Exclusive: Bangladesh Bank remains compromised months after heist – forensics report

Bangladesh heist linked to attack on Sony: BAE researchers
May 13, 2016
Bangladesh Bank heist similar to Sony hack; second bank hit by malware
May 13, 2016
This post was originally published on this site
Commuters pass by the front of the Bangladesh central bank building in Dhaka March 8, 2016. REUTERS/Ashikur Rahman/File Photo
Commuters pass by the front of the Bangladesh central bank building in Dhaka March 8, 2016.

Reuters/Ashikur Rahman/File Photo

Three hacking groups “are still lurking” in the network of Bangladesh’s central bank, putting the bank at risk of further attacks about three months after it lost $81 million in a cyber heist, according to a report by U.S. computer security firms investigating the theft.

“There are some residual risks that the governor and board should understand, namely that Bangladesh Bank network is still not secure, and there exists a possibility of malicious acts by hackers,” said the report from the experts hired by Bangladesh Bank, parts of which were seen by Reuters.

The source who shared the document declined to provide access to its full contents, saying that the release of some details could hamper a multinational effort to catch the criminals and recover funds stolen in the February cyber attack.

Bangladesh Bank has declined comment on pending investigations into the heist. Asked about the report, a spokesman said: “We have engaged forensic experts to investigate the whole thing, including this.” He did not elaborate.

Investigators have determined that one team of hackers, dubbed Group Zero in the report, was responsible for the heist and remained inside the network, the report stated. Group Zero may be seeking to monitor the ongoing cyber investigations or cause other damage, but is unlikely to be able to order fraudulent fund transfers, the investigators wrote.

Two other groups are also inside the bank’s network, which is linked to the SWIFT international transaction system, the report found. One of the two is a “nation-state actor” engaged in stealing information in attacks that are stealthy but “not known to be destructive”, the report said.

The report, which was submitted earlier this month, did not further identify any of the groups.

A spokeswoman for SWIFT said she was unable to comment on the report.

SWIFT warned on Thursday of a malware attack on a commercial bank it did not name, similar to the hack at Bangladesh Bank.

In February, hackers ordered fraudulent fund transfers from Bangladesh Bank’s account at the New York Federal Reserve via the SWIFT system, but the cooperative, owned by member banks and used by 11,000 financial institutions globally, has maintained that the messaging system it controls has not been compromised.

“Group Zero is the identified hacker group that has conducted the cyber attack” against Bangladesh Bank, the investigators said in the report, which they said was based on primary findings.

U.S.-based cyber-security firms World Informatix and FireEye Inc. have been hired by Bangladesh’s central bank to investigate the theft.

A spokesman for FireEye said the firm will not comment on the ongoing investigation. World Informatix could not immediately be reached for comment.

In the attack, the hackers sought to transfer $951 million from Bangladesh Bank’s account at the New York Fed.

Most of the transfers were blocked, but $81 million was sent to bank accounts in the Philippines in one of the largest cyber-heists in history. The money was quickly transferred through a remittance firm to casinos and casino agents and most remains missing.

In the report, the investigators said Group Zero mounted attacks on other banks, but did not elaborate.

The report said investigators knew little about a third group of hackers found inside the network, referred to as Group Two, except that they were using mostly commodity, or off-the-shelf hacking tools.

“Their motivations and activities are unknown, but could be unpredictable with media spotlight,” the report said, without elaborating further.

Bloomberg News reported on Tuesday that investigators had found evidence that two of the three hacker groups in the Bangladesh attack were from Pakistan and North Korea, citing people briefed on the bank’s investigation.

(Additional reporting by Jim Finkle in New York; editing by David Greising and Raju Gopalakrishnan.)