Investigators from the Forensic Training Institute of the Bangladesh investigated the $80 Million bank heist and discovered that the hackers managed to gain access to the network because the Bank was using second-hand $10 network switches without a Firewall to run its network.
When it was reported last month that an unknown hacking group attempted to steal $1 Billion from Bangladesh’s Federal Reserve bank account with the help of a malware and, in fact, successfully stole over $80 Million, the investigators would not say how the hackers managed to bypass the security solutions on its network.
But in reality, there was no security solution installed to help protect against increasingly sophisticated attacks.
This lack of security practices made it incredibly easier for the hackers to break into the system and steal $81 Million, though a simple typo (spell error) by hackers halted the further transfers of the $850 Million funds.
The network computers that were linked through the second-hand routers were connected to the SWIFT global payment network, allowing hackers to gain access to the credentials required to make high-value transfers straight into their own accounts.
"It could be difficult to hack if there was a firewall," forensic investigator Mohammad Shah Alam told Reuters.
Firewall are meant to help keep out malicious hackers and malware from doing nasty things.
Moreover, the use of cheap routers made it difficult for investigators to pinpoint the hackers behind the largest bank heist and figure out the hackers tactics, Alam added.
The investigator blamed both the bank as well as SWIFT, saying "It was their responsibility to point it out, but we have not found any evidence that they advised before the heist."
Hackers broke into the bank’s systems and tried to steal $1 Billion from its account at the Federal Reserve Bank of New York in early February and then transferred large sums to fraudulent accounts based in the Philippines and Sri Lanka.
Bangladesh police have identified 20 foreigners involved in the heist but the police said the people appear to be those who received some of the payments rather than the hackers who initially stole the money.
Though the investigators are still scratching their heads to identify the hackers with no clue, the incident is a good reminder for financial institutions across the global to tighten up the security of their systems.