back to article A typo stopped hackers siphoning nearly $1bn out of Bangladesh

Cybercrooks looted more than $80m from Bangladesh’s central bank in one of the largest known bank robberies in history. Fraudsters used stolen credentials to make illegitimate cash transfers from the Bangladesh government’s reserve account at the Federal Reserve Bank of New York. The damage could have been even worse. If …

  1. Tom Chiverton 1

    "this can have a devastating impact on any company "

    Or, indeed, country.

    1. The Man Who Fell To Earth Silver badge
      WTF?

      “It’s also worrying that Bangladesh’s central bank is passing blame when, as a financial institution holding vast amounts of funds, it needs to take responsibility for its own security posture.”

      Seriously? Does anyone really expect any country as thoroughly corrupt as Bangladesh to take responsibility for its involvement in anything with bad results? Get real.

      1. Alumoi

        Seriously? Does anyone expect any company to take responsibility for its involvment in anything with bad results? Get real.

        Especially when we're talking about banks.

  2. Halfmad

    Spelling mistake didn't prevent it.

    Vigilant staff did, ordinarily this would probably have got passed these checks.

    1. scrubber

      Re: Spelling mistake didn't prevent it.

      I see what you did there...

      1. AC Wilson

        Re: Spelling mistake didn't prevent it.

        I seed it to.

        1. Anonymous Coward
          Anonymous Coward

          Re: Spelling mistake didn't prevent it.

          You wouln't pass this Czech.

  3. Destroy All Monsters Silver badge
    Windows

    Bah

    Totally pales against a 3 billion USD-per-month "Quantiative Easing" Repubocrat-condoned robbery of the taxpayer via fresh "money" injections. The EU is even worse with Mahrio N'Dhraghi nuking the Eurozone wholesale from the ECB orbit (with that kind of name the guy must be an alien "who comes in peace")

    We need an icon where someone is requesting a smoke and otherwise looks blasé when facing certain end.

    1. Anonymous Coward
      Anonymous Coward

      Re: Bah

      So because someone doesn't have an American name (it's Mario Draghi btw) then he must be some kind of alien despite it being a normal Italian name?

      Geez Xenophobia is rife now that gool ol' Donald is en vogue.

      Is QE really that bad, with an inflation rate of less than 1% for the previous 2 years and still less than 2%, it seems a pretty good idea.

      1. PNGuinn
        Joke

        Re: Bah @ ac

        Sorry - -1.

        OP DOM's spelling was way funnier.

    2. I ain't Spartacus Gold badge

      Re: Bah

      Destroy All MOnsters,

      You don't appear to understand QE, or inflation (which there isn't much of at the moment), or the devastating economic effect of deflation in highly indebted economies. Given that many peoples' pensions and investments are held in government debt instruments, the alternative to QE (almost certainly deflation and massive government defaults) is too horrible to think about.

      QE isn't a money injection, or money printing, as it's a reversible process designed to force down market interest rates.

      1. HereIAmJH

        Re: Bah

        A bigger problem than QE in the US is the overnight lending rate being at or close to 0. Basically this is for banks borrowing money from the Federal Reserve Bank at extremely low rates to cover short term shortfalls due to latency in the banking system. Since money transfers now are merely data transactions, there is nothing to stop them paying tonight's loan with a new one tomorrow. So the money that the bank loans you on your Visa card at 10-20% they can borrow at about 1% from the Fed. The stated goal is to keep interest rates low to encourage borrowing (mortgages, business equipment, etc) to spur the economy. But the effect of low interest rates means that you can't earn anything on your savings, thus forcing retirement accounts into more risky stocks. The banks have been gradually increasing their interest rates while getting a taxpayer subsidy.

        1. cambsukguy

          Re: Bah

          Unless you are buying food to prevent yourself starving or heat to prevent yourself freezing, borrowing money on a CC that isn't paid back in full, interest-free, is financially only slightly better than using a money lender or the modern corporate equivalent, Wonga et al.

          We have a weird situation in the UK, also in Spain at least. Current accounts can pay interest that is seriously higher than can be gotten elsewhere, at least on some of the holding.

          For instance, Santader pay 3% on £20000, with a fully-working current account. That is hard to match anywhere normal. Interestingly, the limit is 15000 Euro in Spain.

        2. Anonymous Coward
          Anonymous Coward

          Re: Bah

          Thing is, investors know this so an extended stint at near-zero makes them skittish. Raising loan rates does this, too, meaning banks run a risk there, too if people start calling in savings and find other banks to finance their investments. Fortunately, the rate has recently risen, meaning the Fed sees the economy stabilizing and this will put pressure on the banks to make sure their affairs are in order.

