Hackers almost succeeded in stealing US$951 million from the central bank of Bangladesh in early February. The latest investigation has revealed that the theft planners may have come from China.
In the end, they managed to steal US$81 million.
The hackers, using authenticated SWIFT codes, masqueraded as officials from Bangladesh Bank on Feb 5 to submit a series of requests for the Federal Reserve Bank of New York (FRBNY) to transfer large amounts of money out of its account. FRBNY received a total of 35 tranches of transfer requests, amounting to US$951 million.
While 30 of the requests were declined, 4 tranches of money, totaling US$81 million, were remitted to the Philippines. Another transmission of US$20 million to a non-profit organization in Sri Lanka was suspended because a routing bank found that the name of the organization was misspelled.
More and more startling facts have been uncovered in the US$101 million theft and attempted theft from the foreign exchange reserves of Bangladesh Bank. On March 29, a Philippine Senate hearing declared that the US dollar accounts into which the stolen money was deposited were opened by the two Chinese people in the Philippines Rizal Commercial Banking Corp (RCBC) nine months before the theft.
Kim Wong (also known as Kam Sin Wong), a Chinese junket operator in the Philippines, is a key figure in the case.
The Wall Street Journal reported on March 30 that during the Philippine Senate hearing on March 29, Kim Wong denied that he had planned this theft, and he said two Chinese nationals organized the transmission of the stolen funds into the Philippines.
He claimed that he only served as an interpreter to help the two Chinese men open the accounts, the Journal reported.
According to Wong’s testimony, two Chinese nationals, one being a junket operator from Beijing named Gao Shu Hua and another from Macau named Ding Zhi Ze, brought the money into the Philippines, according to the Journal.
“I had nothing to do with opening the actual accounts,” Wong told the Journal.
As the search for the stolen money continues, the Journal reported, a close eye is being kept on junket managers who help high-stakes gamblers travel to casinos in the Philippines and other places. The Philippines’ anti-money-laundering agency has filed a criminal complaint against Wong and another junket operator it identified as Chinese national Xu Weikang, according to the Journal.
Chinese hackers suspected
According to Reuters, Bangladesh Bank said on March 7 that some funds from its account at the FRBNY were stolen, allegedly by Chinese hackers.
Bangladesh’s Financial Express reported on March 7 that according to an anonymous official from the country’s central bank, about one hundred million US dollars of stolen funds were transferred into banks of the Philippines and Sri Lanka through illegal channels. After that, the funds were sold to a black market foreign exchange broker, transferred to at least three large local casinos, sold back to the money broker, and moved out to overseas accounts—all in a few days.
Financial Express, citing a few Bangladesh government officials and bankers, said on March 8 that suspected Chinese-origin cybercriminals hacked the forex reserves in Bangladesh Bank’s account with the U.S. FRBNY on Feb 5.
Trail of funds lost
The trail of the stolen funds was lost in the Jupiter Street branch of the Philippines RCBC. On Feb 5, US$22 million was put into one of the four accounts of the Jupiter Street branch.
According to the online media Zero Hedge, a total of US$427,000 was withdrawn from one of the accounts that received the stolen funds, and the cash was loaded into the car of Maia Santos Deguito, the branch manager.
“Deguito’s assistant, Angela Torres, requested P20 million (US$434,000) from the bank’s cash center, which was delivered by armored car,” the newspaper PhilStar stated, citing Romualdo Agarrado, customer service head at the Jupiter Street branch.
“[Agarrado] said the teller then put the money in a box, which was brought to Deguito’s office. He said the branch messenger, a certain Jovy Morales, then looked for a paper bag to put the money in and then brought it to the branch manager’s car,” the PhilStar added.
According to the Journal, Agarrado reported that Deguito ignored an order from Bangladesh Bank to freeze the accounts. She moved the money to a foreign-currency account opened under the name of a local brokerage firm, Centurytex Trading, Agarrado told the Journal.
The Journal reported that according to Philippines Anti-Money Laundering Council records, about US$81 million of the stolen money was remitted from the account to a local money-transfer company. The money ended up in at least one casino and with two junket operators, according to the Journal.
The Journal reported that RCBC legal counsel Macel Fernandez-Estavillo said that an investigation by Truth Verifier Systems Inc. discovered that the account was forged.
However, Torres said that William Go, the businessman who owns Centurytex Trading, picked up the cash and signed the withdrawal slip, according to Zero Hedge.
Some critics have said that the theft is a Hollywood-esque blockbuster.
Bangladesh has hired the cyber security firm FireEye Inc. to investigate the incident. According to what Bloomberg describes as an “interim report,” the hackers “sought to cover their tracks by deleting computer logs as they went [and] before making transfers they sneaked through the network, inserting software that would allow re-entry”.
Bangladesh’s finance minister, A.M.A. Muhith, told the Bengali-language daily newspaper Prothom Alo that this was entirely an inside job and involved central bank officials, according to Zero Hedge.
According to itnews.com, Bangladesh has sought assistance from the U.S. FBI to find the criminals.
Bangladesh has a population of 170 million and is one of the poorest countries in the world.
According to the New York Times, an ATM in Ukraine started dispensing cash at random intervals in 2013, though no one had touched it. Cameras showed that the money was taken by customers who were apparently lucky enough to be there at those times, the Times reported.
However, when Russian computer security firm Kaspersky Lab investigated, it found that the bank’s internal computers had been penetrated by malware, according to the Times. The malware sent video feeds and images to a criminal group with members from various countries, letting them learn the bank’s daily routines, the investigators told the Times.
The criminals impersonated bank officers, turned on the ATM machines, and transferred millions of dollars from banks around the world into dummy accounts in other countries, the Times reported.
According to the Times, the criminals put in a lot of effort to learn the individual system of each bank, and they created fake bank accounts in the United States and China to use as destinations for transfers. The hackers were able to steal large amounts of money by briefly manipulating bank account balances, the Times reported.
“The criminals first would inflate a balance—for example, an account with $1,000 would be altered to show $10,000. Then $9,000 would be transferred outside the bank. The actual account holder would not suspect a problem, and it would take the bank some time to figure out what had happened,” the Times explained.
According to the Times, Kaspersky reported that one of its clients lost US$7.3 million through ATM withdrawals. US$10 million was stolen from another client through its accounting system, the Times stated.
“Kaspersky Lab says it has seen evidence of $300 million in theft through clients, and believes the total could be triple that,” the Times stated. “But that projection is impossible to verify because the thefts were limited to $10 million a transaction, though some banks were hit several times. In many cases the hauls were more modest, presumably to avoid setting off alarms.”
According to a report issued in 2015 by Kaspersky Lab, a gang of cyber criminals from several different countries stole up to US$1 billion from up to 100 financial institutions in about 30 countries within about two years.
Edited by Sally Appert.