Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

Bangladesh heist perpetrators may never be identified

Reprints

(Reuters) — A former top U.S. intelligence official on cyber security has warned that government investigators may never be able to ascertain who carried out a cyber heist that led to the theft of $81 million from Bangladesh’s central bank in February.

Sean Kanuck, who was the most senior official in charge of cyber security at the Office of the Director of National Intelligence for five years until mid-May, told Reuters that there had been no official determination on who committed the cyber heist, one of the biggest ever.

“They may never be able to make one,” Mr. Kanuck said on the sidelines of the annual Shangri-La Dialogue, Asia’s premier security forum, held laste weekend in Singapore.

He said he had some knowledge of the case but was not directly involved in the probe.

Investigations into the heist are being coordinated by the U.S. Federal Bureau of Investigation. The authorities in Bangladesh, the Philippines and some other countries are also carrying out inquiries.

The hackers stole money from Bangladesh Bank’s account at the New York Federal Reserve. One fraudulent transfer to a Sri Lankan entity was reversed, but four transfers for a combined $81 million went to the Philippines and wound up being laundered through casinos and casino agents there.

Most of the money remains missing.

Mr. Kanuck said that he believed either an extremely sophisticated criminal group or a rogue nation carried out the theft.

BAE Systems has said malware used to erase the tracks of hackers in the Bangladesh Bank heist was similar to code used to attack Sony Corp. in 2014, a strike blamed by the FBI on North Korea.

“We have actually seen criminal enterprises that were able to bring together a range of capabilities, ranging from insider access to credentials, going through to people who were willing to go physically remove money from ATMs,” said Mr. Kanuck.

“There is a black market for different capabilities and you can actually assemble a team like in Ocean’s 11,” he said, referring to the Hollywood movie about a crime syndicate robbing Las Vegas casinos.

“On the other side of the table, you have a growing number of nation-states developing very broad capabilities to do different kinds of operations,” Mr. Kanuck said. “The water is very muddy, it’s very complex.”

Such states could be seeking to undermine the credibility of a central bank, or looking for hard currency funds, Mr. Kanuck added.

But Mr. Kanuck warned of deceptive signals from those involved in such a heist.

“An analyst or an investigator would need to consider that nation states may try to make their activity look like it’s the work of criminals,” he said.

“And criminals might also try to make their activity look like it’s the work of nation-states or even ideologically motivated cyber actors.”

Read Next

  • N.Y. Fed first rejected cyber-heist transfers, then moved the money

    (Reuters) — Hours before the Federal Reserve Bank of New York approved four fraudulent requests to send $81 million from a Bangladesh Bank account to cyber thieves, the Fed branch blocked those same requests because they lacked information required to transfer money, according to two people with direct knowledge of the matter.