    3. Primus Secundus Tertius Silver badge

      Re: Bah

      N'Draghi??

      No, this is not US non-recognition of foreigners. It seems to be hinting at the Naples version of the mafia, the Ndrangheta.

  4. Keith Glass

    And yet nobody. . .

    . . . is pointing out that the SWIFT system had to be at least partially compromised to make this even possible. . .

    1. Tom Chiverton 1

      Re: And yet nobody. . .

      How so ? They probably bribed or threatened someone in the Bangladesh government, rather than in SWIFT.

      1. Keith Glass

        Re: And yet nobody. . .

        They still had to get access to the SWIFT network . . . most SWIFT traffic is on a private network. .. .

        1. JeffyPoooh Silver badge
          Pint

          Re: And yet nobody. . .

          "...most SWIFT traffic is on a private network."

          = Most of the doors on my house are locked. ??

          Not even considering alligator clips attached somewhere along the network.

    2. allthecoolshortnamesweretaken

      Re: And yet nobody. . . / SWIFT (not Taylor) / question

      That reminds me: 'money transfers' between banks are electronic messages, i.e. data packets. Bank computer Alice sends a message to bank computer Bob and makes a note that account number 123456 has [amount of money] less in it. Bank computer Bob makes a note that account number 654321 has added [amount of money] to it. Obviously credentials are exchanged etc etc.

      IIRC the NSA has compromised SWIFT in the past*. Would they be able to pull off a MITM caper that creates money out of thin air by making Bob believe he received a transfer from Alice (that Alice never did send)? If so: hello even-blacker-than-usual budget!

      * During the first Gulf War they could provide a list of Iraq'a assets all over the world within a couple of days, for all practical purposes bank statements. This was needed to freeze the assets.

      1. Anonymous Coward
        Anonymous Coward

        Re: And yet nobody. . . / SWIFT (not Taylor) / question

        "a MITM caper that creates money out of thin air by making Bob believe he received a transfer from Alice (that Alice never did send)?"

        This wouldn't actually create money. It would effectively transfer money from Bob's bank to Bob as the bank now has a greater liability towards Bob, but no additional assets to show for it. Even though the immediate transfer doesn't happen with physical money, the bank's accounts are only backed by printed money and other assets.

  5. Stevie Silver badge

    Bah!

    If shady transactions weren't SOP in the banking world this would have been spotted straight away.

    Own goal, bankers.

  6. John Lilburne

    The Fed ought to be well versed with fraudulent activity ...

    ... sub-prime mortgages, lehmann brothers, libor, ...

  7. Diodelogic

    What surprises me

    I had no idea that Bangladesh HAS that much money in the bank.

    1. Anonymous Coward
      Anonymous Coward

      Re: What surprises me

      > I had no idea that Bangladesh HAS that much money in the bank.

      They don't any more.

      1. Diodelogic

        Re: What surprises me

        According to the article, the bad guys made off with maybe 10% of the total of nearly one billion dollars. I wouldn't mind having the rest.

        1. Anonymous Coward
          Anonymous Coward

          Re: What surprises me

          I have trillons of (Zimbabwe) dollars. I'll happily trade you

  8. Marketing Hack Silver badge
    Holmes

    Now, if the private account transfer had been in the name of a Bangladeshi cabinet minister

    It would probably have gone through.

    (While we're on the subject, is there a guy in the Bangladeshi government who's name is "Fandation"? Someone get Sherlock on the case.)

  9. Jason Bloomberg Silver badge
    Joke

    $950m

    It's enough to make me consider trying it. I'll make sure I invest in a spielling chucker firts.

  10. GrumpenKraut Silver badge

    Spelling

    The difference between knowing your shit and knowing you're shit.

  11. Velv Silver badge
    Pirate

    Did the thieves get the spelling wrong on the transfer, or was the spelling wrong on the original email from the Nigerian Prince?

  12. Ian Emery Silver badge
    Pint

    I just checked my account

    They havent stolen my £13.76p yet.

    (it was nearer £20 before I ordered the pint).

    1. Stevie Silver badge

      Re: I just checked my account

      Seven quid for a pint????

      You've let the place go to the dogs since I left for America. I can get Ruddles County cheaper than that over here (sometimes).

      Wouldn't have happened in my day, fought them on the beaches, lowered standards etc, more etc.

      1. Jan 0
        Pint

        Re: I just checked my account

        @Stevie

        Ruddles has been badge engineering since Watneys bought it. Now if you could get a pint of Green Jack's "Baltic Trader" for 7 quid in America, I'd be impressed.

