Sunteți pe pagina 1din 5

7/18/2016 2016BangladeshBankheistWikipedia,thefreeencyclopedia

2016BangladeshBankheist
FromWikipedia,thefreeencyclopedia

InFebruary2016,instructionstostealUS$951MillionfromBangladesh
Bank,thecentralbankofBangladesh,wereissuedviatheSWIFTnetwork.
Fivetransactionsissuedbyhackers,worth$101millionandwithdrawn
fromaBangladeshBankaccountattheFederalReserveBankofNew
York,succeeded,with$20MtracedtoSriLanka(sincerecovered)and
$81MtothePhilippines.TheFederalReserveBankofNYblockedthe
remaining30transactions,amountingto$850million,attherequestof
BangladeshBank.[1]

Contents
TheFederalReserveBankofNew
1 Background York
2 Events
2.1 AttemptedfunddiversiontoSriLanka
2.2 FundsdivertedtothePhilippines
3 Investigation
3.1 Bangladesh
3.2 Philippines
3.3 UnitedStates
3.4 Otherattacks
4 Responsefromlinkedorganizations
5 Ramifications
6 References

Background
In2012,thePhilippinesloosenedrestrictionsonitsgamblingindustrydespiteoppositionfromtheCatholic
Church.Afterthecountry'sgamblingindustrybenefitedfromChinesePresidentXiJinping'scampaignagainst
corruption,whichdrovegamblersfurthersouthofMacau,[2]itscasinoslobbiedagainsta2012amendmentbythe
PhilippineSenateofthe2001AntiMoneyLaunderingActthatrequiredthemtoreportsuspicioustransactions.
SenatePresidentJuanPonceEnrilehadlobbiedfortheinclusionofcasinosinthescopeofthelaw.Atthattime,
bigcasinofirmsinthePhilippinessuchastheCityofDreamshadnotyetbeenestablished.[3]

Events
Hackersorinsiders(itisnotyetclearwhich)attemptedtosteal$951millionfromtheBangladeshcentralbank's
accountwiththeFederalReserveBankofNewYorksometimebetweenFebruary45whenBangladeshBank's
officeswereclosed.TheperpetratorsmanagedtocompromiseBangladeshBank'ssystem,observehowtransfers
aredone,andgainaccesstothebank'scredentialsforpaymenttransfers,whichtheyusedtosendaboutthree
dozenrequeststotheFedBanktotransferfundstoSriLankaandthePhilippines.30transactionsworth$851
millionwerepreventedbythebankingsystembutfiverequestsweregranted$20milliontoSriLanka(later
recovered[4][5]),and$81millionlosttothePhilippines,enteringtheSoutheastAsiancountry'sbankingsystemon
February5,2016.ThismoneywaslaunderedthroughcasinosandsomelatertransferredtoHongKong.
https://en.wikipedia.org/wiki/2016_Bangladesh_Bank_heist 1/5
7/18/2016 2016BangladeshBankheistWikipedia,thefreeencyclopedia

AttemptedfunddiversiontoSriLanka

The$20milliontransfertoSriLankawasintendedbyhackerstobesenttotheShalikaFoundation,aSriLanka
basedprivatelimitedcompany.Thehackersmisspelled"Foundation"intheirrequesttotransferthefunds,spelling
thewordas"Fundation".ThisspellingerrorgainedsuspicionfromDeutscheBank,aroutingbankwhichputahalt
tothetransactioninquestionafterseekingclarificationsfromBangladeshBank.[6][4][7]

SriLankabasedPanAsiaBankinitiallytooknoticeofthetransaction,withoneofficialnotingthetransactionas
toobigforacountrylikeSriLanka.PanAsiaBankwastheonewhichreferredtheanomaloustransactionto
DeutscheBank.TheSriLankanfundshavebeenrecoveredbyBangladeshBank.[4]

