When the words “bank heist” come up pictures of
cowboys with bandannas over their faces recklessly holding up a financial
institution may spring to mind, or even the iconic image of Bonnie and Clyde
with their guns and classic car. There’s certainly a glamorous,
romantically rebellious element to the notion of heists and bank robbers, and
the outlaws involved in these crimes have long captured our attention.
The anarchical idea of someone living outside the law, escaping the
clutches of the authorities and amassing huge fortune has made for some great
stories and legendary movies, with an element of idolization and fascination
directed towards these criminals.
These days, bank heists have progressed far beyond the put-’em-up guerilla
attacks, and are now carried out online by advanced tech-whiz hackers and
digital criminals who steal identities and break into secure systems, from some
In February 2016, instructions to steal US$951 million from Bangladesh
Bank, the central bank of Bangladesh, were issued via the SWIFT network.
Five transactions issued by hackers, worth $101 million and withdrawn from
a Bangladesh Bank account at the Federal Reserve Bank of New York,
succeeded, with money sent to Sri Lanka and the Philippines. $20 million
traced to Sri Lanka
(The hackers misspelled “Foundation” in their request to transfer the
funds, spelling the word as “Fundation”. This spelling error gained
suspicion from a routing bank which put a halt to the transaction in question
after seeking clarifications from Bangladesh Bank.91112Sri
Lanka-based Pan Asia Bank initially took notice of the
transaction, with one official noting the transaction as too big for a country
like Sri Lanka. $81 million to the Philippines
(about $18 million recovered).1
The Federal Reserve Bank of NY blocked the remaining thirty transactions,
amounting to $850 million, at the request of Bangladesh Bank.2
The bank of
Bangladesh was definitely hacked; they were compromised about two weeks before
the theft. If there was an insider that assisted the attackers, that is
unclear. BCB may have been negligent in their Cyber Security posture. The hack
did originate outside of Bangladesh as reported by FireEye’s Mandiant division
which performed a forensic investigation. FireEye didn’t identify the hacker
group and simply described them as “FIN threat actors”, FIN standing for
Financial. Furthermore, FireEye did say that the same group is responsible for
other recent financial hacks based on digital footprints left behind. A malware
was used for the attack which captures credentials via MS office macros.
Credentials then were used to execute SWIFT transfers.
The hack may
have originated in China due to a Chinese national being tied to the crime and
that the laundered money eventually went to Hong Kong. I don’t believe that the
New York bank was hacked since the hackers already had access BCB and access to
both banks was not required to perform the fraudulent Society of Worldwide
Interbank Financial Telecommunication (SWIFT) transfers. It wouldn’t be worth
the effort/risk for the FIN threat actors to attack the BNY when they already
had essentially one billion at their fingertips.
the probability of the heist succeeding the launderers involved would have
sought out cooperation or at least felt comfortable working with the Rizal Commercial
Banking Corporation (CRBC), casinos (Solaire and
Eastern Hawaii Leisure) and the exchanger Philrem. CRBC is at the top of the
list since Maia Santos-Deguito, manager and other management of RCBC’s branch
on Jupiter Street in Makati looks pretty guilty as she is accused of forging
Go’s signature for P20mil and managed the four fraudulent accounts used in the
heist. Furthermore, the thieves would have wanted to be confident that the
branch would have enough cash in their vault that day to handle the
disbursement or they would have risked a catastrophic delay. This same logic
applies to the exchanger Philrem as well. I would be curious what the normal
day to day operating cash on hand is for these institutions.
and BCB computer forensic reports may hold more key information on the hack. If
the hackers know what they are doing, covered up their tracks, and already left
the network it is very unlikely that there will be attribution. It is not
uncommon for black hats to stay out of the money trial. Sometimes hackers will
get paid a set fee upfront or once they compromise systems/information they
sell it to a 3rd party. I do not know if that’s the case but it is a possibility.
Hackers prefer to use e-commerce currency like bitcoins for untraceable
anonymous money laundering and since they chose to do it the old fashioned way
that lends to my theory. If the hackers themselves were involved in the money
laundering they would have at least in part used bitcoin and other e-currencies
to acquire some of the money.
In closing, simple common sense and someone saying
wait something doesn’t look right is what changed a 1b heist into just 80mil.
How important speed and timing comes into play with electronic transfers is in
deep contrast to hours of loading gold, jewels and cash onto trucks. The most
manual part of this heist was exchanging gambling chips at the casino. Imagine
what heists may look like 10 years from now, gone are the days of the Wells