The central bank of Bangladesh lost $81M in a digital heist whose perpetrators have not been caught, thanks in large part to the bank's decision to run its computers without a firewall, and to run networking with second-hand cheapie routers it sourced for $10 each.
The hackers almost got $1B, but made a spelling mistake on a transfer order tipped off bank personnel, interrupting the hack.
The cheap routers were unable to segment the private and public-facing functions of the bank's IT, and kept minimal logs, which hampered forensic investigations.
The money was transferred to private accounts and casino accounts in the Philippines, from which much of it has yet to be recovered.
The hack took place in early February and involved hackers getting access to the core network of Bangladesh's central bank. They used this privileged access to transfer cash from Bangladesh's account at the Federal Reserve Bank of New York to other banks.
A spelling mistake in one of the transfer orders alerted bank staff and meant the hackers only managed to steal $81m. This has been traced to accounts in the Philippines and to casinos in the same country. Most of the cash has yet to be recovered.
Bank security experts said the bank should have spent more time and money protecting the network for its central bank.
"You are talking about an organisation that has access to billions of dollars and they are not taking even the most basic security precautions," Jeff Wichman, a consultant with cyber firm Optiv, told Reuters.
$10 router blamed in Bangladesh bank hack
We got one of these gadgets from The Lakeside Collection and it broke on the first use. It turns out the screw neck is made of the cheapest plastic known to man and is doomed to failure upon contact with anything harder than snow, such as ice, wipers, mirrors, roofracks, antennas, and so on. Worse, […]
It’s a very expensive wee gadget, the Teenage Engineering OP-1 [Amazon link; a used one from eBay is much cheaper]! Yuri Wong is an expert with its sampling and sequencing tools, and this video he uploaded is a fascinating illustration of how powerful and approachable they are. Download the mp3: https://gum.co/imadude [Logic Project download link […]
In the wake of this week's Motherboard scoop that the major US carriers sell customers' location data to marketing companies that sell it on to bounty hunters and other unsavory characters, Google has disclosed that they have told the carriers that supply service for its Google Fi mobile virtual network operator (MVNO) that they expect […]
These days, there isn’t much our iPhone camera can’t do – except feel like an actual phone. Despite years of steadily increasing resolution and image sensing technology, we’re still taking shots awkwardly with two hands, fumbling for the shutter button. Leave it to an avid photographer to design Shuttercase, a versatile iPhone case that solves […]
Still determined to keep those New Year’s health resolutions? If you’re going to stick with the exercise plan, it’s enough of a challenge to budget your time. No need for your financial budget to take a hit, too. Here’s a more convenient – and cheaper – alternative to a gym membership or Peloton bike: Two […]
Want a career in web design? It’s true that these days, most anyone can throw up a page or two. But for true workhorse web design, you’ll sometimes need to match the platform to the project. Enter the Complete Front-End Developer Bundle, an educational grand tour around the best tools for the web. For beginners, […]