Report on “The Bangladesh Bank Heist”

Course : FIN433
Section : 03
Semester : Fall 2016

Submitted by- “VIOLET”

Name ID
1. Md. Shafiaur Rahman 1411485030
2. Shahrukh Khan 1320496030
3. Aminul Islam Arif 1411593630
4. Tonoy Majumder 1411484030

Submitted to-
Hasan A. Mamun

Lecturer, Department of Finance and Accounting

North South University

1|P a g e
This study source was downloaded by 100000805909469 from CourseHero.com on 12-08-2022 05:31:37 GMT -06:00

https://www.coursehero.com/file/31451089/The-Bangladesh-Bank-Heist-final-reportpdf/
 Introduction
Bangladesh Bank’s cyber security system has been challenged by the hackers who stole $101
million from its foreign currency reserve account with the Federal Reserve Bank of New York
leading to one of the biggest cyber heists in recent history.

What actually happened?

The Bangladesh Bank Scam is a series of events which actually took place on 4th February.
Hackers managed to steal $101 million in totals from which they transferred $81 million to Rizal
Commercial Banking Corporation (RCBC) in Philippines via four different transfer requests and
$20 million in a single request to Pan Asia Banking Corporation in Sri Lanka. They also tried to
steal another $850 million but The Federal Reserve closed the payment as it seemed to be
doubtful to the Bank’s authority. The most shocking part is that there were supposed to be
around 35 transactions via the SWIFT system which would have resulted in a deposited loss of
$951 million. However 30 transactions amounting to $850 million were blocked due to a spelling
mistake- ”fandation” instead of foundation for the NGO named Shalika Foundation in Sri Lanka
and also as such a large sum was unusual for an island nation. The hackers used the names of
several government infrastructure development projects to send the amount to Philippines. Those
are $30 million was sent to Lagrosas on behalf of Dhaka Mass Rapid Transit Development
Project, $25 million was sent to Vasquez supposedly on behalf of Kanchpur, Meghna and Gumti
2nd Bridges Construction Project, $6 million for Cruz supposedly on behalf of IPFF project cell
and $19 million for Vergara supposedly from Bheramara Combined Cycle Power Plan
Development Project.

2|P a g e
This study source was downloaded by 100000805909469 from CourseHero.com on 12-08-2022 05:31:37 GMT -06:00

https://www.coursehero.com/file/31451089/The-Bangladesh-Bank-Heist-final-reportpdf/
 That $81 million was transferred to the Rizal bank of Philippines and already credited to multiple
accounts; those accounts were belonged to casinos of Philippines. $29 million was sent to
Solaire, $31 million was delivered in cash to Weikang Xu and $21 million was sent to Eastern
Hawaii Leisure Company operated by Bloomberry Resorts. On February 5 and 9, the hackers
tried to withdraw the money, but it was halted because of Bangladesh Bank’s request.

On November 07, central bank received $15 million from Philippine central bank which was
provided by casino boss Kim Wong and his Eastern Hawaii Leisure Company and those money
are now secured in the vault of Philippine’s central bank. “On Monday, a team of Bangladesh
central bank arrived in Manila to take back its $15 Million of the $81 Million stolen funds
surrendered by Chinese-born Kim Sin Wong, casino's junket operator of Eastern Hawaii Leisure
Company.” (Khandelwal, 2016)

Previously, a Philippine court in September ruled that Bangladesh Bank was the rightful owner
of this money so they should be handed over the money. Bangladesh Bank has taken some
serious steps and started to procedure to recover the rest $66 million.

3|P a g e
This study source was downloaded by 100000805909469 from CourseHero.com on 12-08-2022 05:31:37 GMT -06:00

https://www.coursehero.com/file/31451089/The-Bangladesh-Bank-Heist-final-reportpdf/
 Who were responsible for the Bangladesh Bank heist?

 Involvement of Twenty Foreign Nationals

It has been claimed by CID that 20 foreigners were in connection with the theft of $101 million
and they were from Sri Lanka, Philippines, Japan and China. Additional DIG of crime
investigation department, Shah Alam, disclosed this to a group of reporters at the CID
headquarters in the capital. May be the CID team will revisit the two countries again for
obtaining more information.
"We don’t want to disclose the names and details of the foreigners. We'll seek help from Interpol
to arrest them," the CID boss said. (Independent, 2016)

 Negligence of Bangladesh Bank Officials

The chief of the investigation team visited to Sri Lanka and Philippines in order to investigate the
case. He not only found involvement of the foreigner but also found negligence of Bangladesh
Bank’s officials in the heist. He said that “We have to find out whether security lapses were
willful or ignorance of knowledge" (Ahmed, n.d.).

