$10 router blamed for the massive $80 million Bangladesh Bank hack


Can you believe it! A mere $10 second hand router was responsible for the massive $80 million Bangladesh Bank hack

Back in February, hackers had managed to hack into one of the premier banks of Bangladesh also known as Bangladesh Bank and siphon of $80 million. The fact that hackers could gain access to the SWIFT network — the cooperative system behind the vast majority of worldwide cross-border payments — and make $100 million go up in smoke has raised worldwide alarm bells.

The government of Bangladesh promptly set an enquiry into the hack and the report reveals rather fascinating yet shocking findings. Mohammad Shah Alam, who leads the Forensic Training Institute of the Bangladesh police’s criminal investigation department, said that the mega hack happened because the bank was using cheap $10 second hand routers for its global banking network computers.

Also, Bangladesh‘s central bank was vulnerable to hackers because it did not have a firewall. The employees used second-hand, $10 switches to network computers connected to the SWIFT global payment network.

Better security and hardware would have hampered the attackers, Reuters said, quoting an official investigator.

The hackers aimed to steal $1bn but made mistakes that led to the theft being spotted and stopped when the hackers had siphoned of $80 million.

According to FireEye, the Silicon Valley security firm auditing the theft, it seems some sneaky malware was covertly installed then hung out for a few days before going after the SWIFT terminal. By using keystroke software, thieves were able to steal operating codes, which allowed them to “process and authorize SWIFT transactions,” FireEye’s report said.

“The security breach of the SWIFT environment is part of a much larger breach that is currently under investigation,” the report said. FireEye investigators have warned Bangladeshi officials that at least 32 computers at the central bank may have been breached by hackers leading up to the attack on Feb. 5.

SWIFT on its part had stated that its network wasn’t what was breached. This was confirmed by the investigating team which found that the hackers were able to exploit the loopholes at the Bangladeshi central bank level.