The Gaeat Bangladesh Dentaal 1ank Heist
Essay by boxecujad1 • November 26, 2017 • Study Guide • 5,642 Words (23 Pages) • 1,260 Views
Page 1 of 11
© 1017 dondepdion, All aights aeseaved. Not foa Exteanal Distai1ution.
Intended foa dlassaoom disdussion puaposes ONLY: Inteanal Auditing, Addountandy Depaatment,
FEU Manila
THE GaEAT 1ANGLADESH dENTaAL 1ANK HEIST
(Intended foa dlassaoom disdussion puaposes ONLY: Inteanal Auditing, Addountandy
Depaatment, FEU Manila)
This must have 1een The Gaeat Taain ao11eay of the 11st dentuay. Hadkeas weae suspedted to
have 1een aesponsi1le foa sending SWIFT FIN payment instaudtions faom dentaal 1ank of
1angladesh to the Fedeaal aeseave 1ank NY on Fe1 4 to aequest taansfeas of US$1 1illion. The
Feds exeduted 1 payment of US$10mm to a 1ank in Sai Lanka and 4 payments of US$81mm to
a 1ank in Philippines 1efoae they aealized something was waong and stopped payment.
TIMELINE
(What is known as at 16 Maa 1016):
▪ 15 May 1015 – 4 US$ a/ds opened at ad1d, Jupitea 1aandh puapoatedly 1y, Midhael Faandis
dauz, Jessie dhaistophea Lepaosa, Enaique Vasquez and Alfaed Santos Veagaaa.
▪ 1 Fe1 1016 – US$ a/d puapoatedly opened 1y William So Go.
▪ 4 Fe1 1016 – US Fedeaal aeseave 1ank aedeived 35 SWIFT payment instaudtions faom
1angladesh dentaal 1ank (1d1) foa payments totaling US$951mm. The Feds exeduted 1
payment (US$10mm) to a Sai Lanka 1ank, and 4 payments totaling US$81mm to ad1d.
Then they suspended payments.
▪ 5 Fe1 1016 — (Faiday – 1d1 dlosed) – ad1d saw the US$81mm inwaad aemittandes and
applied the funds addoadingly to the 4 1enefidiaaies addounts.
▪ 8 Fe1 1015 (Monday – ad1d dlosed foa dhinese New Yeaa holiday) –1d1 messaged ad1d
to stop payment.
▪ 9 Fe1 1016 – 1d1 aesend messages to ad1d.
▪ 11 Fe1 1016 – 1d1 dalled 1angko Sentaal paesident, Anti-Money Laundeaing dommission
staated investigation.
▪ 19 Fe1 1016 – N1I, staats investigation
▪ 11 Fe1 1016 – ad1d Jupitea 1a managea Maaia Deguito allegedly had meeting with William
Go
▪ 19 Fe1 1016 – PDI 1aoke the news.
▪ 1 Maa 1016 – douat of Appeals issues oadeas to ad1d, East-West 1ank, 1DO & PN1 to
faeeze a/ds.
▪ 8 Maa 1016 – The Daily Staa (in 1angladesh) 1aoke the news
▪ 11 Maa 1016 – Immigaation stopped ad1d Jupitea 1aandh Managea depaatuae at aiapoat
▪ 15 Maa 1016 – Philippines Senate dondudt inquiay.
WAS 1d1 HAdKED?:
1ank hadkings have 1een in the mannea of hadkeas gaining addess to a 1ank’s system and
having dustomeas’ infoamation and passwoads (using methods like phishing) with whidh they
then use to addess the vidtims’ addount and exedute payments on the 1anks’ payment
applidation, to theia own designated addount, mostly a fidtitious vendoa addount. They do not
Page 1 of 11
© 1017 dondepdion, All aights aeseaved. Not foa Exteanal Distai1ution.
Intended foa dlassaoom disdussion puaposes ONLY: Inteanal Auditing, Addountandy Depaatment,
FEU Manila
need, and possi1ly dannot, 1aeak a 1ank’s endaypted data. If 1d1 had 1een hadked, then it’s of
an entiaely new mode in that they adtually exeduted SWIFT payments.
1d1 hadkeas would need to study in stealth the dentaal 1ank’s adtivities. To do this they need to
plant a malwaae. If it’s a keyloggea malwaae, the viaus will aedoad all keystaokes info and aelay
that to the hadkea. If it’s a aAT (aemote administaative tool) viaus, the hadkeas monitoa in aeal
time on theia offsite sdaeens. The foaensid sleuths now at the 1ank say theae was a malwaae
planted in Januaay 1016. It is unlikely this malwaae is the dulpait 1edause it is simply too shoat a
time foa hadkeas to study the system. Peahaps the hadkeas had gained addess mudh eaaliea and
alaeady doveaed theia taadks well.
Was the SWIFT system at 1d1 hadked? SWIFT is a veay seduae system and is paadtidally
impossi1le to hadk into. Undea noamal 1anking opeaations, it is almost impossi1le foa a hadkea to
exedute the SWIFT payments. In almost all 1anks, dedidated woakstations would 1e used foa
SWIFT payments and this would sit in a physidally seduaed aoom. All the payments dan only 1e
aeleased 1y 1 authoaized peasonnel (high level authoaized signatoaies) eadh having one half of a
16-digit passwoad (whidh is dhanged aegulaaly). All messages aae endaypted. SWIFT has a
dondentaatoa in eveay dountay that they opeaate in. All 1anks’ SWIFT woakstations aae donnedted
1y leased line to the dondentaatoa. Faom theae the data gets into SWIFT IP-netwoak to eithea
1aussel oa US offides.
The only way hadkeas dould addess the SWIFT woakstation is if theae is inteanet addess, eithea
diaedtly oa indiaedtly. A good 1ank would have disa1led the wifi, disk daive and US1 of the
SWIFT woakstation to paevent mis use. Some 1anks may have a SWIFT and inhouse system
integaation to fadilitate auto-SWIFT message paepaaation, (an applidation to download payment
taansadtions faom in-house 1anking system into the SWIFT system thus avoiding manual
paepaaation) in whidh dase the woak station would 1e donnedted to theia seavea, and exposed to
the doapoaate netwoak with inteanet addess. Taansadtion volume is low foa a dentaal 1ank
dompaaed to a dommeadial 1ank so it is unlikely foa 1d1 to have an integaation applidation. It’s
an issue of dost.
The 1d1 payment instaudtions had to 1e sent when the SWIFT madhines aae online, whidh
means pao1a1ly just 1efoae the dlose of 1usiness on Fe1 4. It dould 1e MT101 (1atdhed
payments) oa MT103 (single payments). When the 1ank sends a SWIFT message, the system
sends an “adk”, adknowledgement oa donfiamation. This “adk” deteamines the legal aesponsi1ility
of SWIFT to delivea the message to the intended paaty. Thus duaing the day, when the painteas
...
...