After blaming each other for one of the largest cyber-heists in history, the New York Federal Reserve Bank, Bangladesh’s central bank, and the SWIFT payment platform pledged Tuesday to work together to solve the crime and recover the $81 million that is still missing.
The still-unidentified hackers tried to make fraudulent transfers totaling $951 million from the Bangladesh Bank’s account at the Federal Reserve Bank of New York. Computer security experts believe the attackers modified the software that banks use to interface with SWIFT so they could make the transfers and hide the evidence.
New York Fed President William Dudley, Bangladesh Bank Governor Fazle Kabir, and representatives from SWIFT met in Basel, Switzerland, on Tuesday to discuss the early-February heist.
The parties “exchanged information about the cyber and physical vulnerabilities illustrated by this event” and “agreed to pursue jointly certain common goals: to recover the entire proceeds of the fraud and bring the perpetrators to justice, and protect the global financial system from these types of attacks,” they said in a joint statement after the meeting.
A senior official with Bangladesh Bank said the bank’s top priority was to secure close cooperation from all the parties involved. “Bangladesh Bank believes if the New York Federal Reserve were to intervene, it will be possible to retrieve the money,” the official told Reuters.
Of the $101 million that the cyber-thieves stole, about $20 million has so far been recovered. The FBI and Bangladesh police are among the groups investigating the breach.
Bangladesh Bank officials have said they believed SWIFT and the New York Fed bear some responsibility for the February cyber heist, saying SWIFT technicians introduced security holes into the bank’s network while connecting SWIFT to Bangladesh’s first real-time gross settlement system.
SWIFT responded that like any user of its system, the bank was “responsible for the security of its own systems interfacing with the SWIFT network and their related environment — starting with basic password protection practices.” According to Bangladesh police, the bank’s computer security measures were seriously deficient.
Photo: Nahid Sultan, via Wikimedia Commons, CC BY-SA 4.0