This past February, some clever hackers pulled off a daring bank heist that was aided by a Bangladeshi bank’s decision to buy cheap second-hand $10 routers. In fact, the cheap routers let hackers get away with $81 million by giving them access to the secure computers that handle SWIFT monetary transactions and helping them hide their tracks.
Some 20 individuals who received payments from hackers have been identified so far but the masterminds of the attack have yet to be discovered. Even worse is the fact that most of the funds, which were routed to accounts in the Philippines and diverted to a local casino, are still missing.
According to Reuters, the head of the Forensic Training Institute of the Bangladesh police’s criminal investigation department revealed that security oversights from the bank helped hackers steal the money. Hackers took advantage of the $10 routers that had no firewalls to get into the bank’s system and were aided by the fact that the bank’s switches weren’t sophisticated enough to trace the hackers’ steps.
“You are talking about an organization that has access to billions of dollars and they are not taking even the most basic security precautions,” cyber firm Optiv consultant Jeff Wichman told Reuters.
Furthermore, the SWIFT servers inside the bank were on the same network with the rest of the banks’ 5,000 computers, rather than being on a walled, secondary one. Furthermore, the room that houses the SWIFT computers isn’t monitored by a bank employee at all times in spite of the sensitive nature of the activity that goes on in it. Instead, all transactions are automatically printed on a printer in the room.
Police believe that both the bank and SWIFT should take blame for the heist. The Belgian banking authority said that the heist only breached the Bangladesh Bank and not its secure messaging services. The bank stated that SWIFT officials only advised that a router upgrade is in order after the heist.