The cyber theft episode

The Bangladesh Bank (BB) is being criticised for suppressing information on hacking by cyber thieves for about a month. The BB came up with a statement on March 07 but did not disclose the amount of the stolen funds. A BB Deputy governor said the incident was kept secret for the sake of investigation and was shared with those who matter most. The BB came to know about the incident two days after the cyber attack on February 04. The central bank also maintained correspondence with the New York Fed and the central banks of the Philippines and Sri Lanka, the two destinations of the stolen money of $101 million. Given the magnitude and complexity of the crime, the BB appointed a renowned cyber security expert to lead the investigation.
The cyber expert is not ruling out the possibility of involvement of any internal forces. The Anti-Money Laundering Council is interrogating six persons for possible involvement in the cross-border electronic fraud and money laundering scheme. The Federal Bureau of Investigation (FBI) of the US has started investigation of dollar theft from the foreign exchange reserve of the BB. The central bank representatives met the FBI officials in the US embassy and informed them of the details. Cyber security agency FireEye of the US has started investigation. The government intelligence agencies are also looking into the matter.
An amount of $81 million has gone to Philippines out of which $46 million has found its place in a casino. This money was circulating in the casino for 20 days in February. The balance amount went out of the country. This incident in the BB is one of the biggest frauds.    According to the Philippines legal system, money earned in the casino becomes legal after payment of taxes.
All eyes are now on the local server. Footages of some closed circuit cameras of Bangladesh Bank are not available. Intelligence agencies are worried about this. Some experts are saying that it is not possible to steal money without involvement of local staff. Four persons might have been associated with this operation. Their names are not being disclosed at this stage. Investigation shows that there was firewall around. The effectiveness of firewall was suspended.
Experts are saying that such a big fraud is not possible without the involvement of concerned officials of the Bangladesh Bank. It is not possible to know the persons who worked at that time as closed circuit cameras were closed. It is said that there is no technology in Bangladesh to identify those who are responsible. There is no digital forensic lab in Bangladesh. Theft of reserve from the central bank is the first of its kind not only in Bangladesh but also in the world.
Law-enforcement agencies suspect involvement of 12 officials in the dollar theft from the BB. These officials are under surveillance. The plan for stealing money was made from within. The officials took the help of foreign hackers. The recent hacking reveals the weakness of the central bank's IT infrastructure and probable insider links.
Necessary instructions have been issued so that the suspects may not be able to flee. Intelligence agencies are working on a list of 12 persons. High-level RAB officials and IT experts held long meetings with the BB officials. Local experts believe that the event started from within the bank. Those who are connected with the fraud will be arrested. The finance minister said action will be taken against the Bangladesh Bank.
The BB governor stepped down on March 15 amid strong criticism over his handling of $101 million cyber theft. The banking secretary lost his portfolio. The government also decided to cancel the contracts of two deputy governors for their failure to prevent the cyber theft. The government thinks that the heist took place because of management failure in the payment system and the IT department.
The government has formed a three-member committee to probe the cyber theft. The committee will look into how illegal payment instructions were issued from the BB and to whom. It will also examine whether the steps taken by the central bank to prevent the payment were appropriate. The committee will also look into the reasons behind concealing information from the higher authorities. It will examine the possibility of getting back the stolen money. The Bangladesh Bank on Tuesday filed a case about the stolen money against unknown persons under the anti-money laundering law and the Information Technology Act.
Following enquiry, the culprits will be identified and punished but it is uncertain whether the stolen money will be returned to Bangladesh.
The writer is an economist and columnist.
[email protected]