Insiders at Bangladesh's Central Bank May Have Helped Cyber Steal $81 Million

Officials of Bangladesh Bank may have been involved in the brazen theft of $81 million from its own account with the New York Federal Reserve Bank in February, the head of a government-appointed panel investigating the cyber heist told reporters on Monday.

Hackers broke into the computer systems of the Bangladesh central bank and issued instructions through the SWIFT network to transfer $951 million of its deposits held at the New York Federal Reserve Bank to accounts in the Philippines and Sri Lanka.

Most of the transactions were blocked but four went through, amounting to $81 million that vanished from the account. Bangladesh initially blamed both the Fed and SWIFT for failing to detect the fraud at the time but are now changing their tune.

"Earlier we thought no one from Bangladesh Bank was involved, but now there is a small change," Mohammed Farashuddin, a former governor of the Bangladesh central bank, said, after handing his final report to the finance minister.

He declined to say what the change was or provide details of the report, but said its findings were different from a previous one that mainly held SWIFT responsible for one of the world's biggest cyber thefts.

Farashuddin added that SWIFT could not avoid all responsibility. He has earlier said SWIFT made a number of mistakes in connecting up a local network in Dhaka, the Bangladeshi capital, which SWIFT has denied.

Last week, cybersecurity researchers found the string of code that was used in the Bangladesh cyber hack was the same type used to hack into Sony Pictures in 2014 and South Korea in 2013. The FBI later blamed those cyberattacks on the North Korean government.

The cybersecurity firm Symantec found that the attackers are linked to the hacking group Lazerus, which has carried out destructive cyber attacks, mostly on US and South Korean targets, since 2009.

If North Korea was responsible for the hacks on banks via the SWIFT messaging network, it would represent the first time a country has stolen money in a cyber attack, a spokesperson for Symantec said last week.

SWIFT warned banks around the world to increase security precautions due to the digital heists and said they were looking into other possible incidents of fraud. SWIFT is a global network used by many international banks to exchange money and widely seen as the most secure global payment system.

Bangladesh Bank spokesman Subhankar Saha said its officials had yet to read the report or receive government instructions.

"The Bangladesh Bank management will follow all instructions given by the government," Saha told Reuters. "Actions will be taken as per instruction by the government if any central bank officials were found guilty."