Typo Thwarts Hackers In $1B Cyber Heist

Uploaded on 2016-04-07 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-Financial

It was just a few letters off: Someone misspelled “foundation” as “fandation” on an online payment transfer request.

But that simple typo helped stop hackers from getting away with a nearly $1 billion digital heist last month.

Hackers broke into the Bangladesh central bank’s computer systems in early February, according to the news service, which cited anonymous officials at the financial institution. The attackers stole the credentials needed to authorize payment transfers and then asked the Federal Reserve Bank of New York to make massive money transfers, nearly three dozen of them, from the Bangladeshi bank’s account with the Fed to accounts at other financial institutions overseas.

Four transfers to accounts in the Philippines, totaling about $80 million, worked. But then a fifth request, for $20 million to be sent to an apparently fictitious Sri Lankan nonprofit group, was flagged as suspicious by a routing bank because of the “fandation” error.

Bangladesh’s central bank was able to stop that transaction after the routing bank asked for confirmation. “The Sri Lankan bank did not disburse it immediately, and we could recover the full amount,” the central bank told the Financial Times.

The requests waiting to be processed, amounting to a total of between $850 million and $870 million, according to an unnamed official cited by Reuters, were also halted. So if it weren’t for that typo, the attackers might have escaped with a bigger payday.

Bangladesh’s finance minister has blamed the incident on the Federal Reserve and said his government will “file a case in the international court against” the financial institution, according to the Dhaka Tribune.

A New York Fed spokesman denied the accusation, telling The Washington Post in a statement that “there is no evidence of any attempt to penetrate Federal Reserve systems in connection with the payments in question” or that the institution’s systems were compromised. The spokesman said the payment instructions were “fully authenticated” using standard methods.

Washington Post: http://wapo.st/1TBueXJ

« Cybersecurity Budgets Rise But Not In Line With Threats
Is Breach Notification Part Of Your Response Plan? »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Integrity360

Integrity360

Integrity360 provide fully managed IT security services as well as security testing, integration, GRC and incident handling services.

EuroISPA

EuroISPA

EuroISPA is a pan European association of European Internet Services Providers Associations and the world’s largest association of ISPs.

Custodio Technologies

Custodio Technologies

Custodio Technologies was established as a Singaporean R&D Centre of Israel Aerospace Industries (IAI) in order to spearhead R&D activities in the field of cyber early warning.

BrainChip

BrainChip

BrainChip is the leading provider of neuromorphic computing solutions, a type of artificial intelligence that is inspired by the biology of the human neuron - spiking neural networks.

Cancom

Cancom

CANCOM group is one of the leading providers of IT infrastructure and IT services in Germany and Austria. Solution areas include network security.

ZecOps

ZecOps

ZecOps is a cybersecurity automation company offering solutions for servers, endpoints, mobile devices, and custom devices.

Presidio

Presidio

Presidio is a leading North American IT solutions provider focused on Digital Infrastructure, Business Analytics, Cloud, Security & Emerging solutions.

Axiata Digital Labs

Axiata Digital Labs

Axiata Digital Labs is the technology hub of Axiata Group Berhad Malaysia which is one of the leading groups in telecommunication in Asia.

GoTo

GoTo

At GoTo we help people and businesses to connect and collaborate simply and securely – from anywhere. We’re the trusted partner for companies of all sizes.

IGI Cybersecurity

IGI Cybersecurity

IGI Cybersecurity delivers people-driven cybersecurity for personalized, resilient cyber defense focused on individualized strategy and unshakeable partnership.

Tidelift

Tidelift

Tidelift provides the tools, data, and strategies that help organizations assess risk and improve the health, security, and resilience of the open source used in their applications.

Onwardly

Onwardly

For everyday folks tasked with implementing security and privacy. Do it faster with Onwardly - build, launch and scale your cyber resilience program in 30 minutes per week.

RADICL

RADICL

RADICL's mission is to give SMBs that serve America's Defense Industrial Base (DIB) access to strong, enterprise-grade cyber security protection.

StepSecurity

StepSecurity

StepSecurity provides a comprehensive security platform for GitHub Actions.

Charm Security

Charm Security

Charm Security is an AI-powered customer security platform that protects organizations and their customers from scams, social engineering, and human-centric fraud.

Prefactor

Prefactor

Prefactor was built because the problem of authenticating and authorizing users continues to be a battle engineers face globally.