Scribd Logo
Carica

Benvenuto in Scribd!

  • 2016 Bangladesh Bank Heist

    Caricato da

    Ariel Mark Pilotin
    110 visualizzazioni5 pagine
    2016 Bangladesh Bank Heist -

    Copyright

    © © All Rights Reserved

    Formati disponibili

    PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    2016 Bangladesh Bank Heist -

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    110 visualizzazioni5 pagine

    2016 Bangladesh Bank Heist

    Caricato da

    Ariel Mark Pilotin
    2016 Bangladesh Bank Heist -

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 5

    7/18/2016 2016BangladeshBankheistWikipedia,thefreeencyclopedia

    2016BangladeshBankheist
    FromWikipedia,thefreeencyclopedia

    InFebruary2016,instructionstostealUS$951MillionfromBangladesh
    Bank,thecentralbankofBangladesh,wereissuedviatheSWIFTnetwork.
    Fivetransactionsissuedbyhackers,worth$101millionandwithdrawn
    fromaBangladeshBankaccountattheFederalReserveBankofNew
    York,succeeded,with$20MtracedtoSriLanka(sincerecovered)and
    $81MtothePhilippines.TheFederalReserveBankofNYblockedthe
    remaining30transactions,amountingto$850million,attherequestof
    BangladeshBank.[1]

    Contents
    TheFederalReserveBankofNew
    1 Background York
    2 Events
    2.1 AttemptedfunddiversiontoSriLanka
    2.2 FundsdivertedtothePhilippines
    3 Investigation
    3.1 Bangladesh
    3.2 Philippines
    3.3 UnitedStates
    3.4 Otherattacks
    4 Responsefromlinkedorganizations
    5 Ramifications
    6 References

    Background
    In2012,thePhilippinesloosenedrestrictionsonitsgamblingindustrydespiteoppositionfromtheCatholic
    Church.Afterthecountry'sgamblingindustrybenefitedfromChinesePresidentXiJinping'scampaignagainst
    corruption,whichdrovegamblersfurthersouthofMacau,[2]itscasinoslobbiedagainsta2012amendmentbythe
    PhilippineSenateofthe2001AntiMoneyLaunderingActthatrequiredthemtoreportsuspicioustransactions.
    SenatePresidentJuanPonceEnrilehadlobbiedfortheinclusionofcasinosinthescopeofthelaw.Atthattime,
    bigcasinofirmsinthePhilippinessuchastheCityofDreamshadnotyetbeenestablished.[3]

    Events
    Hackersorinsiders(itisnotyetclearwhich)attemptedtosteal$951millionfromtheBangladeshcentralbank's
    accountwiththeFederalReserveBankofNewYorksometimebetweenFebruary45whenBangladeshBank's
    officeswereclosed.TheperpetratorsmanagedtocompromiseBangladeshBank'ssystem,observehowtransfers
    aredone,andgainaccesstothebank'scredentialsforpaymenttransfers,whichtheyusedtosendaboutthree
    dozenrequeststotheFedBanktotransferfundstoSriLankaandthePhilippines.30transactionsworth$851
    millionwerepreventedbythebankingsystembutfiverequestsweregranted$20milliontoSriLanka(later
    recovered[4][5]),and$81millionlosttothePhilippines,enteringtheSoutheastAsiancountry'sbankingsystemon
    February5,2016.ThismoneywaslaunderedthroughcasinosandsomelatertransferredtoHongKong.
    https://en.wikipedia.org/wiki/2016_Bangladesh_Bank_heist 1/5
    7/18/2016 2016BangladeshBankheistWikipedia,thefreeencyclopedia

    AttemptedfunddiversiontoSriLanka

    The$20milliontransfertoSriLankawasintendedbyhackerstobesenttotheShalikaFoundation,aSriLanka
    basedprivatelimitedcompany.Thehackersmisspelled"Foundation"intheirrequesttotransferthefunds,spelling
    thewordas"Fundation".ThisspellingerrorgainedsuspicionfromDeutscheBank,aroutingbankwhichputahalt
    tothetransactioninquestionafterseekingclarificationsfromBangladeshBank.[6][4][7]

