Serious breach of financial security

The US$101 million siphoned off from Bangladesh Bank (BB) by cyber criminals was not only the single largest heist but also the first of its kind. The good news is that $20 million has been recovered from Sri Lanka. The rest remains untraced till date. This is an extremely serious breach of financial security and we are not too sure that the explanation being given that a computer programme (malware), so powerful and sophisticated, was introduced to the system that not only enabled hackers to breach the system but also leave little traces of the crime being committed.

In the same breath, although BB is investigating the crime committed, we do not think the oversimplification of the intrusion is very helpful to the investigation – we must really be alarmed by it. This tendency of explaining away such a huge fraud on malware could very well divert attention away from what could be a different scenario altogether. Very serious questions have arisen. It is understood that the SWIFT code, which happens to be a globally accepted mode that provides secure, encrypted system of electronics payments that has hardly ever been breached, was breached in this case.

It is imperative that BB looks at other possibilities, whether there was an insider involvement. It has been found to be true of past financial scams, whether it is Hallmark or the recent ATM booth events, that there is a general tendency to brush over things. We are looking for a very thorough investigation and are heartened that BB is bringing in foreign experts to track down the criminals. The issue of insider involvement must be looked into and we await a satisfactory conclusion of the investigation by the central bank.