PCX - Report PDF
PCX - Report PDF
PCX - Report PDF
Currently the origin of the attack has been connected to the hacker group Lazarus and
North Korea. Purpose of the study: What we are observing in this report is: ? Cybercrime
in Bangladesh Bank ? How this cybercrime would likely be impossible, had there been an
effective internal control system in both the central banks and SWIFT environment. ?
Action Against this Bank heist ? Identification and Implementation of IT infrastructure in
the Bangladesh bank security. ? International reaction for this biggest cybercrime.
The National Security Agency(NSA) of US experiences 300 million hacking attempts per
day. While SWIFT is used to transfer funds, banks themselves are responsible for their
individual cyber security. Hackers are exploiting weaknesses in the system. For example
a hacker group called Lazarus with its subgroup Bluenoroff have targeted and
successfully attacked smaller banks in poorer and less developed countries whose own
cyber security measures and systems are poorer (Lennon, 2017). The Bangladesh bank
heist was conducted by exploiting these vulnerabilities to access the SWIFT network.
A huge incomplete story is being fed into the public media that cybercriminals hacked
the confidential identifications, accessed into the Bangladesh Bank's IT system and then
generated valid SWIFT messages. This might be not possible due to the fact getting
access to to SWIFT surroundings is concern to strong controls around both physical and
logical get entry to. Physical controls should guard the premises at the same time as the
logical controls need to limitation get entry to primarily based totally on business needs.
Description: 1.
The timeline of Attack : The first tasks for the Bangladeshi bank attack had been made in
May 2015, while four bank money owed had been opened in Philippine bank for being
equipped to future transactions. All of the debts have been now no longer used till the
day of attack and have been truly set up for attack only. The first hassle in the audit
technique became made as none of those debts or their owners changed into
authenticated in the method to both take a look at the validity in their proprietors or
transactions.
The breach to the Bangladesh Bank become made in January, 2016 through exploiting
the shortage of firewall and likely with supporting hand from inside (Fin, 2016). The
actual timeline of attack remains lacking the reliable announcement because the very
last record from CID were behind schedule 13 times by this date (BD News 24, 2017). As
the professional record hasn't been finished, the dates and activities supplied right here
embodies a few degree of uncertainty.
The target of the assault become the SWIFT Alliance Access software, that's used
extensively in the banks across the world (Fin, 2016). The attack itself was started in
February, 4 in 2016 by making 35 payment commands really well worth of $951M to
Federal Reserve Bank. The first five of the transactions were completed, however the
final have been efficiently blocked partially due to the failures made by the attackers.
The objectives of the bills have been in the Philippines and Sri Lanka really well worth of
about $100M.
The attackers have been capable of withdraw $81M in overall throughout the length of
February five to nine as fictitious people. The unauthorized messages have been notified
in the Bangladesh bank all through the February 8 (Bloomberg,2016). 2. Detection :
Deutsche Bank had flagged the transaction as suspect. Nevertheless, as the transaction
had been approved by the Fed, it was forwarded to Sri Lanka. There, the transaction was
caught by a banking official in the receiving bank as the transfer was unusually large for
Sri Lanka. Before clearing the transfer, the Sri Lankan official had contacted Deutsche
Bank, which responded that the transfer is suspect.
As the recipient turned out to be a fake entity, the bank was able to freeze the funds
and ultimately return them to the originating bank. Out of the reported total sum
$870m of all transactions, the attackers managed to transfer only $81m. At the same
time, Fed alerted the central bank of Bangladesh after detecting that the number of
transfers to non-banking entities had conducted. Without the spelling mistake and the
efficient work of banking officials, the attackers could have got away with a way more
sum of money after successfully inserting the transactions to the SWIFT network. 3.
Identify of the Hacker : Even though the attacker did try good times to remove any
evidence from the bank's systems, Kaspersky (2017a) managed to access some of the
data through backups of the systems. The recovered files indicated, that the techniques
and tools used in the attack can be linked to a group known as Lazarus. Kaspersky
(2017a) ,Summary of the activities of the Lazarus group as follows: “It's malware has
been found in many serious cyberattacks, such as the massive data leak and file wiper
attack on Sony Pictures Entertainment in 2014; the cyberespionage campaign in South
Korea, dubbed Operation Troy, in 2013; and Operation Dark Seoul, which attacked
South Korean media and financial companies in 2013.”
Discussion: In addition to the big loss of $81m, the incident severely harmed the trust in
the IT systems of the global banking sector. It is clear, that the global monetary network
is only as secure as the weakest bank in the alliance. The SWIFT's model seems to have
failed to provide a layered security approach, which allowed the attackers to exploit the
system without compromising the core servers of the SWIFT network. The architecture
of the infrastructure has also been questioned by Deutsche Bank (Schuetze, 2016), and
hopefully the system will become more strong to cyber threats.
After the incident, the governor of the Bangladesh central bank took personally the hit
from the heist and resigned from his post (The Guardian, 2016a). Additionally, the
central bank of Philippine set a fine of 1-billion pesos ($21.3M) to the Rizal Commercial
Banking Corporation. The bank was used to transfer the money from the heist to casinos
in order to launder the money. Apparently, the bank had failed to follow regulation
against fraud and theft. It needs now to be clear that the leaders of the banking world
globally want to enhance the kingdom of cybersecurity through both developing
greater stable structures in addition to teach their personnel .Whoever or whatever
company became sooner or later behind the bank heist, the maximum important
element is to consciousness on provisioning and improving the cybersecurity of financial
messaging networks and the cybersecurity techniques of banks.
