One of the best ways to learn in the world is from your mistakes. Or how about someone else’s mistakes? The Bank of Bangladesh mistakes is giving all current and future bank owners lessons on how not to skimp on your network security through its mistakes.
Thanks to the complete lack of firewalls in the bank’s system and use of $10 network switches, hackers managed to steal around $81 million from the Bangladesh Bank, reports say. The case is unique and it makes it the largest amount was stolen from the bank all at once in bank’s history.
The theft, which happened back in February was only stopped thanks to a spelling mistake the hackers made, where they spelt the word ‘foundation’ as ‘fandation’. This caused the routing bank to suspect the transaction and question the Bangladesh Bank. Hackers got into the Bangladesh Bank’s systems and managed to take credentials, which enabled them to make countless requests to the Federal Reserve Bank of New York, one of the banks that Bangladesh uses to store its foreign currency reserve. They wanted the money to be moved to accounts in Sri Lanka and the Philippines from Bangladesh accounts when they made the mistake.
Reports claim that if there had been no spelling mistake then the hackers would have successfully stolen more than $1 billion from Bangladesh.
As expected an investigation was ordered which revealed that the Bangladesh Bank had introduced very weak and cheap network switches, without any firewall in place, which made it incredibly easier for the hackers to get the login credentials they needed to get into the accounts. The bank’s system, open to anyone who has got their hands on the credentials, is connected to the SWIFT global bank payment network, which is a network that allows for high-value bank transfers.
Police know the people who received the money from the bank, but they do not know who the hackers are. This might be due to the bank’s cheap hardware because better network switches would be able to trace exactly where the hackers were accessing the network from.
Just a small amount of money invested in their security would have helped the Bangladesh Bank from saving $80 million.