    SriLankabasedPanAsiaBankinitiallytooknoticeofthetransaction,withoneofficialnotingthetransactionas
    toobigforacountrylikeSriLanka.PanAsiaBankwastheonewhichreferredtheanomaloustransactionto
    DeutscheBank.TheSriLankanfundshavebeenrecoveredbyBangladeshBank.[4]

    FundsdivertedtothePhilippines

    ThemoneytransferredtothePhilippineswasdepositedinfiveseparateaccountswiththeRizalCommercial
    BankingCorporation(RCBC)theaccountswerelaterfoundtobeunderfictitiousidentities.Thefundswerethen
    transferredtoaforeignexchangebrokertobeconvertedtoPhilippinepesos,returnedtotheRCBCand
    consolidatedinanaccountofaChineseFilipinobusinessman[3][5]theconversionwasmadefromFebruary5to
    13,2016.[8]ItwasalsofoundthatthefourU.S.dollaraccountsinvolvedwereopenedattheRCBCasearlyasMay
    15,2015,remaininguntoucheduntilFebruary4,2016,thedatethetransferfromtheFederalReserveBankofNew
    Yorkwasmade.[8]

    InFebruary8,2016,duringtheChineseNewYear,BangladeshBankthroughSWIFTinformedRCBCtostopthe
    payment,refundthefunds,andto"freezeandputthefundsonhold"ifthefundshadalreadybeentransferred.
    ChineseNewYearisanonworkingholidayinthePhilippinesandaSWIFTmessagefromBangladeshBank
    containingsimilarinformationwasreceivedbyRCBConlyadaylater.Bythistime,awithdrawalamountingto
    about$58.15millionhadalreadybeenprocessedbyRCBC'sJupiterStreet(inMakatiCity)branch.[8]

    OnFebruary16,theGovernorofBangladeshBankrequestedBangkoSentralngPilipinas'assistanceinthe
    recoveryofits$81millionfunds,sayingthattheSWIFTpaymentinstructionsissuedinfavorofRCBCon
    February4,2016werefraudulent.[8]

    Investigation
    Bangladesh

    Initially,BangladeshBankwasuncertainifitssystemhadbeencompromised.GovernoroftheCentralbank
    engagedWorldInformatixCyberSecurity,aUSbasedfirm,toleadthesecurityincidentresponse,vulnerability
    assessmentandremediation.WorldInformatixCyberSecuritybroughtintheleadingforensicinvestigation
    companyMandiant,aFireEyecompanyfortheinvestigation.Thesecybersecurityexpertsfound"footprints"and
    malwareofhackerswhichsuggestedthatthesystemhadbeenbreached.Theinvestigatorsalsosaidthatthe
    hackerswerebasedoutsideBangladesh.AninternalinvestigationhasbeenlaunchedbyBangladeshBank
    regardingthecase.[4]

    TheBangladeshBank'sforensicinvestigationfoundoutthatmalwarewasinstalledwithinthebank'ssystem
    sometimeinJanuary2016,whichgatheredinformationonthebank'soperationalproceduresforinternational
    paymentsandfundtransfers.[8]

    Philippines

    https://en.wikipedia.org/wiki/2016_Bangladesh_Bank_heist 2/5
    7/18/2016 2016BangladeshBankheistWikipedia,thefreeencyclopedia

    ThePhilippines'NationalBureauofInvestigation(NBI)launchedaprobeandlookedintoaChineseFilipinowho
    allegedlyplayedakeyroleinthemoneylaunderingoftheillicitfunds.TheNBIiscoordinatingwithrelevant
    governmentagenciesincludingthecountry'sAntiMoneyLaunderingCouncil(AMLC).TheAMLCstartedits
    investigationonFebruary19,2016ofbankaccountslinkedtoajunketoperator.[8]AMLChasfiledamoney
    launderingcomplaintbeforetheDepartmentofJusticeagainstaRCBCbranchmanagerand5unknownpersons
    withfictitiousnamesinconnectionwiththecase.[9]

