Sometimes the best way to learn is from your mistakes, or at least someone else’s mistakes. The central bank of Bangladesh just gave all of us future bank owners a very important lesson — don’t skimp on network security.
Hackers managed to steal about $81 million from Bangladesh Bank thanks to the bank’s use of $10 network switches and a complete lack of firewalls, Reuters reported. It is one of the largest amounts stolen from a bank at once in history.
The theft happened in February when the hackers got into Bangladesh Bank’s systems, grabbed credentials, and then made dozens of requests from the Federal Reserve Bank of New York to move money from Bangladesh to accounts in the Philippines and Sri Lanka. The transactions were stopped because they made a typo, spelling “foundation” as “fandation,” which caused a routing bank to question the Bangladesh Bank.
If the hackers didn’t make that spelling error, they could have successfully stolen nearly $1 billion from the Bangladesh central bank, Reuters reported in March.
An investigation brought up the fact that Bangladesh Bank used very cheap network switches and had no firewall in place, making it incredibly easy for hackers to grab login credentials and the like. The bank’s system, which is essentially open to anyone who can get their hands on credentials, is connected to the SWIFT global bank payment network, which is a network that allows for high-value bank transfers.
According to Reuters, the police have knowledge of people who received the money from the central bank of Bangladesh but do not know the identities of the hackers. This is partially because of the bank’s cheap hardware — better network switches would have been able to trace exactly where the hackers were accessing the network from.
A bit more money spent on even a minor amount of security could’ve saved Bangladesh Bank over $80 million.