Cybersecurity

FBI suspects an inside job in $81M Bangladesh bank hack

FBI investigators suspect the theft of $81 million from the Bangladesh central bank was at least partly an inside job, The Wall Street Journal reports.

{mosads}Evidence points to at least one suspect who is an employee of the bank, people familiar with the matter said. “A handful” of others may have helped hackers navigate the bank’s computer system, according to the Journal.

The agency has not yet informed Bangladesh Bank which employees it suspects.

“The central bank is pursuing this case with the utmost vigor, and if anyone within the bank is found to be involved, we will take legal action as appropriate,” a spokesperson told the Journal.

Those suspicions could complicate an already tense relationship between the FBI and Bangladesh officials.

Relations haven’t always been smooth since the launch of the agency’s investigation, the Journal reports, and the State Department has tried to mediate.

The hackers stole from the bank’s accounts with the New York Federal Reserve, and Bangladesh officials have hinted that some of the blame rests with the Fed.

“We view this as a major lapse on the part of FRB NY,” Bangladesh Bank said in an internal report.

According to the report, the hackers tried to issue 35 payment instructions to the New York Fed, 30 of which were denied. The U.S. bank says it followed normal procedures and saw no indications that its own systems were breached in the February incident.

But the Bangladesh Bank is considering “preparing the ground to make a legitimate claim for the loss of funds against the FRB NY through a legal process,” the report reads.

Publicly, officials have suggested that the blame rests with a messaging software that is a staple in the global financial system.

The software comes from the Brussels-based Society for Worldwide Interbank Financial Telecommunication, a collective owned jointly by more than 3,000 financial institutions. Security researchers believe the Bangladesh Bank attackers used a specific kind of malware to target the software, known as Alliance Access, then cover their tracks.

Fazle Kabir, head of Bangladesh Bank, is scheduled on Tuesday to meet with New York Fed President William Dudley and senior officials from the collective, to speed up recovery of the stolen money.

The theft is thought to be one of the largest digital heists in history and prompted the resignation of former Bangladesh Bank Governor Atiur Rahman.

The hackers also tried to transfer $20 million to an education nonprofit in Sri Lanka, but that transaction was held up because they misspelled the foundation’s name.