    APhilippineSenatehearingwasheldonMarch15,2016,ledbySenatorTeofistoGuingonaIII,headoftheBlue
    RibbonCommitteeandCongressionalOversightCommitteeontheAntiMoneyLaunderingAct.[10]Acloseddoor
    hearingwaslaterheldonMarch17.[11]PhilippineAmusementandGamingCorporation(PAGCOR)hasalso
    launcheditsowninvestigation.[4]

    UnitedStates

    FireEye'sMandiantforensicsdivisionandWorldInformatixCyberSecurity,bothUSbasedcompanies,are
    investigatingthehackingcase.Accordingtoinvestigators,theperpetrators'familiaritywiththeinternalprocedures
    ofBangladeshBankwasprobablyobtainedbyspyingonitsworkers.ThegovernmentofBangladeshis
    consideringsuingtheFederalReserveBankinabidtorecoverthestolenfunds.[4]

    Otherattacks

    Computersecurityresearchershavelinkedthethefttoasmanyas11otherattacks,andallegedthatNorthKorea
    hadaroleintheattacks,whichiftruewouldbethefirstknownincidentofastateactorusingcyberattackstosteal
    funds.[12][13]

    Responsefromlinkedorganizations
    TheRizalCommercialBankingCorporationsaiditdidnottoleratetheillicitactivity
    intheRCBCbranchinvolvedinthecase.LorenzoTan,RCBC'spresident,saidthat
    thebankcooperatedwiththeAntiMoneyLaunderingCouncilandtheBangko
    SentralngPilipinasregardingthematter.[14]Tan'slegalcounselhasaskedtheRCBC
    JupiterStreetbranchmanagertoexplaintheallegedfakebankaccountthatwasused
    inthemoneylaunderingscam.[15]

    RCBCPresidentLorenzoTanalsofiledanindefiniteleaveofabsencetogivewayto
    theinvestigationbytheauthoritiesonthecaseandtoclearhisnameintheissue.
    RCBC'sboardcommitteealsolaunchedaseparateprobeintothemoneylaundering
    scam.[16][17]HelenYuchengcoDee,daughterofRCBCfounderAlfonsoYuchengco, AtiurRahman,Governor
    willtakeoverthebank'soperations.Thebankalsoapologizedtothepublicforits ofBangladeshBankwho
    involvementintheheist. resignedfromhispostin
    responsetothecase.
    BangladeshBankchiefgovernorAtiurRahmanresignedfromhispostamidthe
    currentinvestigationoftheheistandmoneylaundering.HesubmittedhisresignationlettertoPrimeMinister
    SheikhHasinaonMarch15,2016.Beforetheresignationwasmadepublic,Rahmanstatedthathewouldresign
    forthesakeofhiscountry.[18]

    Ramifications
    https://en.wikipedia.org/wiki/2016_Bangladesh_Bank_heist 3/5
    7/18/2016 2016BangladeshBankheistWikipedia,thefreeencyclopedia

    ThecasethreatensthereinstatementofthePhilippinestotheblacklist,bytheFinancialActionTaskForceon
    MoneyLaundering,ofcountriesmakinginsufficienteffortsagainstmoneylaundering.[19]Attentionwasgiventoa
    potentialweaknessofPhilippineauthorities'effortsagainstmoneylaunderingafterlawmakersin2012managedto
    excludecasinosfromtherosteroforganizationsrequiredtoreporttotheAntiMoneyLaunderingCouncil
    regardingsuspicioustransactions.

    Thecasealsohighlightsthethreatofcyberattackstobothgovernmentandprivateinstitutionsbycybercriminals
    usingrealbankcodestomakeorderslookgenuine.SWIFThasadvisedBanksusingSWIFTAllianceAccess
    systemtostrengthentheircybersecuritypostureandensuretheyarefollowingSWIFTsecurityguidelines.
    Bangladeshisreportedlythe20thmostcyberattackedcountry,accordingtoacyberthreatmapdevelopedby
    KasperskyLabwhichrunsinrealtime.[20]