FundsdivertedtothePhilippines

ThemoneytransferredtothePhilippineswasdepositedinfiveseparateaccountswiththeRizalCommercial
BankingCorporation(RCBC)theaccountswerelaterfoundtobeunderfictitiousidentities.Thefundswerethen
transferredtoaforeignexchangebrokertobeconvertedtoPhilippinepesos,returnedtotheRCBCand
consolidatedinanaccountofaChineseFilipinobusinessman[3][5]theconversionwasmadefromFebruary5to
13,2016.[8]ItwasalsofoundthatthefourU.S.dollaraccountsinvolvedwereopenedattheRCBCasearlyasMay
15,2015,remaininguntoucheduntilFebruary4,2016,thedatethetransferfromtheFederalReserveBankofNew
Yorkwasmade.[8]

InFebruary8,2016,duringtheChineseNewYear,BangladeshBankthroughSWIFTinformedRCBCtostopthe
payment,refundthefunds,andto"freezeandputthefundsonhold"ifthefundshadalreadybeentransferred.
ChineseNewYearisanonworkingholidayinthePhilippinesandaSWIFTmessagefromBangladeshBank
containingsimilarinformationwasreceivedbyRCBConlyadaylater.Bythistime,awithdrawalamountingto
about$58.15millionhadalreadybeenprocessedbyRCBC'sJupiterStreet(inMakatiCity)branch.[8]

OnFebruary16,theGovernorofBangladeshBankrequestedBangkoSentralngPilipinas'assistanceinthe
recoveryofits$81millionfunds,sayingthattheSWIFTpaymentinstructionsissuedinfavorofRCBCon
February4,2016werefraudulent.[8]

Investigation
Bangladesh

Initially,BangladeshBankwasuncertainifitssystemhadbeencompromised.GovernoroftheCentralbank
engagedWorldInformatixCyberSecurity,aUSbasedfirm,toleadthesecurityincidentresponse,vulnerability
assessmentandremediation.WorldInformatixCyberSecuritybroughtintheleadingforensicinvestigation
companyMandiant,aFireEyecompanyfortheinvestigation.Thesecybersecurityexpertsfound"footprints"and
malwareofhackerswhichsuggestedthatthesystemhadbeenbreached.Theinvestigatorsalsosaidthatthe
hackerswerebasedoutsideBangladesh.AninternalinvestigationhasbeenlaunchedbyBangladeshBank
regardingthecase.[4]

TheBangladeshBank'sforensicinvestigationfoundoutthatmalwarewasinstalledwithinthebank'ssystem
sometimeinJanuary2016,whichgatheredinformationonthebank'soperationalproceduresforinternational
paymentsandfundtransfers.[8]

Philippines

https://en.wikipedia.org/wiki/2016_Bangladesh_Bank_heist 2/5
7/18/2016 2016BangladeshBankheistWikipedia,thefreeencyclopedia

ThePhilippines'NationalBureauofInvestigation(NBI)launchedaprobeandlookedintoaChineseFilipinowho
allegedlyplayedakeyroleinthemoneylaunderingoftheillicitfunds.TheNBIiscoordinatingwithrelevant
governmentagenciesincludingthecountry'sAntiMoneyLaunderingCouncil(AMLC).TheAMLCstartedits
investigationonFebruary19,2016ofbankaccountslinkedtoajunketoperator.[8]AMLChasfiledamoney
launderingcomplaintbeforetheDepartmentofJusticeagainstaRCBCbranchmanagerand5unknownpersons
withfictitiousnamesinconnectionwiththecase.[9]

APhilippineSenatehearingwasheldonMarch15,2016,ledbySenatorTeofistoGuingonaIII,headoftheBlue
RibbonCommitteeandCongressionalOversightCommitteeontheAntiMoneyLaunderingAct.[10]Acloseddoor
hearingwaslaterheldonMarch17.[11]PhilippineAmusementandGamingCorporation(PAGCOR)hasalso
launcheditsowninvestigation.[4]

