Page 6 - Cyber Warnings
P. 6
An In-depth Look at the Bank of Bangladesh Heist
By: Uri Rivner, Head of Cyber Strategy at BioCatch
It was supposed to be the biggest heist in human history. Nearly one billion dollars from
Bangladesh’s cash reserves, held at the Federal Reserve, were about to vanish into thin air.
The heist would have been a national-level economic blow.
Pulling off something of that magnitude would have required a cash-out operation the scale of
which the fraud underground has never seen. Here’s my version of how it likely unfolded.
RATs were present.
RATs (or Remote Access Trojans) have been present in many cyber attacks over the past
decade, but interestingly enough, they aren’t a new threat, just one that is a devil to encounter.
They provide the perfect cloaking device, and are an almost essential component in any cyber
hack today.
Recently, RATs have become a standard tool for many Chinese hackers which is why upon
seeing that RATs were featured in the February 2016 attack on Bangladesh’s Central Bank,
many were quick to point a finger at China. But the truth is that RATS are common these days
and often used by nation states, organized crime rings, and banking Trojan operators. Banks
are especially familiar with these Trojans.
Anybody working at a bank will tell you that Dyre and Dridex are the most devious financial
Trojans ever created, highly evasive and at times, completely undetectable. That’s because
they leverage RATs to conduct fraudulent activity – much like in the Bangladesh example.
Unlike Advanced Persistent Threat or APT attacks, which are generally staged by military cyber
hackers targeting private corporations to pursue intellectual property or some sort of essential
supply chain component needed for a bigger play, this attack was not part of a cyber espionage
campaign. Instead, it went after a central bank because, as the infamous American bank robber
Willie Sutton put it, “that’s where the money is”. A lot of it.
It’s important to establish that the Federal Reserve Bank was not the target of this hack, nor did
the hackers penetrate its network. The Federal Reserve Bank is a gargantuan deposit bank that
manages $1.6 trillion, most of which belongs to foreign states, the US treasury and private US
banks. Like any bank, it has account holders, although here we’re not talking about the average
Joe, or even a mega corporation.
We’re talking about countries. If you’re a foreign country, someone needs to manage your
international assets. So you open an account with the Federal Reserve, deposit money into it –
normally in the billions – and then later on you can use it to pay your debts.
6 Cyber Warnings E-Magazine – April 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
