The Bangladesh Bank kept local information technology and law enforcement agencies in dark after the cybertheft of $101 million from its reserve in February 2016 and assigned World Informatix Cyber Security managing director Rakesh Asthana immediately to fix the problem ‘internally’, investigators said.
Criminal Investigation Department officials said that they were informed about the incident a day before the case was filed on March 15, 2016 and asked the central bank officials to immediately file a case describing the whole situation.
An Information and Communication Technology Division official also said that a central bank team along with Indian-origin Rakesh Asthana visited their office at Agargaon after the matter was published in different news outlets in the first week of March 2016.
The official said that none of the Bangladesh Cyber Incident Response Team was asked for help until the news was spread in March, nearly a month after the theft.
ICT division officials said that they had instituted a computer emergency response team on January 11, 2016 but they were not even informed about the incident.
‘During the investigation, we found that Rakesh Asthana was supposed to join Bangladesh Bank project by April 2016 and he was urgently called and given charge of solving the problem keeping authorities concerned in dark about the crime,’ a CID investigator said.
The official said that had any IT team failed to recover the evidences, the police could have sought help from Interpol or the Federal Bureau of Investigation of the United States, which later provided technological assistance in connection with the case.
On March 15, central bank account and budgeting department joint director Jubayer Bin Huda filed a case with Motijheel police station under the Money Laundering Prevention Act 2012 for laundering the money, the Information Communication and Technology Act for hacking, and the Penal Code for the theft of the $101 million.
In a period of nine hours in February 4-5, 2016, $101 million was stolen online from the central bank’s reserve with the Federal Reserve Bank of New York through Rizal Commercial Banking Corporation in the Philippines and Pan Asia Banking Corporation in Sri Lanka.
BB officials said that $20 million sent to Sri Lanka was later recovered while the rest $81 million went to Philippines.
CID officials started the investigation after the case was filed on March 15, 2016.
‘When we entered the Bangladesh Bank, we found that 13 servers were kept in an air-conditioned room but more than two dozen infected computers were kept abandoned,’ another CID official told New Age on Sunday.
A delegation comprising Bangladesh Bank, CID and ICT division visited the United States in 2016 and held a meeting with Rakesh Asthana.
In the meeting, Rakesh blamed poor security arrangement of the bank for the cybertheft.
The CID officials said that until the investigation was launched, Rakesh dealt with the problem, and none of the officials at the central bank was kept out of duty for their negligence.
‘We found all electronics evidence deleted. We are not sure who did this but before we had entered, Rakesh had worked in the crime scene,’ the investigator said, adding, ‘we are still examining all the images which have to recover the evidences.’
CID spokesperson and organised crime special superintendent Mollah Nazrul Islam said, ‘Not only Rakesh Ashtana, investigation into the reserve theft continue focusing all related people in suspicion.’
A government-appointed panel investigating the cybertheft of $81 million from its central bank in February 2016 found five officials at the central bank guilty of negligence and carelessness, Reuters had reported earlier this year.
The government has so far refused to make the inquiry report public saying that it wanted to deny perpetrators knowledge of the investigation into one of the world’s biggest cyber-heists.
Source: New Age