UnitedStates

FireEye'sMandiantforensicsdivisionandWorldInformatixCyberSecurity,bothUSbasedcompanies,are
investigatingthehackingcase.Accordingtoinvestigators,theperpetrators'familiaritywiththeinternalprocedures
ofBangladeshBankwasprobablyobtainedbyspyingonitsworkers.ThegovernmentofBangladeshis
consideringsuingtheFederalReserveBankinabidtorecoverthestolenfunds.[4]

Otherattacks

Computersecurityresearchershavelinkedthethefttoasmanyas11otherattacks,andallegedthatNorthKorea
hadaroleintheattacks,whichiftruewouldbethefirstknownincidentofastateactorusingcyberattackstosteal
funds.[12][13]

Responsefromlinkedorganizations
TheRizalCommercialBankingCorporationsaiditdidnottoleratetheillicitactivity
intheRCBCbranchinvolvedinthecase.LorenzoTan,RCBC'spresident,saidthat
thebankcooperatedwiththeAntiMoneyLaunderingCouncilandtheBangko
SentralngPilipinasregardingthematter.[14]Tan'slegalcounselhasaskedtheRCBC
JupiterStreetbranchmanagertoexplaintheallegedfakebankaccountthatwasused
inthemoneylaunderingscam.[15]

RCBCPresidentLorenzoTanalsofiledanindefiniteleaveofabsencetogivewayto
theinvestigationbytheauthoritiesonthecaseandtoclearhisnameintheissue.
RCBC'sboardcommitteealsolaunchedaseparateprobeintothemoneylaundering
scam.[16][17]HelenYuchengcoDee,daughterofRCBCfounderAlfonsoYuchengco, AtiurRahman,Governor
willtakeoverthebank'soperations.Thebankalsoapologizedtothepublicforits ofBangladeshBankwho
involvementintheheist. resignedfromhispostin
responsetothecase.
BangladeshBankchiefgovernorAtiurRahmanresignedfromhispostamidthe
currentinvestigationoftheheistandmoneylaundering.HesubmittedhisresignationlettertoPrimeMinister
SheikhHasinaonMarch15,2016.Beforetheresignationwasmadepublic,Rahmanstatedthathewouldresign
forthesakeofhiscountry.[18]

Ramifications
https://en.wikipedia.org/wiki/2016_Bangladesh_Bank_heist 3/5
7/18/2016 2016BangladeshBankheistWikipedia,thefreeencyclopedia

ThecasethreatensthereinstatementofthePhilippinestotheblacklist,bytheFinancialActionTaskForceon
MoneyLaundering,ofcountriesmakinginsufficienteffortsagainstmoneylaundering.[19]Attentionwasgiventoa
potentialweaknessofPhilippineauthorities'effortsagainstmoneylaunderingafterlawmakersin2012managedto
excludecasinosfromtherosteroforganizationsrequiredtoreporttotheAntiMoneyLaunderingCouncil
regardingsuspicioustransactions.

Thecasealsohighlightsthethreatofcyberattackstobothgovernmentandprivateinstitutionsbycybercriminals
usingrealbankcodestomakeorderslookgenuine.SWIFThasadvisedBanksusingSWIFTAllianceAccess
systemtostrengthentheircybersecuritypostureandensuretheyarefollowingSWIFTsecurityguidelines.
Bangladeshisreportedlythe20thmostcyberattackedcountry,accordingtoacyberthreatmapdevelopedby
KasperskyLabwhichrunsinrealtime.[20]

