SWIFT
rejects Bangladeshi claims in cyber heist, police stand
firm
Send a link to a friend
[May 10, 2016]
By Jim Finkle and Sanjeev Miglani
(Reuters) - SWIFT has rejected allegations
by officials in Bangladesh that technicians with the global messaging
system made the nation's central bank more vulnerable to hacking before
an $81 million cyber heist in February.
|
The comments were in response to a Reuters story that cited
Bangladeshi police and a central bank official as saying that SWIFT
technicians introduced security holes into the bank's network while
connecting SWIFT to Bangladesh's first real-time gross settlement (RTGS)
system.
"SWIFT was not responsible for any of the issues cited by the
officials, or party to the related decisions," the Brussels-based
bank-owned cooperative said in a statement posted on its website on
Monday.
"As a SWIFT user like any other, Bangladesh Bank is responsible for
the security of its own systems interfacing with the SWIFT network
and their related environment – starting with basic password
protection practices – in much the same way as they are responsible
for their other internal security considerations," the statement
said.
But Bangladesh's main police investigator maintained there were
loopholes in the way SWIFT carried out the integration of its
network with the RTGS platform that left the central bank's computer
systems vulnerable to hackers.
Mohammad Shah Alam, the head of the criminal investigation
department of the Bangladesh police, said the probe had identified
specific deviations from set procedures that compromised Bangladesh
Bank's security.
"We stand by our investigation," he said in response to the comments
by SWIFT. But he added he did not want to engage in a debate and
urged greater international cooperation to identify the culprits
behind one of the world's biggest cyber thefts.
Reuters has not been able to independently verify the allegations by
Bangladeshi officials about the SWIFT technicians.
U.S. investigators suspect the involvement of employees of the
Bangladesh Bank in helping the hackers breach the systems, the Wall
Street Journal said, quoting people familiar with the matter.
It said the Federal Bureau of Investigation had found evidence that
at least one bank employee acted as an accomplice but there could be
more who assisted the hackers in navigating around Bangladesh Bank's
computer systems.
[to top of second column] |
NO SHARING OF EVIDENCE
Bangladesh police said they have been looking for inside involvement
in the heist from the beginning of the probe, but no evidence has
turned up against anyone.
Investigators say they think there was some level of local
facilitation in the attack on the central bank's computers but
haven't identified it as yet.
"If the FBI has uncovered evidence, they should share with us," a
police officer said.
The revelations came ahead of a meeting on Tuesday in Basel,
Switzerland, where Bangladesh Bank officials have said their
governor and a lawyer appointed by the bank would discuss recovery
of about $81 million stolen by hackers with the head of the Federal
Reserve Bank of New York and a senior executive from SWIFT.
The money was stolen from Bangladesh Bank's account at the New York
Fed through fraudulent transfer orders sent on the SWIFT system.
SWIFT's statement said it "looks forward to the meeting with
Bangladesh Bank and New York Federal Reserve Bank officials in Basel
on 10th May, when the bank’s security issues and these baseless
allegations will be discussed."
Bangladesh Bank officials have said they believed SWIFT, and the New
York Fed, bear some responsibility for the February cyber heist.
(Additional reporting by Serajul Quadir in DHAKA; Editing by Toni
Reinhold and Raju Gopalakrishnan)
[© 2016 Thomson Reuters. All rights
reserved.] Copyright 2016 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed. |