Bangladesh Bank exposed to hackers by Second-hand $10 Switches and No Firewall

Investigators from the Forensic Training Institute of the Bangladesh investigated the $80 Million bank heist and discovered that the hackers managed to gain access to the network because the Bank was using second-hand $10 network switches without a Firewall to run its network.

Bangladesh's central bank was vulnerable to hackers because it did not have a firewall and used second-hand, $10 switches to network computers connected to the SWIFT global payment network, an investigator into one of the world's biggest cyber heists said.

The shortcomings made it easier for hackers to break into the Bangladesh Bank system earlier this year and attempt to siphon off nearly $1 billion using the bank's SWIFT credentials, said Mohammad Shah Alam, head of the Forensic Training Institute of the Bangladesh police's criminal investigation department.




"It could be difficult to hack if there was a firewall," forensic investigator Mohammad Shah Alam told Reuters.

The lack of sophisticated switches, which can cost several hundred dollars or more, also means it is difficult for investigators to figure out what the hackers did and where they might have been based, he added.

Experts in bank security said that the findings described by Alam were disturbing.

"You are talking about an organization that has access to billions of dollars and they are not taking even the most basic security precautions," said Jeff Wichman, a consultant with cyber firm Optiv.

Tom Kellermann, a former member of the World Bank security team, said that the security shortcomings described by Alam were "egregious," and that he believed there were "a handful" of central banks in developing countries that were equally insecure.

Kellermann, now chief executive of investment firm Strategic Cyber Ventures LLC, said that some banks fail to adequately protect their networks because they focus security budgets on physically defending their facilities.


Cyber criminals broke into Bangladesh Bank's system and in early February tried to make fraudulent transfers totaling $951 million from its account at the Federal Reserve Bank of New York.

Most of the payments were blocked, but $81 million was routed to accounts in the Philippines and diverted to casinos there. Most of those funds remain missing.

The police believe that both the bank and SWIFT should take the blame for the oversight, Alam said in an interview.


Bangladesh police have identified 20 foreigners involved in the heist but the police said the people appear to be those who received some of the payments rather than the hackers who initially stole the money.


Though the investigators are still scratching their heads to identify the hackers with no clue, the incident is a good reminder for financial institutions across the global to tighten up the security of their systems.




The owner of blogmytut.blogspot.com will not be liable for any errors or omissions in this information nor for the availability of this information. The owner will not be liable for any losses, injuries, or damages from the display or use of this information.Report any Broken Download link on Blogmytuts Facebook Page
Share on Google Plus

About Chucks

A Freelance Computer Tech with knowledge about computer, router and mobile phones, especially in Upgrade and Downgrade OS, Software and Hardware troubleshooting. fallow me at Google+
    Blogger Comment
    Facebook Comment

0 comments:

Post a Comment