    References
    1.Schram,Jamie(22March2016)."Congresswomanwantsprobeofbrazen$81MtheftfromNewYorkFed".
    2.Alcuaz,Coco(10March2016)."PhilippineBankClaimsInnocenceInBangladeshFederalReserveMoneyLaundering
    Controversy".InternationalBusinessTimes.Retrieved11March2016.
    3.Ager,Maila(3March2016)."Senatetoprobe$100MlaunderingviaPH,saysOsmea".PhilippineDailyInquirer.
    Retrieved11March2016.
    4.Quadir,Serajul(11March2016)."Spellingmistakestopshackersstealing$1billioninBangladeshbankheist".The
    Independent.Retrieved13March2016.
    5.Byron,RejaulKarim(10March2016)."Hackers'bidtosteal$870mmorefromBangladeshcentralbankfoiled".Asia
    NewsNetwork(TheDailyStar).Retrieved11March2016.
    6."SriLankaninBangladeshcyberheistsaysshewassetupbyfriend".31March2016viaReuters.
    7."StorybehindShalikaFoundationCeylontoday.lk".
    8.Byron,RejaulKarimRahman,MdFazlur(11March2016)."HackersbuggedBangladeshBanksysteminJan".Asia
    NewsNetwork(TheDailyStar).Retrieved13March2016.
    9."RCBCmanager,othersfaceantimoneylaunderingcomplaint".Rappler.March5,2016.RetrievedMarch5,2016.
    10.Pasion,Patty(15March2016)."RCBCmanagerinvokesrightvsselfincriminationatSenateprobe".Rappler.Retrieved
    20March2016.
    11.Yap,CeciliaCalonzo,Andreo(17March2016)."Printererrorfoiledbilliondollarbankheist".SydneyMorningHerald.
    Retrieved20March2016.
    12.Shen,Lucinda(27May2016)."NorthKoreaHasBeenLinkedtotheSWIFTBankHacks".Fortune.Retrieved28May
    2016.
    13.Perlroth,NicoleCorkery,Michael(26May2016)."NorthKoreaLinkedtoDigitalAttacksonGlobalBanks".NewYork
    Times.Retrieved28May2016.
    14.Agcaoili,Lawrence(10March2016)."RCBCdeniesallegedmoneylaundering".ThePhilippineStar.Retrieved
    11March2016.
    15."Explain'fakeaccount,'RCBCchieftellsbranchmanager".ABSCBNNews.March13,2016.RetrievedMarch13,
    2016.
    16.DumlaoAbadilla,Doris(March23,2016)."RCBCchiefgoesonleaveamid$81Mdirtymoneyprobe".PhilippineDaily
    Inquirer.RetrievedMarch24,2016.
    17.Agcaoili,Lawrence(March23,2016)."RCBCpresidentgoesonleave".ThePhilippineStar.RetrievedMarch24,2016.
    18."Bangladeshcentralbankgovernorquitsover$81mheist".TheDailyStar/AsiaNewsNetwork.March15,2016.
    RetrievedMay11,2016.
    19.Remitio,Rex(3March2016)."Sen.Osmea:PHmaysufferifmoneylaunderingisproven".CNNPhilippines.
    Retrieved11March2016.
    20.Tweed,DavidDevnath,Arun(10March2016)."$1BillionPlottoRobFedAccountsLeadstoManilaCasinos".
    Bloomberg.Retrieved11March2016.

    Retrievedfrom"https://en.wikipedia.org/w/index.php?title=2016_Bangladesh_Bank_heist&oldid=729269384"

    Categories: Hackinginthe2010s 2016inBangladesh 2016inthePhilippines 2016ineconomics


    2016crimesinthePhilippines 2016crimesinBangladesh Accountingscandals Moneylaundering
    https://en.wikipedia.org/wiki/2016_Bangladesh_Bank_heist 4/5
    7/18/2016 2016BangladeshBankheistWikipedia,thefreeencyclopedia

    Cyberattacks

    Thispagewaslastmodifiedon11July2016,at02:13.
    TextisavailableundertheCreativeCommonsAttributionShareAlikeLicenseadditionaltermsmayapply.
    Byusingthissite,youagreetotheTermsofUseandPrivacyPolicy.Wikipediaisaregisteredtrademark
    oftheWikimediaFoundation,Inc.,anonprofitorganization.

    https://en.wikipedia.org/wiki/2016_Bangladesh_Bank_heist 5/5

    Potrebbero piacerti anche