Typo Thwarts Hackers In $1B Cyber Heist

Uploaded on 2016-04-07 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-Financial

It was just a few letters off: Someone misspelled “foundation” as “fandation” on an online payment transfer request.

But that simple typo helped stop hackers from getting away with a nearly $1 billion digital heist last month.

Hackers broke into the Bangladesh central bank’s computer systems in early February, according to the news service, which cited anonymous officials at the financial institution. The attackers stole the credentials needed to authorize payment transfers and then asked the Federal Reserve Bank of New York to make massive money transfers, nearly three dozen of them, from the Bangladeshi bank’s account with the Fed to accounts at other financial institutions overseas.

Four transfers to accounts in the Philippines, totaling about $80 million, worked. But then a fifth request, for $20 million to be sent to an apparently fictitious Sri Lankan nonprofit group, was flagged as suspicious by a routing bank because of the “fandation” error.

Bangladesh’s central bank was able to stop that transaction after the routing bank asked for confirmation. “The Sri Lankan bank did not disburse it immediately, and we could recover the full amount,” the central bank told the Financial Times.

The requests waiting to be processed, amounting to a total of between $850 million and $870 million, according to an unnamed official cited by Reuters, were also halted. So if it weren’t for that typo, the attackers might have escaped with a bigger payday.

Bangladesh’s finance minister has blamed the incident on the Federal Reserve and said his government will “file a case in the international court against” the financial institution, according to the Dhaka Tribune.

A New York Fed spokesman denied the accusation, telling The Washington Post in a statement that “there is no evidence of any attempt to penetrate Federal Reserve systems in connection with the payments in question” or that the institution’s systems were compromised. The spokesman said the payment instructions were “fully authenticated” using standard methods.

Washington Post: http://wapo.st/1TBueXJ

« Cybersecurity Budgets Rise But Not In Line With Threats
Is Breach Notification Part Of Your Response Plan? »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

National Institute of Standards & Technology (NIST) - USA

National Institute of Standards & Technology (NIST) - USA

NIST is a measurement standards laboratory, and a non-regulatory agency of the United States Department of Commerce. Areas covered include IT and cybersecurity.

Cybersecurity Credentials Collaborative (C3)

Cybersecurity Credentials Collaborative (C3)

C3 provides a forum for collaboration among vendor-neutral information security and privacy and related IT disciplines certification bodies.

National Intelligence Service (NIS) - South Korea

National Intelligence Service (NIS) - South Korea

The NIS oversees policy on cyber security in South Korea by formulating and coordinating the execution of such policy and devising necessary schemes and guidelines.

Lynxspring

Lynxspring

Lynxspring provides edge-to-enterprise solutions and IoT technology for intelligent buildings, energy management, equipment control and specialty machine-to-machine applications.

Picus Security

Picus Security

Huge gaps often exists between the "perceived"​ and "actual"​ IT security level of an organization. Picus Security continuously assesses security controls and reveals deficient ones before hackers do.

Bird & Bird

Bird & Bird

Bird & Bird is an international law firm with a focus on helping organisations being changed by technology and the digital world. Areas of expertise include cyber security.

Edvance

Edvance

Edvance operates a range of cybersecurity businesses including value added cybersecurity solutions distribution, security technology innovation and development, and SaS solution offerings.

Wayra

Wayra

Wayra connects Telefónica and technological disruptors around the world. As their preferred strategic partner, we scale them up to accelerate their business and ours.

Infosec Cloud

Infosec Cloud

Infosec Cloud is a specialist Cyber Security company offering fully managed Training & Testing Services in addition to market leading Cyber Security technology and accredited professional services.

TOTM Technologies

TOTM Technologies

TOTM Technologies provides end-to-end identity management and biometrics products, powering Digital identity and Digital onboarding solutions.

Unified National Networks (UNN)

Unified National Networks (UNN)

UNN’s mission is to unify the national networks and create a modern and cost efficient digital platform connecting the entire country.

Technoware Solutions

Technoware Solutions

Technoware Solutions is a global company committed to helping entities navigate the digital waters of modernizing their system processes in an ever changing cybersecurity landscape.

Options Technology

Options Technology

Options is a global leader in financial technology, specialising in Capital Markets technology and enterprise-grade solutions.

BCX

BCX

BCX, a subsidiary within Telkom Group, is one of Africa’s largest systems integrator and digital transformation partners for enterprises and public sector organisations.

Razilio

Razilio

Razilio is a boutique cybersecurity consultancy located in Sydney, Australia and serving the world.

Syntura

Syntura

Syntura is your trusted partner for advisory, infrastructure and managed services.