I did read this news last week but forgot to blog about it. Bloomberg edit team uses the case as a warning to all central bankers who can know more ignore cyber threats at their end. So far hackers were limited to banks but now have moved to central banks as well. Willie Sulton, the bank robber was once asked why he robbed a bank? TO which his answer was “that is where the money is”. Likewise, why just stop at a bank. Get to the creator of money which is the central bank.
What was this Bangladesh story? Few people managed to hack their system and get funds transferred to remote accounts elsewhere. It is just an amazing case of heist in digital space. As this blog keeps mentioning, banking is increasingly becoming a sub-sector of information technology. A bank is no more just about loans and deposits but equally about encryption and softwares. Soon, latter will take over former in terms of importance given how systems are getting integrated. This blog will not be surprised if we go onto see technology people heading and managing a bank.
A printer error first tipped off Bangladesh’s central bank to one of the biggest cyber heists in recent history, according to a complaint filed to police that provided new details on the attempted theft of nearly $1 billion.
Zubair Bin Huda, a joint director of Bangladesh Bank, found the printer tray empty when he looked on the morning of Feb. 5 for confirmations of SWIFT financial transactions that are normally printed automatically overnight. He then tried and failed to print out the messages manually from the SWIFT system, according to his complaint to police, the first step needed to start an official investigation.
“We thought it was a common problem just like any other day,” Huda said in the complaint.
The case has prompted central banks around the globe to examine cyber security measures. It has also led to the resignation of Bangladesh’s central bank governor and put money laundering in the Philippines under scrutiny.
Bloomberg edit team says:
First, central banks make fat targets. Many are under constant attack. Those in the developing world, with lots of new capital but not much digital security, are especially at risk. Bangladesh had amassed some $28 billion in foreign-currency reserves, and its central bank had alarmingly lax defenses. It was a hacker’s dream.
Second, fessing up quickly is crucial. Officials at Bangladesh Bankkept quiet for more than a month, and never quite got around to informing the country’s finance minister. Meanwhile, the pilfered cash made its way across the globe. Asian governments and industries, in particular, would benefit from better information-sharing about intrusions.
A more crucial lesson is that cybersecurity, though boring, is everyone’s responsibility — even the boss’s. (“I am not a technical person,” the now ex-governor of Bangladesh Bank said by way of explanation.) All too often, malicious hacks come down to simple human error. Making better use of encryption, access controls and strong verification systems can help, but nothing can substitute for training and vigilance.
Finally, preventing hackers from moving the money they’ve siphoned off requires global cooperation. The thieves in this case laundered much of the cash through casinos in the Philippines. Not coincidentally, Filipino lawmakers have exempted casinos from anti-money-laundering requirements. Tightening those restrictions would be wise. But there are still far too many places where lax laws, custom or generalized chaos provide a welcome home for dirty money. Changing those norms will only get more urgent.
All getting increasingly muddled up and complicated..