Software, printer problems delayed discovery of Bangladesh heist

Reuters News
|
Posted: Mar 16, 2016 3:35 PM

By Serajul Quadir

DHAKA (Reuters) - The cyber thieves who stole $81 million from Bangladesh Bank appear to have hid their tracks by manipulating a central bank computer and printer that connect to the SWIFT messaging system to hide evidence of the heist, according to a report filed with local police.

    The report, filed by two central bank officials on Tuesday evening, said that a computer the bank uses to order SWIFT wire transfers was manipulated so that authorities could not see records of outgoing wire transfer requests or receipts confirming that they had been received.

Details about the issues with the computer and printer were among the first clues to surface as to how the attack was carried out.

    The computer is supposed to keep those records so they can be easily reviewed by bank staff, according to the report.  

    The officials saw the first signs that something was off on Feb. 5, when they noticed a glitch with a printer that is set up to automatically print all SWIFT wire transfers.

    When they identified that the previous day's transactions had not been printed, they attempted to manually print them but were unable to do so, according to the report, which was reviewed by Reuters on Wednesday.

    One official asked that the printer be repaired before leaving the office that day, which was a Friday and the first day of the weekend in Bangladesh. Other bank employees later decided to wait until the next day to fix it, according to the report.

    When the officials tried to access the computer the bank uses to send SWIFT messages, they got messages saying a file NROFF.EXE "is missing or changed.”

    They were eventually able to access the SWIFT messaging system on Feb. 8 and print out messages after obtaining clearance to use other means to access the system from senior bank officials.

    When they printed the SWIFT messages there were three from the New York Fed seeking information about several suspicious transactions, which flagged them to the heist that this week resulted in the ouster of the central bank's governor. [L3N16N486]

A representative from Brussels-based SWIFT, a bank-owned cooperative that runs a secure private messaging system widely used for requesting money transfers, declined comment on Wednesday.

    SWIFT last week issued a statement saying that it was working with Bangladesh's central bank "to resolve an internal operational issue at the central bank." It added that "SWIFT’s core messaging services were not impacted by the issue and continued to work as normal." [L1N16J1NU]

(Reporting by Serajul Quadir in Dhaka; Writing by Jim Finkle in Boston; Editing by Meredith Mazzilli)