A forensic team is examining all computers of the Bangladesh Bank to determine how a malware hacked into the payment system of the central bank and stole $101 million.
The team will hand its report by next two weeks, detailing how the fraudulence took place and if any BB officials were involved in the heist.
The BB told this to a team from the banking division of the finance ministry when it visited the central bank yesterday.
The hacking took place on the night of February 4, a Thursday, using information stolen through the malware, which sent a total of 35 transfer orders to the Federal Reserve Bank of New York where the BB has an account. The next two days -- Friday and Saturday -- were weekend in Bangladesh.
But eight officials of the BB, as they do by rotation, came to the office for carrying out foreign exchange transactions both on Friday and Saturday but found their computers inoperative, the BB informed the banking division officials.
However, the BB officials did not inform the higher authorities about the computer malfunction, said an official.
He said the BB high-ups came to know about the issue on Sunday and its IT department fixed the problem by restarting the system.
The powerful malware not only hacked into the system, but also destroyed the system on the computers itself, which are used by the officials to make transfer orders. Data on the printers were also destroyed by the malware.
The banking division expressed discontent over the BB not informing it about the case immediately and also over the fact that the bug was able to penetrate the supposedly powerful IT system in the first place, the official added asking not to be named.
To this, BB officials said the malware powerful enough to outsmart the BB security wall.
After a meeting with deputy governors, Banking Secretary Aslam Alam told reporters that the central bank appointed a forensic team to investigate the case, whose probe is underway.
“The investigators are checking all computers of the BB,” he said, adding that no doubt that there were flaws in BB's IT system.
After the heist, the government came to the realisation that the country's biggest risk lies in IT security, he said.
“IT security is not only about the Bangladesh Bank, but also about all financial institutions. Every bank has IT security systems in place. We have to examine anew how far they are secure.”
The BB will hold an emergency board meeting tomorrow, where the whole issue will be discussed and the next course of action determined, he said.
Speaking to the media, Deputy Governor Abu Hena Mohammad Razi Hassan said it would take two more weeks to complete the investigation.
He said an analysis of the IT security system of the central bank as well as the whole banking sector would be conducted and the systems of each bank would be checked.
He said the FBI had a strong cyber security unit and the capability to see what is happening around the world.
A negotiation with the FBI is underway. “We have had a preliminary discussion with them. We have to send the FBI a formal request.”
Hassan said some issues related to the due diligence by the New York Fed over the fund transfer are yet to be looked into.
He said the Fed enquired about some transfer orders purportedly sent from the BB. As result, the payment of the most of the funds was stopped. The Fed also wanted to know about the five transfer orders that slipped through.
“After getting no response from our side, those payments were made... There is a need to look into the issue. It now remains to be seen whether due diligence was maintained.”
On bringing back money that ended up in the Philippines and Sri Lanka, he said the accounts which have been frozen in the Philippines hold only $68,000 although $81 million was wired into the country.
The money had gone out of the banking channel, he said.