Bangladesh Bank decides not to sue SWIFT over February's cyber heist

Bank that lost $81m in targeted attack reverses plans to sue payments network SWIFT and its own bankers

Bangladesh Bank, the central bank that lost $81m in one of the world's biggest cyber heists earlier this year, has decided against suing the global payments network SWIFT and its own bankers, The New York Federal Reserve.

Instead, it hopes to use the assistance of SWIFT, along with diplomatic help from the Philippines government, in order to recover its losses.

"At the moment we have no plan to go for any legal action against the Fed bank or SWIFT; rather, we will seek their assistance," Subhankar Saha, a spokesman for Bangladesh Bank, told Reuters.

The announcement was made just ahead of meetings in New York today between the bank, the New York Federal Reserve and SWIFT. It also follows a pledge of support earlier this month from the Philippines' new government, who committed to returning the funds stolen from Bangladesh Bank, which had been exfiltrated via accounts held with banks in the Philippines.

The shift in attitude also comes after the New York Federal Reserve last week published its standard contract with correspondent banks, for whom it executes international bank transfers, which quite clearly places the burden of preventing and reporting security breaches on the shoulders of client banks, such as Bangladesh Bank.

The central bank was hit in an audacious cyber heist in February this year by a gang that penetrated the organisation's lackadaisical security and used malware and the cover of a long weekend in order to set up a series of transfers totalling $951m.

However, due to a basic typographical error, the series of transfers were stopped after ‘just' $101m had been sent. Some $20m was returned straight away, while another sum has been frozen in banks in the Philippines. According to Reuters, the money that the crooks were able to get their hands on was then laundered via casinos in the capital Manila.

SWIFT, meanwhile, has threatened to stop banks from using its systems if their security is not up to standard.

It has been conjectured that the attacks, which required a reasonable working knowledge of the SWIFT software and proprietary network, was the work of nation-state attackers working for North Korea's secretive ‘Office 39' illegal activities organisation.