Home ›› 06 Aug 2021 ›› Front
Top ICT professionals in the government and the Bangladesh Bank still cannot guarantee to prevent further reserve heists, although the central bank has undertaken multiple measures to protect the vault from cybercriminals.
The central bank brought all foreign transactions, including those with the New York Fed, under a three-layer monitoring system to foil any ill attempt from hackers, officials at the Bangladesh Bank (BB) said.
Besides, it isolated the Swift system, which is completely set apart from its other networks so that reserves cannot be stolen, or no malware is planted in the system by international cyber culprits.
A team of 65 engineers and 130 programmers are working for the BB to ensure the smooth operation of its automated ICT services.
“After the reserve heist, all transactions of the Bangladesh Bank with the New York Fed have come under a three-layer monitoring system so that any chance of the same scam cannot take place in the future,” Debdulal Roy, executive director (programming) of BB, told The Business Post.
“When the central bank issues instruction for any transaction with the New York Fed through the SWIFT system, the Fed puts it on hold. In the second layer, the BB official concerned sends an email to the New York Fed confirming the transaction, and in the third layer, the New York Fed confirms the BB official concerned over the phone about the transaction,” explained Debdulal.
The ICT Infrastructure Maintenance and Management Department of the Bangladesh Bank is working for a sustainable IT environment to ensure the smooth operation of automated ICT services.
Its Executive Director Muhammad Zakir Hasan said, “Now the Bangladesh Bank’s Swift system is completely isolated from the other networks of the central bank such as Real Time Gross Settlement (RTGS), Bangladesh Automated Clearing House and National Payment Switch.
“Our engineers segregated the SWIFT system from other network systems and strengthened its security with the help of a group of special officials of the BB’s Accounts and Budgeting Department,” Zakir added.
Hackers stole $101 million from the Bangladesh Bank’s account with the Federal Reserve Bank of New York on February 5, 2016, using fake orders in the SWIFT payment system.
The biggest-ever cyber heist in history happened because of malware in the BB’s Swift-RTGS system, which gave the hackers an entry into the central bank’s server.
Banks and financial institutions worldwide use the Society for Worldwide Interbank Financial Telecommunication (SWIFT) to transact among themselves in a secure, standardised and reliable environment.
BB’s SWIFT money transfer system was smooth till 2015, but later the system became insecure owing to a central bank decision to connect SWIFT with its RTGS in the year, according to an investigation report by the Farashuddin committee. The findings are yet to be formally published.
The report said the BB in 2015 connected its RTGS with the SWIFT system without any reason that left the SWIFT system insecure.
That connection eventually encouraged the hackers to steal from the BB reserves, said a committee member.
Muhammad Zakir Hasan said now no one would be able to break into the SWIFT system of the BB.
“But there is no guarantee that there will be no cyber attack further since hackers continuously try to enter our ICT infrastructure and we beat them continuously,” Zakir added.
Furthermore, e-Government Computer Incident Response Team (BGD e-GOV CIRT) under the ICT Division is receiving, reviewing and responding to computer security incidents and activities in Bangladesh. The agency is also maintaining a close collaboration with its international partners to keep the cyberspace of Bangladesh secure.
Contacted, Tarique M Barkatullah, project director of e-GOV CIRT, said now the IT security system of the Bangladesh Bank is much better than it was in 2016.
Echoing Zakir, Barkatullah said, “We are aware of the cybersecurity. But at the same time, hackers are developing new methods of hacking. As a result, we cannot ensure that there will be no more cyber scams in the future.”
Of the stolen money, $81m was transferred to four accounts with Rizal Commercial Banking Corporation in Manila and another $20m to a bank in Sri Lanka.
But the transfer of $20m to Sri Lanka failed because of a spelling error by the hackers. Later, the central bank retrieved about $15m from the Philippines.
The CID has not yet completed an investigation into the case filed by the Bangladesh Bank with the Motijheel Police Station following the reserve heist. It claimed that their probe is nearing completion, and it will soon file a charge sheet.
A committee led by former governor Dr Farashuddin submitted its report to the government on the heist in May 2016.
Cybersecurity expert Tanvir Hassan Zoha said five years have passed since the cyber heist, but the actual reason behind it remains unknown.
“We could learn the issues only through international newspapers. The stakeholders of the central bank should learn from the biggest reserve theft in history, but we do not know what they have learned,” he said.
