This article was published on April 25, 2016

Bangladesh Bank robbers can’t spell, but it sounds like they can hack financial software


Bangladesh Bank robbers can’t spell, but it sounds like they can hack financial software Image by: Shutterstock

The hackers involved in last month’s cyber heist of Bangladesh Bank, in which they managed to steal only $81 million of a planned $951 million haul because of a spelling error, might actually be smarter than they were initially made out to be.

Reuters reports that investigators looking into the case previously said that the criminals had merely hacked into Bangladesh Bank’s poorly protected network and grabbed passwords to log into the SWIFT system that allowed them to make transactions.

But according to research conducted by British defense contractor BAE Systems, it looks like the hackers compromised the software so they could erase records of illicit transfers.

The revelation is worth noting because it means the criminals were able to break into sophisticated software and didn’t just stumble upon login credentials on a sloppy network.

SWIFT says that its Alliance Access financial messaging system – which the hackers compromised – facilitates millions of messages a day across more than 2,000 installations worldwide.

It was previously reported that the bank used cheap network switches that only cost $10 a piece to connect to the SWIFT network, and didn’t even have a firewall in place to secure its systems.

The SWIFT cooperative told Reuters that it was aware of malware targeting its software and that it would release an update to address it, along with a warning to its clients to reevaluate their security measures.

Adrian Nish, BAE’s head of threat intelligence, told Reuters that his firm had discovered a piece of malware designed to hide hackers’ tracks by changing information on a SWIFT database on a public repository.

It noted that the malware in question was compiled close to the date of the attack, contained information about the bank’s operations and was uploaded from somewhere in Bangladesh.

However, it’s worth noting that BAE has not probed the infected servers and Bangladesh police have not yet discovered that piece of malware in its ongoing investigation.

Nish added that the “the general tools, techniques and procedures used in the attack may allow the gang to strike again.”

If they plan to do so, the hackers would do well to learn to spell before their next heist. In last month’s case, the group mispelled ‘foundation’, which caused authorities to take notice and prevent further transfers after the initial $81 million made its way out of Bangladesh Bank.

Get the TNW newsletter

Get the most important tech news in your inbox each week.