Bangladesh Bank heist: Hackers used bank’s $10 routers to steal $81M | BGR

This past February, some clever hackers pulled off a daring bank heist that was aided by a Bangladeshi bank’s decision to buy cheap second-hand $10 routers. In fact, the cheap routers let hackers get away with $81 million by giving them access to the secure computers that handle SWIFT monetary transactions and helping them hide their tracks.

Some 20 individuals who received payments from hackers have been identified so far but the masterminds of the attack have yet to be discovered. Even worse is the fact that most of the funds, which were routed to accounts in the Philippines and diverted to a local casino, are still missing.

According to Reuters, the head of the Forensic Training Institute of the Bangladesh police’s criminal investigation department revealed that security oversights from the bank helped hackers steal the money. Hackers took advantage of the $10 routers that had no firewalls to get into the bank’s system and were aided by the fact that the bank’s switches weren’t sophisticated enough to trace the hackers’ steps.

“You are talking about an organization that has access to billions of dollars and they are not taking even the most basic security precautions,” cyber firm Optiv consultant Jeff Wichman told Reuters.

Furthermore, the SWIFT servers inside the bank were on the same network with the rest of the banks’ 5,000 computers, rather than being on a walled, secondary one. Furthermore, the room that houses the SWIFT computers isn’t monitored by a bank employee at all times in spite of the sensitive nature of the activity that goes on in it. Instead, all transactions are automatically printed on a printer in the room.

Police believe that both the bank and SWIFT should take blame for the heist. The Belgian banking authority said that the heist only breached the Bangladesh Bank and not its secure messaging services. The bank stated that SWIFT officials only advised that a router upgrade is in order after the heist.

Source: Bangladesh Bank heist: Hackers used bank’s $10 routers to steal $81M | BGR

Advertisements

About steventorresramos

I have over (24) years of Computer Aided Drafting & Design experience and over (16) years of IT experience. After graduating high school I attended a Technical College and earned an Associate Degree in Drafting & Design. I then enrolled at the University of Puerto Rico where I earned an A.S. in Civil Engineering Technologies. While attending the Univ. of Puerto Rico I worked as a freelance Drafter for a variety of architects and engineers. During my senior year I began to work for the firm Planning Management & Development in Ponce, Puerto Rico. Two years later I was offered the position at Mario Corsino & Associates, which later became InterGroup a medium size Civil Engineering, Architectural and Planning firm in Bayamon, Puerto Rico. At InterGroup I became assistant chief drafter where I was responsible for 20+ drafters & civil techs, and this is also where I began my IT training. In 2000 I decided to move to St. Petersburg, FL where I was hired as CAD Manager at Advanced Engineering & Design a small Civil Engineering firm established in 1998. Currently still employed by Advanced Engineering & Design I’m now the CAD/IT Manager. I have also continued to expand my knowledge base in both the IT & CADD fields through continued training, certifications, and attending Autodesk University. I’m currently an Autodesk Certified Professional proficient in AutoCAD, Civil 3D and various other Autodesk products. I have been the President of the Tampa Bay Autodesk Users Group (TBAUG) since late 2007 and a member of Autodesk Users Group International (AUGI) since 1996. I have an A.S. Degree in Computer Networking , a Bachelors of Applied Science in Technology Management and currently finishing work on my Masters in Computer Information Systems. I’m a licensed drafter in the US Commonwealth of Puerto Rico, and a Microsoft Certified Professional. I hold certificates as a Microsoft Certified IT Professional: Server Administrator, Cisco Networking Associate Professional and Linux Administrator.
This entry was posted in Hacking, Interesting. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s