Typo Thwarts Hackers In $1B Cyber Heist

Uploaded on 2016-04-07 in NEWS-News Analysis, GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-Financial

It was just a few letters off: Someone misspelled “foundation” as “fandation” on an online payment transfer request.

But that simple typo helped stop hackers from getting away with a nearly $1 billion digital heist last month.

Hackers broke into the Bangladesh central bank’s computer systems in early February, according to the news service, which cited anonymous officials at the financial institution. The attackers stole the credentials needed to authorize payment transfers and then asked the Federal Reserve Bank of New York to make massive money transfers, nearly three dozen of them, from the Bangladeshi bank’s account with the Fed to accounts at other financial institutions overseas.

Four transfers to accounts in the Philippines, totaling about $80 million, worked. But then a fifth request, for $20 million to be sent to an apparently fictitious Sri Lankan nonprofit group, was flagged as suspicious by a routing bank because of the “fandation” error.

Bangladesh’s central bank was able to stop that transaction after the routing bank asked for confirmation. “The Sri Lankan bank did not disburse it immediately, and we could recover the full amount,” the central bank told the Financial Times.

The requests waiting to be processed, amounting to a total of between $850 million and $870 million, according to an unnamed official cited by Reuters, were also halted. So if it weren’t for that typo, the attackers might have escaped with a bigger payday.

Bangladesh’s finance minister has blamed the incident on the Federal Reserve and said his government will “file a case in the international court against” the financial institution, according to the Dhaka Tribune.

A New York Fed spokesman denied the accusation, telling The Washington Post in a statement that “there is no evidence of any attempt to penetrate Federal Reserve systems in connection with the payments in question” or that the institution’s systems were compromised. The spokesman said the payment instructions were “fully authenticated” using standard methods.

Washington Post: http://wapo.st/1TBueXJ

« Cybersecurity Budgets Rise But Not In Line With Threats
Is Breach Notification Part Of Your Response Plan? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

10Duke

10Duke

Identity management and entitlement solutions that help you connect to your online customers and drive engagement and revenue.

Arxan Technologies

Arxan Technologies

Arxan is a leader of application attack-prevention and self-protection products for Internet of Things (IoT), Mobile, Desktop, and other applications.

NetExtend

NetExtend

NetExtend services include backup and recovery, endpoint protection, network monitoring, cloud portal and billing and payment solutions.

Regulus Cyber

Regulus Cyber

Regulus enables drones, robots and autonomous vehicles to operate safely, without malicious or accidental interference to the operation of their mission.

VivoSecurity

VivoSecurity

VivoSecurity is a pioneer in cyber risk quantification based on data science. Our products and services help organizations achieve optimal information security and GRC programs.

Learning Tree International

Learning Tree International

Learning Tree's comprehensive cyber security training curriculum includes specialised IT security training and general cyber security courses for all levels of your organisation including the C-suite.

NAVEX Global

NAVEX Global

NAVEX Global’s compliance management system consolidates your entire GRC program onto a scalable cloud-based platform.

Acuant

Acuant

Acuant is a leading global provider of identity verification, regulatory compliance (AML/KYC) and digital identity solutions.

Malleum

Malleum

MALLEUM are specialists in penetration testing and security assessments. We think like hackers – and act like them – to disclose discreet dangers to your organization.

Cobalt Iron

Cobalt Iron

Cobalt Iron is a global leader in SaaS-based enterprise backup and data protection technology.

NuCrypt

NuCrypt

NuCrypt is developing technology that is applicable to ultrahigh security data encryption as well as key distribution.

Kennedys

Kennedys

Kennedys is a global law firm with expertise in litigation/dispute resolution and advisory services, particularly in the insurance/reinsurance and liability sectors, including cyber risk.

Flat6Labs

Flat6Labs

Flat6Labs is the MENA region’s leading seed and early stage venture capital firm, currently running the most renowned startup programs in the region.

Evolver

Evolver

Evolver delivers technology services and solutions that improve security, promote innovation, and maximize operational efficiency in support of government and commercial customers.

CyberMaxx

CyberMaxx

At CyberMaxx, our approach to cybersecurity provides end-to-end coverage for our customers – we use offense to fuel defense.

Francisco Partners

Francisco Partners

Francisco Partners provide capital, expertise, and support for growth-aspiring technology companies.