Printed from

Cyber heist shakes up Bangladesh banking system

Posted On: Mar. 15, 2016 12:00 AM CST

(Reuters) — Bangladesh’s central bank governor resigned on Tuesday over the theft of $81 million from the bank’s U.S. account, as details emerged in the Philippines that $30 million of the money was delivered in cash to a casino junket operator in Manila.

The rest of the money hackers stole from the Bangladesh Bank’s account at the New York Federal Reserve, one of the largest cyber heists in history, went to two casinos, officials told a Philippines Senate hearing into the scandal.

They said a mix of dollars and Philippine pesos was sent by a foreign exchange broker to the ethnic Chinese junket operator over several days, a haul that would have been made up of at least 780,000 banknotes.

Unknown hackers last month breached the computer systems of Bangladesh Bank and attempted to steal $951 million from its Fed account, which it uses for international settlements. They managed to transfer $81 million to entities in the Philippines.

Bangladesh Bank officials have said there is little hope of apprehending the perpetrators and recovering the money would be difficult and could take months.

In Dhaka, central bank governor Atiur Rahman said he had resigned to set an example in a country where there is little precedence of accountability and to uphold the image of the institution.

The government also fired two deputy governors of the bank, Finance Minister Abul Maal Abdul Muhith said, days after blaming it for keeping the government in the dark about the theft.

Mr. Rahman’s exit could be a blow to Bangladesh, a South Asian nation of 160 million. The country has been aspiring to reach middle-income status, and Mr. Rahman was seen as one of the driving forces helping Dhaka towards that goal.

Under the former development economics professor, the country’s foreign exchange reserves have increased four-fold to $28 billion, and he also sought to ensure farmers and women entrepreneurs had better access to banking services and credit.

Mr. Rahman defended his record at the central bank, saying he was proud of his achievements there.

He described the heist as an “earthquake” and said the bank had promptly informed intelligence agencies in Bangladesh and abroad and also brought in international experts to investigate.

FireEye Inc.’s Mandiant forensics division is helping investigate the cyber heist. The bank has also been in touch with the Fed and other U.S. authorities, including the Federal Bureau of Investigation and Department of Justice.

Trail ends at casinos

Bangladesh Bank is also working with anti-money laundering authorities in the Philippines, where it suspects the stolen $81 million arrived in four tranches.

The Philippines’ Rizal Commercial Banking Corp. said last week it was investigating deposits amounting to just that sum, which were made at one of its branches.

Teofisto Guingona, head of the Philippines Senate’s anti-corruption committee, told Reuters the transfers into RCBC were subsequently consolidated into one account and some of the money was converted to pesos.

CCTV cameras at the branch were not functioning when the money was withdrawn, RCBC’s anti-money laundering head, Laurinda Rogero, told the Senate hearing.

The president of a foreign exchange broker called Philrem Service Corp., Salud Bautista, told the Senate that her firm was instructed by the bank branch to transfer the funds to a man named Weikang Xu and two casinos.

She said that $30 million went to Mr. Xu in cash. Mr. Guingona has said Mr. Xu was ethnic Chinese and a foreigner, but he was not sure if he was a Chinese national.

A tranche of $29 million ended up in an account of Solaire, a casino resort owned and operated by Bloomberry Resorts Corp. Bloomberry is controlled by Enrique Razon, the Philippines’ fifth-richest man in 2015, according to Forbes.

Silverio Benny Tan, corporate secretary of Bloomberry Resorts, told the hearing that the $29 million was transferred into a casino account under Xu’s name in exchange for ‘dead chips’ that can only be cashed in from winnings.

Bautista said a further $21 million went to an account of Eastern Hawaii Leisure Co., a gaming firm in northern Philippines. Reuters tried several phone numbers to seek comment from Eastern Hawaii officials but was unable to reach any.

“Our money trail ended up at the casinos,” Julia Bacay Abad, executive director of the Anti-Money Laundering Council, told the open hearing.

She said her agency had frozen 44 accounts connected to the case and had requested assistance from the FBI.

Sen. Guingona said that because casinos are not covered by the country’s anti-money laundering laws it was not clear if the stolen funds could ever be recovered.

“The paper trail ends there. That is the problem,” he said. “Right now we are at a dead end.”