Tech News

Bangladesh Central Bank Malware Hack: Going on the Cheap Isn’t Always a Good Idea

Bangladesh Central Bank Malware Hack: Going on the Cheap Isn’t Always a Good Idea

Bangladesh Central Bank Malware Hack: Going on the Cheap Isn’t Always a Good Idea 2016 images

You get what you pay for. Buildings collapse, machines break down, dinosaurs roam parks and eat tourists and computers get hacked. That’s what happens when people scrimp too much on costs. If billionaire John Hammond paid Dennis Nedry well enough, Jurassic Park would never have broken down. He spared some expense there. But then, we wouldn’t have had a great movie and a ton of B movies with the requisite T-Rex that followed. If contractors didn’t scrooge on building materials, we wouldn’t have collapsible buildings after an intensity 5 earthquake. If the Bangladesh Central Bank didn’t scrimp on their budget, they probably wouldn’t have lost 81 million US dollars or more when hackers punched through their non-existent firewall and ten dollar routers. Their IT head’s career should be over by now.

Well, I know of a manager who quickly rose to the top when he cut the company some costs when he found this vendor and came up with a good in-house CRM. Cutting costs and managing to raise the company’s bottom line is great but not at the risk of security. No less than the central bank of Bangladesh suffered several attacks by hackers who stole up to 81 million US dollars. All because of one simple shortcoming. Someone cheaped out on their network infrastructure. Imagine a bank, the central bank no less with no hardware firewall, its computers connected to ten-dollar second-hand switches. It’s an all-you-can-eat financial buffet for black-hats. God knows how much malware must lurk in the 5000 computers of the banking staff.

“It could be difficult to hack if there was a firewall,”

 — Mohammad Shah Alam, Bangladesh Criminal Investigations Department, Forensic Training Institute

It’s a miracle the Bangladesh Central Bank functioned for so long on such a level of security. It was only a matter of time before the inevitable happened. The 81 million heist was probably just one of many heists that occurred. Fortunately, they managed to fend off an attack that could have cost the bank 1 billion dollars according to Mr. Alam. The attack that happened earlier this year was done using the bank’s SWIFT global payment network credentials. It’s also appalling that SWIFT didn’t review the bank’s no-firewall cheap-switch infrastructure before allowing connections. Such a thing could make SWIFT equally liable for the incident.

“It was their responsibility to point out, but we haven’t found any evidence they advised before the heist.”

 — Mohammad Shah Alam

It was only after the heist that the bank was advised by SWIFT representatives from Malaysia to upgrade the infrastructure.

“There might have been a deficiency in the system in the SWIFT room… Two SWIFT engineers came and visited the bank after the heist and suggested to upgrade the system,”

 — Subhankar Saha, spokesman Bangladesh Central Bank

No kidding. Funny they didn’t advise it before. About 951 million dollars almost made it to the Federal Reserve Bank of New York, but 81 million made their way to the Philippines. The stolen funds were then tracked down to a major bank where a bank manager and several employees are being investigated for allowing the transfers of the stolen funds despite restrictions. Several businessmen and casinos are also implicated in an elaborate scheme to launder the stolen money. This reminds me of Rush Hour 2 where fake cash was being laundered through casinos. The heist is currently under investigation by the Philippine Senate and other law enforcement agencies. Final resolution for this case probably won’t happen until months after the elections.

Fortunately, the hackers weren’t smart enough to get through the Federal Reserve Bank in New York or it would have been a terrible disaster for Bangladesh. Another 20 million failed to be transferred to Sri Lanka due to a misspelling of the transferee. That’s millions of dollars lost which could have been prevented by coughing up a couple of million for Central Bank or enterprise-level IT security. The bank has over 5000 interconnected computers and according to Mr. Alam, the SWIFT room is within the same network and not separated by managed switches.

The bank’s IT staff is in for overdue security and infrastructure refresher courses if they haven’t been replaced yet. The bank is also in for some long overdue spending for new hardware. Other countries should take this incident as an object lesson on IT security. In a world where hacking is reported left and right, now isn’t the time to be cheap. If they really want to go cheap on servers, switches, backup and maintenance, there’s always IaaS. If they’re willing to entrust their money to the cloud.

Click to add a comment
Tech News

Our technology expert who knows a thing or two about the future, superheroes and Supernatural.

More in Tech News

the samsung galaxy note 7 bombs 2016 images

Samsung Galaxy Note 7 bombs

Marius MaronillaOctober 24, 2016
Bill Belichick doesn't hate Microsoft surface just bad technology 2016 images

Bill Belichick doesn’t hate Microsoft Surface just bad technology

Shane MclendonOctober 22, 2016
behold the nintendo switch is here 2016 images

Behold, the Nintendo Switch has arrived

Marius MaronillaOctober 22, 2016
gaming weekly playstation vr and resident evil hd kills it 2016 images

Gaming Weekly: Playstation VR and Resident Evil HD kills it

Max SmithOctober 19, 2016
microsoft defends surface tablet after bill belichick trashes it 2016 images

Microsoft defends Surface Tablet after Bill Belichick trashes it

Chris MauriceOctober 19, 2016
gears of war 4 remins us what we always loved about it review 2016 images

REVIEW: ‘Gears of War 4’ reminds us what we always loved about it

Max SmithOctober 18, 2016
microsoft throws shade at ios security 2016 images

Microsoft throws shade at iOS security

Marius MaronillaOctober 18, 2016
twitter ramping up video beyond phones with periscope 2016 tech

Twitter ramping up video beyond smartphones with Periscope

Jeffrey LangOctober 16, 2016
galaxy note 7 recall costing samsung over $5 billion 2016 tech images

Galaxy Note 7 costing Samsung billions

Jeffrey LangOctober 16, 2016

Subscribe to our Daily Newsletter

You will only receive one per day. You'll also get a free THE WALKING DEAD graphic novel with your subscription