Official's computer hacked to carry out $81m Bangladesh Bank cyber heist

Bangladesh's ambassador to the Philippines admits bank was at fault over February attack

A hack of the computer of an official at Bangladesh Bank, the central bank of Bangladesh, provided the entry point for the attackers behind February's $81m cyber heist.

That is according to John Gomes, Bangladesh Ambassador to the Philippines, appearing before a panel investigating how the stolen money ended up in banks in Manila. The hackers, according to Gomes, were neither Filipino, nor Bangladeshi, and there has so far been no evidence that it involved anyone in Bangladesh.

Gomes' appearance before the panel follows an admission by Vietnam's Tien Phong Bank that it was the target of a similar attempted cyber heist using fraudulent SWIFT messages - the same technique used in February's Bangladesh Bank theft.

Gomes' evidence suggests that claims coming out of Bangladesh Bank that SWIFT security officials themselves were in some way responsible for weakening the bank's security, thereby facilitating the attack, are wrong.

The Philippines is currently updating regulations, both to improve cyber security in the country's banks, as well as to combat money laundering. The money stolen from Bangladesh Bank was routed through banks in the Philippines. Most remains missing.

The cyber heist is being investigated by SWIFT and specialists from BAE Systems, who claim that customised malware was used to perpetrate the attack - rather than insiders simply using privileged access.

"We've recently identified tools uploaded to online malware repositories that we believe are linked to the heist," wrote BAE Systems' Sergei Shevchenko in a blog post at the end of April.

He continued: "The custom malware was submitted by a user in Bangladesh, and contains sophisticated functionality for interacting with local SWIFT Alliance Access software running in the victim infrastructure.

"This malware appears to be just part of a wider attack toolkit, and would have been used to cover the attackers' tracks as they sent forged payment instructions to make the transfers. This would have hampered the detection and response to the attack, giving more time for the subsequent money laundering to take place.

"The tools are highly configurable and given the correct access could feasibly be used for similar attacks in the future."