        This is not off topic, Green Jack has probably brought the GDP of Lowestoft close to that of Bangladesh. Did this exploit do more to harm the Bangladesh economy than our recent ban on Alphonso mangoes?

      2. GrumpyOldBloke

        Re: I just checked my account

        @Stevie - your fighting them on the beaches was exactly what led to this problem.

        Hitler nationalising his currency was what triggered the war. The brave British Bulldog in the service of the money lenders fought to get it back under private control. "We will force this war upon Hitler, if he wants it or not." - Winston Churchill (1936 broadcast). Now everyone is up to their eyeballs in debt to private parties who have the ability to create a nations currency out of thin air and charge governments and people interest for the pleasure of doing so. We have seen the rich start to eat their own as a result of this debt pressure, we have seen predatory behaviour in august banking institutions due to this debt pressure. That smaller countries are now coming under direct attack via the international banking system is not a surprise but business as usual. The last country to default wins - then loses.

        "Germany’s unforgivable crime before WW2 was its attempt to loosen its economy out of the world trade system and to build up an independent exchange system from which the world-finance couldn’t profit anymore. ...We butchered the wrong pig." -Winston Churchill (The Second World War - Bern, 1960)

        1. JLV Silver badge
          Facepalm

          Re: I just checked my account

          >Hitler nationalising his currency was what triggered the war.

          And here I was, thinking that invading Poland had something to do with it.

          1. GrumpyOldBloke

            Re: I just checked my account

            Using reaction / response to justify a conflict - in the case of WW2 the Poles crossing the German border and the killing of German citizens - is a pattern we see repeated today. Al Qaeda / ISIS in the Middle East. Kuwait horizontal drilling / Iraq. Just about every conflict involving the CIA in South America, terrorists / resource rich regions of Africa. Georgia / Odessa. What the Western Warmongers are trying to achieve with Donbass / Russia. By the time war is actually declared or comes to the mind of the public the hard work is done and all that is left is for the propagandists to justify the actions in simple terms for a nationalistic unthinking public. Reference some of Churchill's early quotes - a resurgent Germany was primarily an economic threat to the UK. Preparations for the war against Germany can be seen back as far as 1933 with the global boycott of German goods and Companies - a bit like the 10 year siege on Iraq or Iran or Russia or you see the pattern. Using the Poles to start the official hostilities was merely the end of the beginning. Looking at the current NATO buildup in Poland it seems the Poles may be foolish enough to play this role again.

            1. JLV Silver badge

              Re: I just checked my account

              Are you claiming Adolf was just a poor misunderstood soul? And that we got tricked into fighting him? Really? Chamberlain, anyone?

              Plus, your central premise, "nationalizing a currency" makes no sense. Currencies, absent special cases like the Euro, pegs or just using someone else's currency, are inherently a national concern. Did you mean something else? Maybe whatever steps they took to stabilize hyperinflation? Defaulting? If so, why not be clear about what you meant?

        2. kyza

          Re: I just checked my account

          That the system of finance has a lot of Jewish names in it probably had more to do with AH's decision making process than some principled desire to free the volk from debt-slavery...

          1. GrumpyOldBloke

            Re: I just checked my account

            @Kyza and JLV. Hitler was no saint however there were a few things he got right. Debt free money was one of them. The Jewish angle cannot be ignored but even that is not as black and white as the propaganda would have us believe with a number of Jews serving in Hitler's military up to senior ranks. Jews perhaps can see that the interests of the banking families are not the same as the interests of the factory worker. The history of anti-Semitism in Europe suggests that the Jew in the street has paid a high price for the excesses of their peers in the mansions - as we all have.

            JLV - in regards nationalizing a currency. In most countries money is not created by the state. The government offers securities (typically interest bearing bonds now that they have no more gold) to private banks who in turn leverage these securities to loan money back to governments / industry / people at additional interest. This is an insanely profitable business to be in - a cut of a few % of global commerce. The trap is that when the money is created as a loan the interest is not created at the same time - that must be created by further borrowing, etc, etc. In times of prosperity - monetary expansion - what is actually happening is economies are sinking further into debt. This is well understood but considerable pressure is applied to anyone who wants to break free from the system. Eg, Libya, Iran, US (audit the fed), Russia (pre Czar) and of course Germany pre WW2. Hitler stabilised Hyper Inflation by abandoning the debt based money and moving to debt free money issued by the state. Per Churchill’s quote in my post above "to build up an independent exchange system from which the world-finance couldn’t profit anymore". With debt free money there is little need for the financial middle men with the power to create money out of thin air while taking a cut of every transaction. Consider the city of London, what an absolutely worthless place it would be without the ability of the financial middlemen to take a cut of every transaction. As we saw with the libor rate manipulation, even excess is not enough.

