DAWN.COM

Today's Paper | December 23, 2024

Updated 13 Mar, 2016 08:33am

How a simple spelling mistake helped stop a $1bn digital bank heist

It was just a few letters off: Someone misspelled “foundation” as “fandation” on an online payment transfer request. But that simple typo helped stop hackers from getting away with a nearly $1 billion digital heist last month, Reuters reports.

Hackers broke into the Bangladeshi central bank’s computer systems, according to anonymous officials at the financial institution cited by Reuters, stealing the credentials needed to authorize payment transfers. The attackers used the stolen information to ask the Federal Reserve Bank of New York to make massive money transfers — nearly three dozen of them — from the Bangladeshi bank’s account with the Fed to accounts at other financial institutions overseas.

Four transfers to accounts in the Philippines, totaling abut $80 million, worked. But then a fifth request, for $20 million to be sent to an apparently fictitious Sri Lankan nonprofit, was flagged as suspicious by a routing bank due to the “fandation” error.

The Bangladesh central bank was able to stop that transaction after the routing bank asked for confirmation. “The Sri Lankan bank did not disburse it immediately, and we could recover the full amount,” the central bank told the Financial Times.

The requests waiting to be processed — amounting to a total of between $850 million and $870 million, according to an unnamed official cited by Reuters — were also halted. So if it weren’t for that typo, the attackers may have escaped with an even bigger payday.

Bangladesh’s finance minister has blamed the incident on the Federal Reserve and said his government will “file a case in the international court against” the financial institution, according to local outlet the Dhaka Tribune.

A New York Fed spokesperson denied the accusation, telling The Washington Post in a statement that “there is no evidence of any attempt to penetrate Federal Reserve systems in connection with the payments in question” or that the institution’s systems were compromised. According to the spokesperson, the payment instructions were “fully authenticated” using standard methods.

“The Fed has been working with the central bank since the incident occurred and will continue to provide assistance as appropriate,” the spokesperson said.

Bloomberg-The Washington Post News Service

Published in Dawn, March 13th, 2016

Read Comments

May 9 riots: Military courts hand 25 civilians 2-10 years’ prison time Next Story