An anti-money laundering law that did not cover casinos. A weekend and a holiday in the targeted banks in at least three countries. A Swift system that worked. And human slip-ups that rang alarm bells but also consummated the biggest documented cyber heist and money laundering in the Philippines.March 15, 2016 | Editorial
It is now being regarded as the world’s biggest attempted cyber heist on just one financial institution. An attempt to hack $1 billion from Bangladesh Bank’s account in the Federal Reserve Bank of New York was blocked, but not after $81 million had successfully made its way to a bank in the Philippines, the Rizal Commercial Banking Corporation (RCBC); and around $20 million attempted to enter a bogus nongovernment organisation (NGO) in Sri Lanka called Shalika Foundation. The fraudulent Sri Lanka transaction was foiled after correspondent bank Deutsche Bank returned the payment order to Bangladesh Bank to correct the erroneous spelling of “Fandation” in the NGO’s name.
The fallout has been immediate: The Bangladesh Bank governor has resigned upon pressure by the finance minister, while a trader linked to the fraudulent transactions has fled the Philippines.
How could hackers get the credentials of no less than a central bank, and go through the entire clearing process with the biggest banks in the United States, as well as through the Swift system, and successfully move $100 million offshore?
Malware is being pointed to as the culprit, but perhaps just common sense in a few areas may have prevented the heist.
Bogus development projects
According to the Philippine Daily Inquirer, which exposed the money laundering scheme, a $25-million transaction was supposedly ordered by Bangladesh Bank on behalf of the government’s Kanchur, Meghna and Gumti 2nd Bridges Construction project. The amount was remitted to the account of one Teodoro Vasquez purportedly for the payment of a “loan” from Japan International Cooperation Agency (JICA).
A payment for $30 million to Jessie Christopher Lagrosas, an IT professional, likewise under a JICA “loan,” was supposedly ordered on behalf of Dhaka Mass Rapid Transport Development Project.
A $6-million payment order on behalf of an I...
Categories:Financial Institutions, Government Finance, Regulation, Risk and Regulation, Technology & Operations
Keywords:Money Laundering, SWIFT, RCBC, Bangladesh Bank, Federal Reserve Bank Of New York, Citibank, Wells Fargo Bank, Deutsche Bank, Bank Of New York Mellon, Cyber Threat, Cybersecurity, Bangko Sentral Ng Pilipinas, Hacking, Malware, Zero Day, Advanced Persistent Threat, Anti-money Laundering