 Insecure Protection System of Bangladesh Bank

Computer system of Bangladesh Bank was not secured by Firewall. In November, 2015,
Bangladesh Bank connected a new electronic payment system named Real Time Gross
Settlement (RTGS). From then, the protection of network system of Bangladesh Bank was weak.
“It had not protected its computer system with a firewall, and it had used second-hand $10
electronic switches to network computers linked to the SWIFT global payment system, according
to Mohammad Shah Alam, head of the Forensic Training Institute of the Bangladesh police's
criminal investigation department.” (Reuters & York, 2016)
As a result, hackers had used the advantage of these weaknesses of network of Bangladesh Bank.

 Unprotected SWIFT System

A new Electronic Payment System named Real Time Gross Settlement (RTGS) was linked with
the SWIFT system but there was no anti- virus installed to protect the system from cyber-attack
or virus. So, SWIFT is responsible for the scam. “Primarily, SWIFT is responsible for the
incident,” Mohammed Farashuddin, the head of the three-member panel, told reporters at the
BB yesterday at his first media briefing on the heist. (Correspondent, 2016)

4|P a g e
This study source was downloaded by 100000805909469 from CourseHero.com on 12-08-2022 05:31:37 GMT -06:00

https://www.coursehero.com/file/31451089/The-Bangladesh-Bank-Heist-final-reportpdf/
  Weakness of the Fed
There was not system for the Fed to prevent any fraud or to stop any payment instantly. Fed was
too much dependent on SWIFT for fund transfer. So, hackers had used the advantage of the
weakness of the Fed.

 Three Hacking Groups from Different Countries

Forensic Investigation report conducted by FireEye which is a cyber security organization
identified that 3 hacking groups were involved in this heist. Among those three groups two
groups were from Pakistan and North Korea. “It hasn’t found enough data to determine whether
the third group, the actual culprit, was a criminal network or the agent of another nation.”
(Devnath & Riley, 2016)

 Suspected Insider
FireEye was unable to determine how hackers entered into the Bangladesh Bank Network. But it
assumed that someone from Bangladesh Bank was responsible for installing Malware in the
system. The hacking was caused by a Malware virus in the system as reported in the media.

 Involvement of RCBC
Branch Manager of RCBC was suspected to remain involved in this heist because she was
caught with illegal money just after the heist. She also gave authorization of fund transfer
through her bank.

 Involvement of Casino Owner

The owner of Casino Mr. Kim-Wong was also suspected as money got transferred and spread
through his casino.

Why Bangladesh Bank become the objective for the hackers?

The security system of Bangladesh Bank was very poor. A malware was installed in the
Bangladesh Bank computer which was a major cause of this cyber attack. The security system of
Bangladesh bank is not enough strong to defend people's money and if it is going like this, it will
impact us badly in future.

5|P a g e
This study source was downloaded by 100000805909469 from CourseHero.com on 12-08-2022 05:31:37 GMT -06:00

https://www.coursehero.com/file/31451089/The-Bangladesh-Bank-Heist-final-reportpdf/
 How Bangladesh can recover the remaining money?

Bangladesh has to go through a lengthy legal process to recover the money.

BB officials said that, the laundered money can be recovered through the Stolen Asset Recovery
Initiative (STAR).

This laundered money can also be recovered through the Stolen Asset Recovery Initiative, which
is a partnership between the World Bank Group and the United Nations Office on Drugs and
Crime that supports international efforts to end safe havens for corrupt funds.

There are also some other steps that can take to recover the money. For starting the investigation,
they have to file a case under the cybercrime law. On November 30,2016, government decided to
put a case against federal reserve bank for the heist, confirmed by honorable Finance Minister
Abul Mal Abdul Muhit. (“Somoy news: Online live TV,” n.d.)

Resignation of the Governor

Bangladesh Bank Governor Atiur Rahman submitted his resignation letter to Prime Minister
Sheikh Hasina on 15th March 2016 for the heist of $101 million from the central bank account
with the New York Federal Reserve Bank. New governor Mr. Fazle Kabir was appointed on the
same day.