Line Drawling: Negative Paradigm: (a) Bangladesh bank had lost $ 81 million money.
What else can be more negative point than this? (b)This accident hampers the good
image of Bangladesh bank to the other countries. (c) After this accident, the chief person
in the field of the economy of Bangladesh, Dr Atiur Rahman, was compelled to resign
because of this. Positive Paradigm: (a) The Bangladesh government enhances the
security system after this accident. (b) The investigation is still running to identify the
inside helper of the hacking which will help to reduce the corruption. Overall, this
incident teaches a good lesson to Bangladesh bank as well as other bank who have a
vulnerable security system.
5. International Reaction : The New York Fed claimed that the payment order it accepted
through SWIFT. An unresolved question is how the SWIFT confirmed the 35 payment
orders and what similarly check New York Fed done as part of its own internal control
system. Carolyn B Maloney, Ranking Member in the U.S. House of Representatives,
raised several questions about this claim. Those are reproduced below.
? Firstly, is it appropriate to rely solely on authentication from SWIFT for payments from
the accounts of foreign central banks? ? Secondly, why the New York Fed block the last
30 transfer orders, but not the first 5 orders? What was it about the last 30 orders that
raised the New York Fed's suspicions? ? Thirdly, the New York Fed requested from
Bangladesh Bank for reconfirmation of all 35 payment orders, but executed payments
for the first 5 orders without receiving any reconfirmation. What is the New York Fed's
policy regarding reconfirmation and was it observed in this case? ? Finally, why did New
York Fed not question the apparent misspelling in the $20 million transfer order to the
Sri Lankan account, as a correspondent bank did? (Maloney, 2016) 6. Recommendation :
An international inquiry is needed to fully understand the total situation, which is behind
this cybercrime.
While the Philippines Senate was leading the inquiry, the Government of Bangladesh
and its central bank authority maintained a procedure from the very beginning. (a) Duty
& Right Ethics: The duty& right ethics are divided into area for this case study. They
are:1.What Philippine Bank have to do: The way they opened the 4 account without
proper authentication is illegal. Besides, while this big amount of $81 million was
transferred into their bank, they should test & double test the ones accounts again
similar to Sri Lanka did.
The great factor is that the ones accounts of Philippine were never used earlier than this
massive transaction. Hence, they did not take any step for preventing the transactions.
We all know, the pleasant way for cash lounging is to put cash in Casino due to the fact
it's miles the very best manner to flip black cash into white cash. The Philippine Bank
helped the hacker by sending those entire moneys to some casino according to the
hacker's order. They did not have any professional ethics in them. How could they do it?
They have been completely corrupted.
They have to prevent the transactions & go back it to the primary account. (b) What
Bangladesh bank should do: They were reckless to the problem of firewall. We all know
the proverb “Little should not be neglected”. Their lack of expert responsibility causes
$81 million robbery. Besides, according to FBI report, there has been internal helper that
indicates that some corrupted individual was also there to help the hackers. They should
be sincere to their responsibility. . Conclusion: The professional person should have
professional ethics in them. In this case, study, we have seen that there was a lack of
professional ethics in the authority of Bangladesh Bank & Philippine Bank.
If they were honest and sincere to their duty, an event such as this would never be
happened. It is a remarkable incident in the history of Bangladesh and we should keep
alert of all types of securities alert and technological issues.
INTERNET SOURCES:
-------------------------------------------------------------------------------------------
1% -
https://www.gigacycle.co.uk/news/report-investigators-eye-north-koreans-for-exchange
-hack/
<1% -
https://bdnews24.com/economy/2016/07/22/how-the-new-york-fed-fumbled-over-the-
bangladesh-bank-cyber-heist
<1% -
https://indianexpress.com/article/technology/tech-news-technology/wannacry-ransomw
are-shadow-brokers-hacker-group-threatens-to-sell-code-4659765/
3% -
https://www.researchgate.net/publication/307512855_A_Forensic_View_of_Bangladesh_B
ank_Reserve_Heist
12% -
https://www.scribd.com/document/407881728/bangladesh-heist-case-studies-pdf
<1% -
https://issuu.com/dhakatribune/docs/160310204444-6bbe13e01d004e0e91d94a484d02
2084
<1% - http://vkhp.campingvalcurone.it/phishing-email-templates-html.html
<1% - http://docshare.tips/security-in-computing_58c53060b6d87f45a88b5d5b.html
<1% -
https://www.bankinfosecurity.co.uk/bangladesh-bank-sues-to-recover-funds-after-cyber
-heist-a-11993
<1% -
https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Network_Virtualization/Pat
hIsol.html
<1% -
https://studyhippo.com/essay-the-role-of-banking-sector-in-the-prevention-of-money-l
aundering-in-bangladesh/
<1% -
https://www.bellingcat.com/news/mena/2017/09/06/history-sarin-use-syrian-conflict/
<1% - https://www.pna.gov.ph/articles/1109811
<1% -
http://soc.culture.indian.marathi.narkive.com/Z1VVS0WQ/muslim-problem-hindu-soluti
ons-sid-harth.7
<1% -
https://www.americanactionforum.org/insight/timeline-the-federal-reserve-responds-to
-the-threat-of-coronavirus/
<1% -
http://www.softpanorama.org/Skeptics/Financial_skeptic/Casino_capitalism/Twelve_apos
tles_of_deregulation/Bernanke/index.shtml
<1% -
https://indianexpress.com/article/business/banking-and-finance/cyber-crime-with-vulne
rability-rising-rbi-calls-for-a-safety-net-2928565/
<1% - https://www.head-fi.org/showcase/chord-hugo-2.22209/reviews