References
1.Schram,Jamie(22March2016)."Congresswomanwantsprobeofbrazen$81MtheftfromNewYorkFed".
2.Alcuaz,Coco(10March2016)."PhilippineBankClaimsInnocenceInBangladeshFederalReserveMoneyLaundering
Controversy".InternationalBusinessTimes.Retrieved11March2016.
3.Ager,Maila(3March2016)."Senatetoprobe$100MlaunderingviaPH,saysOsmea".PhilippineDailyInquirer.
Retrieved11March2016.
4.Quadir,Serajul(11March2016)."Spellingmistakestopshackersstealing$1billioninBangladeshbankheist".The
Independent.Retrieved13March2016.
5.Byron,RejaulKarim(10March2016)."Hackers'bidtosteal$870mmorefromBangladeshcentralbankfoiled".Asia
NewsNetwork(TheDailyStar).Retrieved11March2016.
6."SriLankaninBangladeshcyberheistsaysshewassetupbyfriend".31March2016viaReuters.
7."StorybehindShalikaFoundationCeylontoday.lk".
8.Byron,RejaulKarimRahman,MdFazlur(11March2016)."HackersbuggedBangladeshBanksysteminJan".Asia
NewsNetwork(TheDailyStar).Retrieved13March2016.
9."RCBCmanager,othersfaceantimoneylaunderingcomplaint".Rappler.March5,2016.RetrievedMarch5,2016.
10.Pasion,Patty(15March2016)."RCBCmanagerinvokesrightvsselfincriminationatSenateprobe".Rappler.Retrieved
20March2016.
11.Yap,CeciliaCalonzo,Andreo(17March2016)."Printererrorfoiledbilliondollarbankheist".SydneyMorningHerald.
Retrieved20March2016.
12.Shen,Lucinda(27May2016)."NorthKoreaHasBeenLinkedtotheSWIFTBankHacks".Fortune.Retrieved28May
2016.
13.Perlroth,NicoleCorkery,Michael(26May2016)."NorthKoreaLinkedtoDigitalAttacksonGlobalBanks".NewYork
Times.Retrieved28May2016.
14.Agcaoili,Lawrence(10March2016)."RCBCdeniesallegedmoneylaundering".ThePhilippineStar.Retrieved
11March2016.
15."Explain'fakeaccount,'RCBCchieftellsbranchmanager".ABSCBNNews.March13,2016.RetrievedMarch13,
2016.
16.DumlaoAbadilla,Doris(March23,2016)."RCBCchiefgoesonleaveamid$81Mdirtymoneyprobe".PhilippineDaily
Inquirer.RetrievedMarch24,2016.
17.Agcaoili,Lawrence(March23,2016)."RCBCpresidentgoesonleave".ThePhilippineStar.RetrievedMarch24,2016.
18."Bangladeshcentralbankgovernorquitsover$81mheist".TheDailyStar/AsiaNewsNetwork.March15,2016.
RetrievedMay11,2016.
19.Remitio,Rex(3March2016)."Sen.Osmea:PHmaysufferifmoneylaunderingisproven".CNNPhilippines.
Retrieved11March2016.
20.Tweed,DavidDevnath,Arun(10March2016)."$1BillionPlottoRobFedAccountsLeadstoManilaCasinos".
Bloomberg.Retrieved11March2016.

Retrievedfrom"https://en.wikipedia.org/w/index.php?title=2016_Bangladesh_Bank_heist&oldid=729269384"

Categories: Hackinginthe2010s 2016inBangladesh 2016inthePhilippines 2016ineconomics


2016crimesinthePhilippines 2016crimesinBangladesh Accountingscandals Moneylaundering
https://en.wikipedia.org/wiki/2016_Bangladesh_Bank_heist 4/5
7/18/2016 2016BangladeshBankheistWikipedia,thefreeencyclopedia

Cyberattacks

Thispagewaslastmodifiedon11July2016,at02:13.
TextisavailableundertheCreativeCommonsAttributionShareAlikeLicenseadditionaltermsmayapply.
Byusingthissite,youagreetotheTermsofUseandPrivacyPolicy.Wikipediaisaregisteredtrademark
oftheWikimediaFoundation,Inc.,anonprofitorganization.

https://en.wikipedia.org/wiki/2016_Bangladesh_Bank_heist 5/5