Typo Thwarts Hackers In $1B Cyber Heist

Uploaded on 2016-04-07 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-Financial

It was just a few letters off: Someone misspelled “foundation” as “fandation” on an online payment transfer request.

But that simple typo helped stop hackers from getting away with a nearly $1 billion digital heist last month.

Hackers broke into the Bangladesh central bank’s computer systems in early February, according to the news service, which cited anonymous officials at the financial institution. The attackers stole the credentials needed to authorize payment transfers and then asked the Federal Reserve Bank of New York to make massive money transfers, nearly three dozen of them, from the Bangladeshi bank’s account with the Fed to accounts at other financial institutions overseas.

Four transfers to accounts in the Philippines, totaling about $80 million, worked. But then a fifth request, for $20 million to be sent to an apparently fictitious Sri Lankan nonprofit group, was flagged as suspicious by a routing bank because of the “fandation” error.

Bangladesh’s central bank was able to stop that transaction after the routing bank asked for confirmation. “The Sri Lankan bank did not disburse it immediately, and we could recover the full amount,” the central bank told the Financial Times.

The requests waiting to be processed, amounting to a total of between $850 million and $870 million, according to an unnamed official cited by Reuters, were also halted. So if it weren’t for that typo, the attackers might have escaped with a bigger payday.

Bangladesh’s finance minister has blamed the incident on the Federal Reserve and said his government will “file a case in the international court against” the financial institution, according to the Dhaka Tribune.

A New York Fed spokesman denied the accusation, telling The Washington Post in a statement that “there is no evidence of any attempt to penetrate Federal Reserve systems in connection with the payments in question” or that the institution’s systems were compromised. The spokesman said the payment instructions were “fully authenticated” using standard methods.

Washington Post: http://wapo.st/1TBueXJ

« Cybersecurity Budgets Rise But Not In Line With Threats
Is Breach Notification Part Of Your Response Plan? »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

RioRey

RioRey

The DDoS mitigation specialist, from single server to Enterprise wide carrier level networks the RioRey Solution provides effective immediate and easy to manage protection.

SI-CERT

SI-CERT

SI-CERT (Slovenian Computer Emergency Response Team) is the national cyber scurity incident response center for Slovenia.

Sandline Discovery

Sandline Discovery

Sandline Discovery provides digital forensics, eDiscovery solutions, managed review and litigation consulting services.

Indusface

Indusface

Indusface offers best website security, web application firewall and SSL certificate to keep your online business much safer.

National Cyber Security Centre (NCSC) - Ireland

National Cyber Security Centre (NCSC) - Ireland

The National Cyber Security Centre (NCSC) is the operational side of the Department of Communications in regard to network and information security in the Republic of Ireland.

Miratech

Miratech

Miratech is a global IT services and consulting organization offering a full range of IT infrastructure solutions and services including cyber security.

NetSecurity

NetSecurity

NetSecurity is a Brazilian company specializing in Information Security. We provide Managed Security Services (MSS), network security solutions and other specialist services.

Ultratec

Ultratec

Ultratec provide a range of data centric services and solutions including data recovery, data erasure, data destruction and full IT Asset Disposal (ITAD).

IGI Cybersecurity

IGI Cybersecurity

IGI Cybersecurity delivers people-driven cybersecurity for personalized, resilient cyber defense focused on individualized strategy and unshakeable partnership.

Quantum Ventura

Quantum Ventura

Quantum Ventura is a technology innovation company with a single mission of delivering customer-centric advanced solutions to US Federal & State Governments and Private Sector customers.

Paramount Defenses

Paramount Defenses

Paramount Defenses have unrivaled capability in two of the most critical areas in cyber security today – Active Directory Security and Privileged Access.

Precision Cybertechnologies & Digital Solutions (Precision-Cyber)

Precision Cybertechnologies & Digital Solutions (Precision-Cyber)

Precision-Cyber was founded on the philosophy of state-of-the-art cybersecurity and digital solutions. Our guiding principle is simply that we will provide and secure all your digital needs.

CoGuard

CoGuard

CoGuard is a patented solution that uses AI driven automation to provide fast, cost effective white-box penetration testing, infrastructure audits and infrastructure design services.

Bestman Solutions

Bestman Solutions

As a specialist cyber security practice, we believe that people are an organisation’s most valuable asset. Success depends on hiring the right people, and this is where we come in.

InfoSight

InfoSight

InfoSight offers proven Cyber Security, Regulatory Compliance, Risk Management and Infrastructure Solutions to protect your business and your customers from cyber crime and fraud.

Hexagate

Hexagate

Hexagate is at the forefront of blockchain threat prevention and automated risk management, proactively detecting and mitigating threats to smart contracts and onchain assets.