We’ve often heard about hackers stealing personal data from millions of users by attacking retail stores, banks and even the U.S. government. But we’ve never heard about hackers trying to steal $1 billion. And what’s more, they were thwarted because of a simple typo that alerted banks to the fraudulent money transfers.
Rather than targeting ATMs or phishing for banking information from unsuspecting customers, clever hackers managed to penetrate the security of the Bangladesh central bank last month. According to Reuters, the unknown criminals obtained credentials for payment transfers and then they hit the Federal Reserve Bank of New York with nearly three dozen requests to transfer money from the Bangladesh Bank to various entities in the Philippines and Sri Lanka.
The trick almost worked, as four requests to transfer a total of $81 million to the Philippines went through, making the bank heist one of the largest known thefts in history.
But the fifth transfer, amounting to $20 million intended for a Sri Lankan non-profit organization was held up. The hackers misspelled the name of the NGO Foundation, calling it the Shalika “Fandation.” The routing bank, Deutsche Bank, wanted clarification from the Bangladesh central bank, which then stopped the transaction.
On top of that, the high number of transactions and the transfer requests to private entities prompted the Fed to alert the Bangladesh Bank. This helped the bank put a stop to all the other transactions initiated by hackers, which totaled between $850 million and $870 million. Had they been successful, the hackers would have pulled off the biggest bank heist in history.
The Bangladesh Bank further confirmed that it recovered some of the stolen money, and it’s working with anti-money laundering authorities in the Philippines to retrieve the rest. Casinos in the country are believed to have received some of the money.
The attack happened at some point between February 4-5 and originated from outside the country. It’s not clear who the hackers are and officials said there’s not much hope of catching them. Security experts say that the hackers had deep knowledge of the security protecting the bank’s system, and that they had likely spied on bank workers for some time ahead of the heist.
Meanwhile, Bangladesh government officials say that it’s the Fed who should have stopped the transactions, and it’s considering a lawsuit.