A spelling mistake in an online bank transfer instruction helped prevent a nearly $1 billion heist last month involving the Bangladesh central bank and the New York Fed, banking officials said.
Published : 10 Mar 2016, 10:49 PM
Reuters quoting officials says the hackers bombarded the Federal Reserve Bank of New York with nearly three dozen requests to move money from the Bangladesh Bank's account there to entities in the Philippines and Sri Lanka.
Four requests to transfer a total of about $81 million to the Philippines went through, according to the global news agency.
But a fifth, for $20 million, to a Sri Lankan non-profit organisation was held up because the hackers misspelled the name of the NGO, Shalika Foundation.
There is no NGO under the name of Shalika Foundation in the list of registered Sri Lankan non-profits.
Reuters could not immediately find contact information for the organisation.
Deutsche Bank declined to comment.
The recovered funds refer to the Sri Lanka transfer, which was stopped, one of the officials told Reuters.
Initially, the Sri Lankan transaction reached Pan Asia Banking Corp, which went back to Deutsche Bank for more verification because of the unusually large size of the payment, a Pan Asia official said.
"The transaction was too large for a country like us," the official said. "Then (Deutsche) came back and said it was a suspect transaction."
A Pan Asia spokesman could not immediately be reached for comment.
At the same time, the unusually high number of payment instructions and the transfer requests to private entities - as opposed to other banks - raised suspicions at the Fed, which also alerted the Bangladeshis, the officials told Reuters.
The details of how the hacking came to light and was stopped before it did more damage have not been previously reported.
Bangladesh Bank has billions of dollars in a current account with the Fed, which it uses for international settlements.
The transactions that were stopped totalled $850-$870 million, one of the officials told Reuters.
Last year, Russian computer security company Kaspersky Lab said a multinational gang of cyber criminals had stolen as much as $1 billion from as many as 100 financial institutions around the world in about two years.
Iraqi dictator Saddam Hussein's son Qusay took $1 billion from Iraq's central bank on the orders of his father on the day before coalition forces began bombing the country in 2003, American and Iraqi officials have said.
In 2007, guards at the Dar Es Salaam bank in Baghdad made off with $282 million.
The dizzying, global reach of the heist underscores the growing threat of cyber crime and how hackers can find weak links in even the most secure computer networks.
The Bangladesh government, meanwhile, is blaming the Fed for not stopping the transactions earlier.
Finance Minister Abul Maal Abdul Muhith told reporters last Tuesday that the country may resort to suing the Fed to recover the money.
"The Fed must take responsibility," he said.
The New York Fed has said its systems were not breached, and it has been working with the Bangladesh central bank since the incident occurred.