Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

USD 101 million stolen from a central bank last month by ‘cyber theft’

  • 15-03-2016 9:52am
    #1
    Impetus
    Registered Users, Registered Users 2 Posts: 1,667 ✭✭✭


    Cyber-thieves are believed to have deployed computer “malware” in their attempt to clone authorisation codes and transfer a total of about $1bn from Bangladesh Central Bank’s account with the New York Federal Reserve in early February.

    Attempts by hackers to withdraw another USD850 million were foiled in part because they misspelled the name of one of the recipients.

    http://www.bloomberg.com/news/articles/2016-03-15/bangladesh-central-bank-chief-says-ready-to-resign-over-heist

    It does not say much for the security of online banking. One assumes that transfers of this nature go directly over SWIFT, using multi-factor authentication, probably requiring multiple people to approve the transaction, and probably a phone call back to the paying bank to verify the payment due to the size of the transfer etc.


Comments

  • #2
    Refor1981
    Banned (with Prison Access) Posts: 20 Refor1981


    Impetus wrote: »
    Cyber-thieves are believed to have deployed computer “malware” in their attempt to clone authorisation codes and transfer a total of about $1bn from Bangladesh Central Bank’s account with the New York Federal Reserve in early February.

    Attempts by hackers to withdraw another USD850 million were foiled in part because they misspelled the name of one of the recipients.

    It does not say much for the security of online banking. One assumes that transfers of this nature go directly over SWIFT, using multi-factor authentication, probably requiring multiple people to approve the transaction, and probably a phone call back to the paying bank to verify the payment due to the size of the transfer etc.

    Do you think they'd have had more success if they tried to steal smaller amounts on a regular basis?


  • #3
    BigEejit
    Registered Users, Registered Users 2 Posts: 3,739 ✭✭✭BigEejit


    $81 million outstanding. Its more than likely the case that the receiving accounts were also hacked or had an inside man.


  • #4
    Impetus
    Registered Users, Registered Users 2 Posts: 1,667 ✭✭✭Impetus


    Refor1981 wrote: »
    Do you think they'd have had more success if they tried to steal smaller amounts on a regular basis?

    I don't know. They were caught on a name spelling error. I am sure that many people mis-spell the names of beneficiaries in SEPA and MT payments generally out of typo reasons. This guy is making an 850 million transfer and spells it 'Murphie' rather than 'Murphy'. Hardly an indication of fraud.

    If they put it through in say 10 x transactions of 85 million, I suspect that statistically they would be more likely to be caught with perhaps different people reviewing transactions, and the issue of why all these relatively big payments going into account x, with no long term history of transactions of this size.

    I know some banks ask really dumb questions regarding payments of a million or two being transferred by a rich customer with well established business links and a well documented family fortune. Even payments going to another account in the same name raise phone call inquiries before they are processed.

    In most cases it is a matter of not keeping all your eggs in one basket, and you are moving some of your savings to spread exposure among banks and asset classes. Basically you can't trust a bank with more than a million or so. A bank that will accept 850 million and not ask questions is unlikely to give much if any of the money back to you when you try and withdraw some.

    Also I would lock down a bank account (personal or corporate) with a large balance in terms of online banking, by making it view only - ie no online payments. Also if you are rich enough, you don't need to use the internet / cloud to transmit bank payments. You can get your own SWIFT terminal, running on a non-internet connected pc, with your own BIC and use it to communicate with the banks you deal with, over dedicated lines rather than the net. At the very minimum keep a virgin PC for banking only and nothing else, preferably one with a secure operating system, and a system where daily access is not by using a root password (eg admin).

    Ars reports that you can decrypt a TLS connection using Amazon EC2 servers in 8 hours at a cost of USD 440. ie a little over the price of a bitcoin. BTC1 = EUR 374 today - which is USD 415.

    http://arstechnica.com/security/2016/03/more-than-13-million-https-websites-imperiled-by-new-decryption-attack/


Advertisement