Bangladesh police detail suspicions of inside help in bank heist

[DHAKA] A top investigator into the electronic theft of US$81 million from the Bangladesh central bank is turning his attention to some IT technicians from the bank whom he suspects hooked up its transactions system to the public Internet, giving hackers access.

In a series of interviews this month, Mohammad Shah Alam, a Bangladesh police deputy inspector general who is heading investigations in Dhaka, went into some detail about how insiders at Bangladesh Bank may have helped in the execution of one of the world's biggest cyber-heists last February.

For instance, Mr Alam said he was focusing on why a password token protecting the SWIFT international transactions network at Bangladesh Bank was left inserted in the SWIFT server for months leading up to the heist. It is supposed to be removed and locked in a secure vault after business hours each day.

The failure to remove the token allowed hackers to enter the system when it was not being monitored, first to infect it with malware and then to issue fake transfer orders, he said.

Mr Alam's comments follow months of assertions by Bangladesh authorities that central bank officials were guilty of nothing more than negligence in the heist, in which hackers moved money out of the bank's account at the Federal Reserve Bank of New York and sent it to individual accounts in the Philippines.

Reuters could not independently confirm Mr Alam's claims. He declined to name any of the suspects.

No one has been arrested and Mr Alam did not provide any further evidence to back up his assertions.

Bangladesh Bank spokesman Subhankar Saha declined comment on the investigation. He said the bank has not been told of any plans to detain any of its employees.

The US Federal Bureau of Investigation, among the agencies involved, had no comment on Mr Alam's claims. Interpol was not available for comment.

A spokeswoman for SWIFT declined to comment.

Nearly 11 months since the audacious robbery that undermined confidence in the global SWIFT transactions system and sent tremors through the global financial community, there is no sign if any of the half-a-dozen investigating agencies involved are close to cracking the case.

No suspects in the Bangladesh central bank had been arrested, Alam said, because investigations were incomplete. They were under watch and their movements monitored, but he was awaiting "specific information" on any communications they may have had with the hackers or with those who received the funds.

Help has been sought from police in the Philippines, Japan, Sri Lanka and China, countries where the hackers are believed to have links, he said.

Bangladesh police had previously blamed a group of contractors hired by the SWIFT transactions network for making its computer system vulnerable, a charge denied by the Belgium-based cooperative.

Mr Alam said the investigation had instead shown that central bank IT technicians were most likely to have provided the inside help. Asked if he had any proof, he said: "There were a number of other things, which if the Bangladesh Bank people had not done, the hacking would not have been possible." Mr Alam said he believed the IT technicians connected the Bangladesh central bank's SWIFT network to the public Internet last year while linking the network to the bank's domestic payments system, the Real Time Gross Settlement System (RTGS). SWIFT is used only for international transactions.

Linking it to the Internet made the highly secure network accessible from any outside computer.

The work on linking SWIFT to the RTGS was supervised by SWIFT contractors but carried out by Bangladesh Bank technicians, Mr Alam and a bank official said.

It was not known who was responsible for leaving the token that was supposed to protect the SWIFT system inserted in the server, Alam added.

At least half-a-dozen bank officials shared responsibility for safekeeping of the token, he said.

Once in the system, the hackers introduced six types of malware which captured keystrokes and screenshots and also delayed detection of fraudulent transactions, according to a report by Fireye Inc's Mandiant forensics division, which investigated the heist.

REUTERS