One of the largest known bank thefts ever, where unknown hackers managed to get away with about $80 million, could have been much bigger if it wasn’t for a spelling mistake in an online bank transfer instruction. According to banking officials, the mistake helped prevent a $1bn heist in February involving the Bangladesh central bank and the New York Fed.
This is the story: the intruders hacked Bangladesh Bank’s systems, took its credentials for payment transfers and used them to bombard the Federal Reserve Bank of New York with multiple requests to move funds from the Bangladesh Bank’s account to entities in the Philippines and Sri Lanka. Of those requests, 4 went through, and about $81 million was moved to the Philippines. However, the 5th request for $20 million was held up because the thieves misspelled the name of the funds recipient, NGO Shalika Foundation, as “Fandation”. This mistake prompted a routing bank, Deutsche Bank, to clarify the issue with the Bangladesh central bank, which stopped the transaction, because Shalika Foundation was not in the list of registered non-profits in the country.
In the meantime, the Fed became suspicious due to the unusually high number of payment instructions and the transfer requests to private entities. As a result, the bank also alerted the Bangladeshis. The transactions that were stopped totaled nearly $860m, which means that Bangladesh Bank managed to recover some of the money that was stolen. The bank is also cooperating with anti-money laundering authorities in the Philippines in the attempt to recover the rest. The Bangladesh government blamed the Fed for not stopping the transactions earlier. Security experts found out that the attack originated from outside Bangladesh.
This is not the first case of the bank breaches of such a scale. For example, the computer security company Kaspersky Lab revealed back in 2015 that a multinational gang of cyber criminals managed to steal about $1bn from a hundred of financial institutions worldwide in about 2 years. Another example is Saddam Hussein’s son taking $1bn from Iraq’s central bank on the orders of his father before coalition forces began bombing the country a decade ago. Finally, back in 2007, guards at the Baghdad bank made off with $282 million.
lol massive fail
it does not pay to make spelling errors!