[BreachExchange] Bangladesh Bank drops $81m cybertheft investigation due to cost of probe

[Inga Goddijn]

http://www.ibtimes.co.uk/bangladesh-bank-drops-81m-cybertheft-investigation-due-cost-probe-1567670

Bangladesh Bank has officially called to an end the forensic investigation
by cybersecurity firm Mandiant as the $81m (£55m, €66m) stolen by hackers
four months ago (February 2016) remains missing.

Mandiant, which is owned by US security firm FireEye
<https://www.fireeye.com/>, had been working on the case after being
contracted to find out how hackers were able to infiltrate the bank's
computer systems and file fraudulent money transfers
<http://www.ibtimes.co.uk/bangladesh-bank-hack-new-york-federal-reserve-missed-red-flags-before-101m-cyberheist-1564122>
with its account at the Federal Reserve Bank of New York.

According to Reuters
<http://uk.reuters.com/article/us-cyber-heist-bangladesh-idUKKCN0ZD0WL>,
Mandiant researchers had requested a contract extension that would have
allowed nearly 600 extra hours to complete its probe. However, this was
turned down by banking officials as the costs quickly mounted.

"It was a unanimous decision," Jamaluddin Ahmed, a director of the central
bank, told Reuters, adding that the Bangladesh bank had instead decided to
"take steps on its own" to improve security. Unnamed sources, who spoke on
condition of anonymity, said the cost of the investigation was a major
factor in choosing to end the contract.

The sources said Mandiant was paid roughly $280,000 (£213,000) for about
700 hours of work. However, while Mandiant would no longer be involved, the
banking sources did admit that it may still work alongside "external
experts" to get cybersecurity advice.

A spokesperson for Mandiant said: "We will continue to support law
enforcement and the industry past the close of our engagement."

Evidence from local investigators has revealed that – at the time of the
hack – cybersecurity protections at the bank were shockingly weak. As
previously reported, the financial institution was reportedly not using a
firewall
<http://www.ibtimes.co.uk/bangladesh-bank-cyberheist-was-hackers-dream-after-revelation-it-used-no-firewall-1556253>
and had purchased cheap routers to connect to Swift, the secure-messaging
system that links roughly 11,000 banks across the globe.

In February, as-yet-unknown cybercriminals accessed the Bangladesh bank's
computer network and made 35 transfer requests totalling $951m (€841m,
£647m) to the New York federal reserve. Five of these were eventually
passed, worth $101m – however, one transfer of $20m was later stalled due
to a spelling error on the request.

Most recently, Atiur Rahman, the former governor of the bank – who was
pressured to resign following the hacking controversy – criticised
<http://www.ibtimes.co.uk/former-bangladesh-bank-governor-slams-new-york-fed-failing-stop-81m-cyber-heist-1566929>
the American institutions for failing to stop the theft. "Bangladesh should
not be blamed for something going wrong in the chain," he claimed.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160627/4d40d708/attachment.html>