$1 Billion in Bangladesh Bank Forex Cash Targeted By Criminals

The biggest bank robberies in the 21st Century are not carried out using sawn-off shotguns but with computer keyboards and technical expertise. In what’s described as one of the biggest bank heists of modern times, cyber criminals managed to steal US$81 million from Bangladesh’s central bank. A further $951 million was targeted in New York, where Bangladesh holds a substantial amount of its foreign exchange capital, used primarily for international settlements. The Federal Reserve Bank of New York blocked those transfers, however.


The robbery was carried out on Friday, February 5, the start of the weekend in predominantly Muslim Bangladesh. The following day Jubair Bin Huda, joint director for accounts at the bank, found he could not open the Swift financial transaction system, which gave the notification: ‘A file is missing or changed’. According to a report in the Financial Times, it took another two days for the bank to notice the errant transactions.


A total of 35 transaction orders had been placed. The majority were blocked but five orders, worth $101 million, were carried out. $20 million of that went to a single organisational account in Sri Lanka and was later recovered. A further $81m was paid into four separate accounts in the Philippines. According to the FT, this was purportedly designated for payments relating to Bangladeshi infrastructure payments, which included work on the Dhaka Metro, bridges, and a power station.


No such payments existed and the money began to be laundered through a Manila casino. A Times Live report described how a network of 19 people gambled over $30 million through the Solaire Resort & Casino in the Philippines capital. The report said that the $30 million was used to buy premium, non-negotiable chips and that the gang operated for five weeks before being stopped by Solaire on March 10. It’s expected that the Philippine Anti-Money Laundering Council will now ask the country’s Congress to include casinos as one of the institution types required to report suspicious transactions.


According to the FT report, the cyber criminals behind the robbery are likely to have been planning the theft for at least a year, as the four Sri Lankan accounts were opened in May 2015. It has since emerged that they were opened using fake driving licences as identity documents. The FT says that the as-yet unknown cyber criminals managed to plant malware in the Bangladesh bank’s computer systems. This malware cloned legitimate transactions and used these to create fake orders for the Forex cash.


The technical details of the theft are still under investigation. Bryce Boland, FireEye’s chief technology officer for Asia-Pacific, told the FT: “There’s a lot of ways you can steal money from a bank. The easiest way is to create a completely legitimate transfer and change the counterparties…We’ve seen malware for a number of years developed specifically to intercept the pass phrases that are used to unlock smart cards.”