Investigators suspect unknown hackers managed to install malware in the Bangladesh central bank's computer systems and watched, probably for weeks, how to go about withdrawing money from its US account, two bank officials say.
More than a month after hackers breached Bangladesh Bank's systems and attempted to steal nearly US$1 billion (NZ$1.48 billion) from its account at the Federal Reserve Bank of New York, cyber security experts are trying to find out how the hackers got in.
FireEye Inc's Mandiant forensics division is helping investigate the cyber heist, which netted hackers more than US$80 million before it was uncovered.
Investigators now suspect the malware that allowed hackers to learn how to withdraw the money could have been installed several weeks before the incident, which took place between February 4 and February 5, the officials said on Friday. They were caught after bank staff noticed a spelling mistake and the sheer number of transactions.
The US$80 million was the total of four transfers to the Philippines. A fifth, for US$20 million to a fake Sri Lankan non-profit organisation, was held up because the hackers misspelled "foundation" as "fandation".
This prompted a routing bank, Deutsche Bank, to seek clarification with the Bangladesh central bank, who stopped the transaction.
Investigators suspect the attack was sophisticated, describing the use of a "zero day" and referring to an "advanced persistent threat", the officials said. A zero day is a vulnerability in software that has yet to be identified or patched. Hackers leverage this hole to plant malware on the target computer.
Advanced persistent threat is a long-term attack on a system, where hackers remain inside the target, for months, and sometimes even years.
So far investigators have not found any proof of involvement of the central bank staff in Bangladesh, one of the officials said, but added that the probe was continuing.
Reuters / Newshub.