Deputy Governors Quasem & Nazneen sacked after Dr. Atiur Rahman steps down as Bangladesh
Bank governor. After their removal, the central bank now has two deputy governors- Abu Hena
Mohd Razee Hassan and SK Sur Chowdhury.

Conclusion

The $81 million money laundering scandal is now considered as one of the biggest bank heists in
Asia. Bangladesh Bank has recovered the full amount that went to Sri Lanka and recovered $15
million from Philippines authorities till November 09, 2016 (Khandelwal, 2016).

“The rest $65.68 million remained unidentified and Bangladesh Bank started to procedure to
recover that amount.” (Alo & Homepage, 2016)

In the digital age, cyber criminals are increasing day by day and it is proved that hackers can
operate from various parts of the globe. It is not so easy to secure our deposits, transactions and
security system. Hacking, laundering and breaching of security systems can surely be happen
and it is the high time that we should adopt advanced techniques to stop them.

6|P a g e
This study source was downloaded by 100000805909469 from CourseHero.com on 12-08-2022 05:31:37 GMT -06:00

https://www.coursehero.com/file/31451089/The-Bangladesh-Bank-Heist-final-reportpdf/
 Reference:
1. Cabalza, D., free, E.-R. branch manager, & bail (2016). 2016 Bangladesh bank heist. In
Wikipedia. Retrieved from https://en.wikipedia.org/wiki/2016_Bangladesh_Bank_heist
2. Zetter, K. (2016, May 17). Mesmerizing commute maps reveal we all live in mega-
regions, not cities. Retrieved December 2, 2016, from Security,
https://www.wired.com/2016/05/insane-81m-bangladesh-bank-heist-heres-know/
3. Retrieved December 2, 2016, from http://www.thefinancialexpress-
bd.com/2016/11/12/52809/Heist-money-recovered- in-part
4. Khandelwal, S. (2016, November 9). SWIFT hack: Bangladesh bank recovers $15
Million from a Philippines casino. . Retrieved from
http://thehackernews.com/2016/11/bangladesh-swift-hack-casino_9.html
5. Independent, T. (2016, April 19). 20 foreigners linked with BB heist: CID. Retrieved
December 2, 2016, from http://www.theindependentbd.com/printversion/details/41088
6. Ahmed, H. 20 foreign nationals involved. Retrieved December 2, 2016, from
http://www.newstoday.com.bd/index.php?option=details&news_id=2440511&date=2016
-04-19
7. Reuters, D., & York, N. (2016, July 21). How the New York fed fumbled over the
Bangladesh bank heist. . Retrieved from http://www.thedailystar.net/business/how-the-
new-york-fed-fumbled-over-the-bangladesh-bank- heist-1257268
8. Correspondent, S. (2016, May 16). BB heist: ’SWIFT is responsible’. . Retrieved from
http://www.thedailystar.net/frontpage/swift-responsible-1224577
9. Devnath, A., & Riley, M. (2016, May 10). Bangladesh bank heist probe said to find
Three hacker groups. . Retrieved from https://www.bloomberg.com/news/articles/2016-
05-10/bangladesh-bank- heist-probe-said-to-find-three-groups-of-hackers
10. Somoy news: Online live TV. Retrieved December 2, 2016, from http://www.channel-
bd.com/channel.php?id=29
11. BB governor Atiur Rahman resigns. Retrieved December 2, 2016, from
http://www.mtnews24.com/top_news/658/contact_us.php
12. Khandelwal, S. (2016, November 9). SWIFT hack: Bangladesh bank recovers $15
Million from a Philippines casino. . Retrieved from
http://thehackernews.com/2016/11/bangladesh-swift-hack-casino_9.html
13. Alo, J. N., & Homepage (2016, September 20). Court orders BSP to return recovered
money to Bangladesh. Bangladesh. Retrieved from
http://www.dhakatribune.com/bangladesh/2016/09/20/court-orders-bsp-return-recovered-
money-bangladesh/

7|P a g e
This study source was downloaded by 100000805909469 from CourseHero.com on 12-08-2022 05:31:37 GMT -06:00

https://www.coursehero.com/file/31451089/The-Bangladesh-Bank-Heist-final-reportpdf/
Powered by TCPDF (www.tcpdf.org)