One of the biggest bank hacks of 2016 was the Bangladesh bank hack. The hackers successfully broke into the Central Bank of Bangladesh and stole nearly $1 Billion, of which $81m (£65.9m) still remains unrecovered.
Mohammad Shah Alam, a Bangladesh police deputy inspector general who is heading investigations in Dhaka, went into some detail about how insiders at Bangladesh Bank may have helped in the execution of one of the world’s biggest cyber-heists last February.
The suspect in this case are now considered to be IT technicians from the bank hooking up its transactions to the public internet, giving access to the hackers.
“There were a number of other things, which if the Bangladesh Bank people had not done, the hacking would not have been possible,” said Alam.
Alam said he was focusing on why a password token protecting the SWIFT international transactions network at Bangladesh Bank was left inserted in the SWIFT server for months leading up to the heist. It is supposed to be removed and locked in a secure vault after business hours each day.The failure to remove the token allowed hackers to enter the system when it was not being monitored, first to infect it with malware and then to issue fake transfer orders, he said.
Alam said that he was waiting for “specific information” on any communications between the suspects and the hackers, which may help further solidify the case.
No suspects have been named or arrested yet. The Bangladesh bank, Swift and the FBI, which also launched its own probe into the attack, are yet to comment on that matter.