Bangladesh’s central bank was robbed of $80 million after hackers discovered that the institution failed to implement a firewall and was using seond-hand, $10 switches to connect its computers to the SWIFT global payment network.
The lack of security and outdated routers allowed hackers to easily penetrate the system and walk away with $80 million.
The hackers attempted to siphon at least $1 billion using the bank’s own SWIFT credentials.
This hack may have been prevented if the Bangladesh bank had purchased several sophisticated switches which only cost several hundred dollars.
Because of the lack of sophisticated monitoring systems investigators say it may be hard if not impossible to track down the hackers.
SWIFT has previously said the attack was related to an internal operational issue at Bangladesh Bank and that SWIFT’s core messaging services were not compromised.
A spokesman for Bangladesh Bank said SWIFT officials waited until after the heist to recommend that the bank upgrade its switches.
Hackers penetrated the bank’s systems and tried to make fraudulent transfers in the amount of $951 million from its account at the Federal Reserve Bank of New York in early February.
The hackers made out with $81 million which they routed to the Philippines and then diverted to casinos. Most of that money is still missing.
Bangladesh police say they have identified 20 foreigners involved in the heist. Officials say those people received money but don’t appear to have been involved in the actual hack.
Experts believe other deficiencies may have contributed to the hack, including the bank’s inability to wall off the SWIFT system from the rest of its network. Creating a “walled garden” would have required more expensive switches that can create different network paths.
An investigation is still ongoing.