Sometimes it pays to spend. The central bank of Bangladesh has found that out the hard way, as police are blaming its loss of $80m during a hack on crappy $10 routers.
You might remember that a team of hackers tried to steal vast quantities from the bank earlier this year. Their attempts were brought to a halt because they managed to misspell “foundation” as “fandation”—a typo that was noticed by Deutsche Bank, ultimately bringing the heist to an abrupt end. The criminals did, however, manage to make off with $80 million before they were found out.
Now, Reuters reports that the Forensic Training Institute of the Bangladesh police’s criminal investigation department has carried out an investigation into what went wrong. The team found that the bank was using second-hand $10 network switches without a firewall to link its computers. Perhaps no surprise, then, that it proved incredibly easy to hack. Sadly those computers were connected to the SWIFT global payment system, which meant the hackers were able to gain access to the credentials required to make high-value transfers straight into their own accounts.
Perhaps just as amusing—sorry, alarming—is the fact that the lack of sophisticated hardware is also apparently making it harder to trace the origin of the hacks. While the police has found 20 people who received payments as part of the heist, it admits it’s yet to find the hackers themselves.
A good reminder, if ever there was one, that sometimes you really do get what you pay for.
[Reuters]
