify the Bangladeshi criminals involved in the scam.”

Another source said that since the suspected criminals worked from several countries, they had already contacted with Interpol.

In early February, some $101m of the Bangladesh Bank funds kept with the Federal Reserve Bank of New York was withdrawn illegally allegedly by hackers who had broken into the SWIFT system of the central bank.

The laundered money was moved via transfer requests, with about $81m ending up in four bank accounts in the Philippines. The other $20m went to an account in Sri Lanka. Another $850 million was supposed to be transferred to a personal bank account in the Philippines, but was blocked by the authorities.

Bangladesh Bank Joint Director (accounts and budgeting department) Jubair Bin Huda filed the case against unidentified people with Motijheel police on March 15. It was filed under section 4 of the Money Laundering Prevention Act 2012 (amended 2015), section 54 of the Information Technology Act 2006 and section 379 of the Code of Criminal Procedure.

A 20-member special team under the CID is investigating the sensational case. The team started their work on March 16 and visited the Bangladesh Bank Headquarters. They spoke to senior officials of several departments and also seized some computers, printers and server for the seek of investigation.

The Anti-Money Laundering Council (AMLC) of the Philippines is also investigating the case.

Voluntary group enacting SWIFT guidelines

A voluntary organisation named SWIFT User Group of Bangladesh has started enacting a guideline for the banks using the Society for Worldwide Interbank Financial Telecommunication (SWIFT) system to accomplish their international transactions more effectively.

The organisation has 56 members – 48 local banks and eight international banks – operating in the country. The group holds a meeting every month to identify the problems they were facing while using the SWIFT system and possible ways to make the system more convenient.

In their March 10 meeting, they formed a five-member team led by its Joint Secretary Abul Kalam Azad of ICB Islamic Bank to formulate a guideline.

Azad told the Dhaka Tribune that they were enacting the guideline for the betterment of the SWIFT users in the country. “If Bangladesh Bank can be hacked today, no one can assure that other banks will not be hacked. Every possible problem will be counted and we will try our best to find and solve all the problems regarding the SWIFT system,” he added.

The five-member team will submit the draft guidelines to the president of the executive body of the group, Anis M Khan, also managing director of MTB Bank. After the submission, the group would discuss the report and hand it over to the Bangladesh Bank authorities.

AMLC’s first report

Philippines’ financial intelligence unit AMLC in its first information report sent to Bangladesh Bank confirmed that the money had been transferred through four bank accounts on February 5.

The report, obtained by the Dhaka Tribune, was mailed by AMLC Executive Director Julia Bacay Abad to the Bangladesh Bank Financial Intelligence Unit (BFIU) on February 12 in response to the central bank’s request.

The report mailed to Badrul Haque Khan, a general manager of Accounts and Budgeting Department, says: “Since last night after we talked, our office has been in close coordination with Rizal Commercial Banking Cooperation (RCBC) and we have been monitoring pertinent reports on the subject transmissions.

“We have also checked our database to confirm the transmissions and verify if the same were properly reported to the AMLC.”

She confirmed that the transmissions occurred, i.e., funds amounting to more or less $1 million were remitted to the four bank accounts maintained with RCBC on February 5.

Reports would show that upon receipt of the remitted funds, the same were withdrawn on the next working day, on February 9.

February 6, Monday, was a national holiday in the Philippines in celebration of the Chinese New Year.

It would appear that the funds were further transferred to other accounts (different beneficiaries) in other banks. The AMLC Secretariat is already in coordination with those other banks.

“We were informed that the outstanding balance remaining with RCBC accounts [under the name of the four individuals] is more or less $60,000 [the exact amount is to be confirmed]. We have directed RCBC to put this amount on hold.

“At the moment, we are trying to identify the other accounts to which the money was subsequently transferred, possibly in other banks, including bank abroad. We have also directed RCBC to submit to us customer identification documents pertaining to the subject accounts, including the CCTV footage of the RCBC branch where the withdrawal were made,” the AMLC report adds.

The above findings were sent to Bangladesh Bank that sought assistance from the AMLC on recovery of the money heist.

In the mail with the subject “SWIFT Network compromise,” Bangladesh Bank wrote: “On February 4, 2016 in total 35 unauthorised transactions of payment instructions took place to the Federal Reserve Bank of New York involving $951 million beneficial of these payment transactions were individuals and SWIFT message code MT103 were used for the purpose.

“Above payment transactions were transacted at the early hours on the February 5, 2016 between 12:45 am to 4:30am. SWIFT Server log showed that the unauthorised operation started from 8:36pm on February 4, 2016. It may be mentioned that SWIFT operation was officially closed for the day at 7:30pm on February 4, 2016 which was also substantiated by CCTV footage at the SWIFT Room and at the floor camera.

“On February 6, 2016, SWIFT Room operation started after the holiday on Friday [February 5] as part of standard operation routine. Among the message queue there was a specific message [no AC/BANGL/020416] from FRB, NY regarding 12 payment instructions alerting by the language ‘the payments contain individuals as the beneficiaries and have varying details.’

“FRB, NY asked for the ‘official purpose of these transactions and identity of the beneficiaries … their connection to official business and the underlying purpose of the payment.’ Another specific message [AC/BANGL/020516] referred to four payment instructions where FRB, NY asked for the details of beneficiaries.

“Finally, through the messages bearing no AC/BANGL/020516-2 & 3 the FRB, NY confirmed about their inability to ‘process payments’ regarding the 30 payment instructions ‘until they receive information’. These messages were issued by FRB, NY on February 5, 2016 their time which were received by us on February 6, 2016.

“In essence, the FRB, NY stopped payment of 30 payment transactions but allowed transmission of rest of the five payment instructions involving $101 million.”

Source: Dhaka Tribune

LEAVE A REPLY

Please enter your comment!
Please enter your name here