The hackers behind the multi-million dollar theft from the Bangladesh central bank also compromised SWIFT, the global financial system used to facilitate international bank transfers, investigation finds.
Researchers from BAE Systems told Reuters that they discovered the Swift system had been hacked after carrying out an investigation into the theft which happened in February of this year.
According to a blog post by BAE, Bangladesh Bank used a second hand internet router which had no firewall enabled and which made it easier for the hackers to access the bank’s computers.
The authorities were only alerted to the hack when a typo on a bank transfer prevented them from transferring $1 billion into their own accounts.
BAE claims that during the hack, the Swift payment system was also compromised.
The hackers reportedly used a piece of bespoke malware to alter software on the internal systems of Bangladesh Bank in order to hide the fraudulent transactions which saw more than 81 million dollars transferred from the bank’s accounts at the New York Federal Reserve.
Swift said that it was “aware of malware targeting its client software” and that it has released an update to its system to prevent similar attacks from happening again.
In its statement, Swift confirmed that the hack was unlikely to be a one off.
“Swift is aware of a number of recent cyber incidents in which malicious insiders or external attackers have managed to submit Swift messages from financial institutions’ back offices, PCs or workstations connected to their local interface to the Swift network,” the group said.
BAE System’s Adrian Nish, who helped investigate the incident, told Reuters that it was one of the most elaborate hacks he had ever seen.
Swift, or the Society for Worldwide Interbank Financial Telecommunication is a co-operative owned by 3,000 financial institutions and is used by more than 11,000 banks and financial institutions around the world.
It is used to facilitate international bank transfers and is the largest secure financial messaging platform in the world.