            There is a lot information available comparing privately issued debt based currencies to debt free money. it is the driving force behind the destruction of the environment in pursuit of endless growth, it is the root cause of inequality and of course in the west’s wars of aggression to try and maintain their currencies against the burden of debt by stealing others assets.

            1. JLV Silver badge

              Re: I just checked my account

              >The history of anti-Semitism in Europe suggests that the Jew in the street has paid a high price for the excesses of their peers in the mansions

              Yeah, 6 million. Jews generally were banned from a lot of activities in Europe, by the Church and xenophobia. They turned to money making pursuits, such as the professions and banking (also banned specifically by the Church). Too successful? Gas them. Excellent way to get a banker off your back, wouldn't you say?

              >Hitler was no saint however

              >...with a number of Jews serving in Hitler's military up...

              Nice. Always open to abuse by cutting out of context, but, still, nice.

              Despite launching the National Socialist Party, Hitler was supported by many of the rich industrialists you despise. Why? Because he was anti-Communist. And because they stood to make a killing from re-industrialization and re-armament.

              I am much more into the military side of WW2, so I am not too qualified, but some have claimed that going to war, or rather pillaging even without warfare, was necessary for Germany. All the IOUs he had accumulated from 33 on were going to bankrupt Germany unless he found some $ elsewhere. In Czechoslovakia without a fight. In Poland, France and Holland later. Ever read about the 44 winter in Holland and its mass starvation because all the food was getting sucked out?

              And certainly, Germany partially lost the war because it tried to wage it on the cheap. Why was Nazi production rising in 43 and 44 despite bombings? Because Speer was finally putting them on full-on war footing which AH had avoided before for PR reasons.

              Hardly signs of super economic management by AH & all. AH's rise and WW2 might have been caused by excessive Versailles punishment. But that's not your debate, is it? Nothing like a good conspiracy theory in the middle of a security breach article.

      3. Vic

        Re: I just checked my account

        Seven quid for a pint????

        I've (accidentally) paid over £6 for a pint.

        It's not something I'll do regularly, but it was worth every penny...

        Vic.

        1. Vic

          Re: I just checked my account

          I've (accidentally) paid over £6 for a pint.

          Erratum - it was over £8 for a pint.

          Still worth it...

          Vic.

    2. Stuart 22

      Re: I just checked my account

      "They havent stolen my £13.76p yet."

      Its when they steal your unauthorised overdraft that is really going to hurt. "No, I've never been near a Phillipino Casino" isn't going to cut much ice with your bank's Bangladeshi based call centre.

      Mind you simple people like me can get confused between 'banks' and 'casinos'.

      1. allthecoolshortnamesweretaken

        Re: confusing banks and casinos

        There is a simple way to tell them apart. Casinos have bars for their customers - you try getting a proper Grasshopper from the guy behind the counter at any bank...

      2. macjules Silver badge

        Re: I just checked my account

        The difference is very simple. One is run by shady men and women with ties to the criminal underworld and a penchant for ignoring money-laundering laws and guidelines. The casinos on the other hand tend to be run in a well-regulated manner.

  13. PhilipN Silver badge

    Tip of the iceberg

    Wake up everybody.

    I have had 2 clients done by similar but even more sophisticated email scams in the past couple of months. One for US50K the other for 500.

    And don't bother with a police report. Once the money is gone it is gone and tracing will not work, the scam is that well planned.

    Wake up everybody - or did I say that already.

  14. macjules Silver badge
    Facepalm

    and in other news ...

    A North Korean government computer hacker was executed yesterday on the grounds of his inability to spell the word 'foundation'.

    1. Anonymous Coward
      Anonymous Coward

      Re: and in other news ...

      Ironically, he's now a part of the foundation of Dear Leader's new Perpetual Motion Development Centre!

  15. Securitymoose

    Large transfer to Philippines didn't flag a suspicious transaction alert?

    In every bank in the UK, even the lowliest teller is trained to spot a number of countries which are suspect for dodgy transactions. We can only assume that the systems were automated, and that the real people to blame are the techies for not putting in a trap for that sort of suspicious behaviour. And it took Deutsche Bank to spot it. They say a fool and its money are soon parted - the US and Bangladesh should be thanking the Germans for having a system that isn't full of holes.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019