Group Report

Section 4

FIN433

SUBMITTED TO:

Hasan A. Mamun (HMU)

Faculty Member

North South University

Name ID
Mumitul Islam 132 0375 030
Shafkat Ahmed Latif 132 0157 030
Farhana Tanjila Rahman 141 0718 030
Ashfaq Bhuiyain 113 0979 030

SUBMITTED BY: M.A.A.S Corporation

BANGLADESH BANK
Bangladesh bank is the central bank of Bangladesh. Bangladesh bank was established in Dhaka,
1972 with effect from 16 December 1971, acting as the country’s central bank and regulatory
body for monitory and financial system (Bangladesh Bank, 2016). The Bangladesh bank
performs a number of functions including regulating the banking sector of the country,
managing foreign exchange and gold reserve as we as maintaining stability of price (Bahar &
Habibullah, 2009). Fazle Kabir is the Governor of Bangladesh Bank since 15 March, 2016
(bdnews24, 2016).

SWIFT Network

Society for Worldwide Interbank Financial Telecommunication, SWIFT is an alliance that acts as
a private and trusted operator for the sole purpose of communication among the member
banks around the world. SWIFT is based in Belgium and is inspected by national bank of
Belgium along with a committee composed of representatives from the US Federal Reserve, the
Bank of England, the European Central Bank, the Bank of Japan and other major banks
(Messaging and Standards, 2016). Financial institutions that use SWIFT have codes that identify
each institution as well as credentials that authenticate and verify transactions. Bangladesh
Bank is one of the current users of SWIFT network (Zetter, 2016).

BANGLADESH BANK HEIST

On February 4th, 2016 Bangladesh Bank became a victim of online hacking which resulted to a
reported $101 million worth of money being stolen in the process. Anonymous hackers
managed to use the SWIFT credentials of employees working for Bangladesh Bank to send
around three dozen fraudulent money transfer requests to the Federal Reserve Bank of New
York (Zetter, 2016). The request was for Federal Reserve Bank to transfer a total of $951 million
from the funds of Bangladesh bank to accounts in Sri Lanka, Philippines and other parts of Asia.
The Heist came close to a success as the hackers managed to transfer $81 million to Rizal
Commercial Banking Corporation in the Philippines via four different transfer requests and an
additional $20 million sent to Pan Asia Banking Corporation in a single request. However
Bangladesh bank managed to block $850 million in other transactions. $81 million from the first
transaction was transferred to four accounts at Rizal Branch in Manila which were opened on
May, 2015 with $500 and were completely inactive till the stolen money arrived (Schram,
2016).

Bangladesh Bank was able to uncover the situation due to a printing error that took place. The
bank’s SWIFT system is configured to automatically print out a record whenever a transaction is
taking place and it’s a 24 hour process. Every morning the workers check these papers for the
transactions that got confirmed overnight. On the morning of 5th February, Bangladesh Bank’s
director checked the printer tray only to find it empty and when the workers tried to retrieve
the data manually, they failed. The software on the terminal that connects to the SWIFT
network indicated that an important data was missing or had been altered (SUN, 2016).

After finally managing to retrieve the data on the following day, dozens of fraudulent
transactions came to light. The FED Bank contacted Bangladesh bank on the transactions but
was unable to receive any immediate answers. Bangladesh bank halted any other pending
transfer orders. Bangladesh Bank tried to communicate with SWIFT and FED on the matter but
the heist was perfectly time as it was weekend, making it impossible to get any viable answers
from the other side. A total of $101 million worth has been forwarded (Schram, 2016).

Bangladesh Bank was able to stop the transaction worth $20million by getting Pan Pacific
Banking to reroute the amount to Bangladesh Bank’s Fed account in New York, however the
rest of the $81 million was already being transferred and credited to four accounts for $25
million, $20 million, $30 million and $6 million (Abnews24, 2016).

This particular hacking might have been a perfect heist where they could have managed to steal
a far greater amount if not for a typing mistake in one of the transfer request which cause the
Federal Reserve Bank to raise the question. One of the fraudulent transfer requests was
supposed to go to a certain SHALIKA FOUNDATION, but the hackers misspelled “foundation” as
“fundation” (Abnews24, 2016).

Hackers targeted the central bank of Bangladesh mainly due to the inadequate use of proper
firewall. In an investigation that followed the incident claimed that Bangladesh Bank reportedly
used second-hand $10 switches to network computers connected to the SWIFT global payment
network (Fortune, 2016).

According to The Fortune hacker hacks the system with help of the malware. Investigator
suspects that hacker installed a malware in the Bangladesh bank’s system and observed the
process of withdrawal from its fed account for a month or more (Fortune, 2016). Investigators
also suggest that malware might be installed by sending an infected email to one of the staffs
(Dhakatribune, 2016).

FBI suspects that insider of the Bangladesh bank is involved in the Bangladesh bank heist. The
Federal Bureau of Investigation has found evidence that at least one employee help the hacker
to access the computer system. (BARRETT & O’KEEFFE, 2016)

Conclusion

The hackers installed malware on the bank’s network sometime in January to prevent taking
any sort of immediate action to uncover the fraudulent transfer, making it harder to track the
money that was lost in the process. Soon after the incident Bangladesh Central Bank Governor
Mr. Atiur Rahman has resigned from his post and the former financial minister, Mr. Fazle Kabir
took the positioned vacated (bdnews24, 2016). Bangladesh Bank has stated afterwards that
they were successful in recovering the amount that went to Sri Lanka. Still its working
thoroughly with the Philippines authorities to recover the remaining funds and $18 million has
recovered till July 29, 2016 (Abnews24, 2016).
Works Cited
Abnews24. (2016, july 21). Economy. Retrieved from Abnews24:
http://www.abnews24.com/english/2016/07/21/1940

Bahar, & Habibullah. (2009). Financial Liberalization and Reforms in Bangladesh.

Bangladesh Bank. (2016). Retrieved from www.bb.org.bd: https://www.bb.org.bd/aboutus/index.php

BARRETT, D., & O’KEEFFE, K. (2016). Economy. Retrieved from The Wall Street Journal:
http://www.wsj.com/articles/fbi-suspects-insider-involvement-in-81-million-bangladesh-bank-
heist-1462861549

bdnews24. (2016, may 31). Economy. Retrieved from Bdnews24.com:

http://bdnews24.com/economy/2016/05/30/probe-body-hints-at-involvement-of-insiders-in-
bangladesh-bank-heist

Dhakatribune. (2016). Business. Retrieved from Dhakatribune.com:

http://www.dhakatribune.com/2016/jul/21/bb-heist-video-how-hackers-made-millions

Fortune. (2016, march 12). TECH. Retrieved from Fortune.com:

http://fortune.com/2016/03/12/malware-bangladesh-bank-heist/

Messaging and Standards. (2016). Retrieved from www.swift.com: https://www.swift.com/about-

us/discover-swift/messaging-standards

Schram, J. (2016). Business. Retrieved from http://nypost.com/.

SUN, D. O. (2016). Business. Retrieved from Daily Sun: http://www.daily-sun.com/post/150248/After-

Bangladesh-Bank-heist-SWIFT-now-calls-in-outside-help-for-security

Zetter, K. (2016). Security. Retrieved from www.wired.com: https://www.wired.com/2016/05/insane-

81m-bangladesh-bank-heist-heres-know/