Bangladesh police detail suspicions of inside help in central bank heist
DHAKA: A top investigator into the electronic theft of US $81 million from the Bangladesh central bank is turning his attention to some IT technicians from the bank whom he suspects hooked up its transactions system to the public Internet, giving hackers access.
In a series of interviews this month, Mohammad Shah Alam, a Bangladesh police deputy inspector general who is heading investigations in Dhaka, went into some detail about how insiders at Bangladesh Bank may have helped in the execution of one of the world’s biggest cyberheists last February.
For instance, Alam said he was focusing on why a password token protecting the SWIFT international transactions network at Bangladesh Bank was left inserted in the SWIFT server for months leading up to the heist.
It is supposed to be removed and locked in a secure vault after business hours each day.
The failure to remove the token allowed hackers to enter the system when it was not being monitored, first to infect it with malware and then to issue fake transfer orders, he said.
Alam’s comments follow months of assertions by Bangladesh authorities that central bank officials were guilty of nothing more than negligence in the heist, in which hackers moved money out of the bank’s account at the Federal Reserve Bank of New York and sent it to individual accounts in the Philippines.
Reuters could not independently confirm Alam’s claims.
He declined to name any of the suspects. No one has been arrested and Alam did not provide any further evidence to back up his assertions.
Bangladesh Bank spokesman Subhankar Saha declined comment on the investigation.
He said the bank has not been told of any plans to detain any of its employees.
The US Federal Bureau of Investigation, among the agencies involved, had no comment on Alam’s claims. — Reuters