Bangladesh Bank, NY Fed and SWIFT Vow to Solve $81 Million Heist

Updated at 4:40 p.m. ET on 2016-05-10

Officials from Bangladesh’s central bank, the Federal Reserve Bank of New York and the Society for Worldwide Interbank Financial Telecommunication (SWIFT) agreed Tuesday to cooperate to solve the cyber theft of U.S. $81 million from the Bangladeshi bank in February.

Representatives of the three organizations met in Switzerland to discuss efforts to solve the cybercrime, the largest such theft in Bangladesh’s history.

“All parties stated their concern over this event and their continued commitment to work together to normalize operations,” said a joint statement issued by the SWIFT and the two banks.

“The parties also agreed to pursue jointly certain common goals: to recover the entire proceeds of the fraud and bring the perpetrators to justice, and protect the global financial system from these types of attacks,” the statement added.

The action followed reports that Bangladesh officials were examining the possibility that an inside source had a role in the electronic transfer of $81 million in Bangladeshi central bank money held in an account at the New York Fed.

“We have seen some inside activities,” Mohammad Shah Alam, head of the forensic wing of the Bangladesh’s criminal investigation department, told BenarNews, in response to a media report that the U.S. Federal Bureau of Investigation (FBI) was investigating possible insider involvement at the Bangladesh Bank.

“I, at this stage of investigation, do not want to say that the central bank officials were involved. Some people have been on our watch-list,” Alam said. “It is not possible for me to pinpoint the officials now.”

The Wall Street Journal on Tuesday reported that sources said the FBI found evidence of at least one bank employee acting as an accomplice.

The FBI told BenarNews it did not have any information to release about the bank heist.

‘SWIFT was not responsible’

The theft came to light in a report in a Philippine newspaper report on Feb. 29, more than three weeks after it occurred.

As the story developed, Bangladesh’s central bank posted on its Facebook page that thieves had hacked into its cyber system and placed 35 payment orders with the New York Fed using the bank’s SWIFT code. Five of the orders were cleared while a spelling error froze the others.

Prior to Tuesday’s meeting, Alam said his officers were still investigating SWIFT’s possible responsibility in the heist, by focusing on connectivity.

“We have seen Bangladesh Bank’s SWIFT system was connected with the Internet. This allowed the criminals to hack the Bangladesh Bank system,” Alam said, pointing out that such access should not have been possible. He said SWIFT authorities created loopholes in the system.

SWIFT rebuked Alam’s statement, saying the accusation had no basis in fact.

“SWIFT was not responsible for any of the issues cited by the officials, or party to the related decisions,” it said in a news release on Monday that announced Tuesday’s meeting.

“As a SWIFT user like any other, Bangladesh Bank is responsible for the security of its own systems interfacing with the SWIFT network and their related environment – starting with basic password protection practices – in much the same way as they are responsible for their other internal security considerations,” SWIFT said.

Most of the money still missing

On March 31 and April 4 and 19, a businessman in the Philippines returned nearly $10 million of the stolen money, which was wired from the New York Fed to banks in the Philippines and Sri Lanka. The businessman, casino junket operator Kim Wong, surrendered the money to the Philippine Anti Money Laundering Council and testified before the Philippines Senate.

In his testimony, Wong named two Chinese nationals and a Philippine banker who used his casino to launder the money.

At the same time, Bangladesh investigators announced they suspected that 20 foreigners including citizens from Sri Lanka, the Philippines China and Japan, had participated in the theft.