‘Fandation’ typo raised red flag in digital bank heist


page image

AML Compliance News: This is one time to be grateful for a typo…

More details are emerging in the digital heist of $100 million from the central bank of Bangladesh. Hackers apparently submitted numerous transfer requests totaling nearly $1 billion dollars, but a typo in one of the first transfer requests raised a red flag.

A Washington Post story Friday detailed how one of the online-payment transfer requests sent through the SWIFT messaging system to the NY Fed included the word “fandation” rather than the correct “foundation.” The first four transfer requests–totaling about $80 million–passed through, but the fifth–for $20 million–included the typo in the name of a non-existent foundation to which the money was to be transferred. According to the Post, a routing bank flagged the transfer as suspicious because of the typo, and this resulted in a request for further confirmation from the central bank in Bangladesh. This chain of events alerted the central bank to the heist in progress, and the nearly three dozen other requests for payment transfers were stopped.

Reuters, which has reported extensively on this crime, reported Friday that central bank officials now believe that malware in the form of a Remote Access Trojan gave the hackers access to computers inside the central bank. Investigators believe that the hackers surveilled the bank for weeks or perhaps longer in order to submit transfer requests that would exactly match the Bangladesh bank’s normal behaviors related to such requests.

Both SWIFT and the NY Fed continue to assert that neither of their systems were compromised. Reuters reports that forensic experts predict that hackers either had an inside person in the central bank in Bangladesh or else the hackers were assisted by an individual(s) who had expert knowledge in these types of digital banking transactions and technologies.

Reuters reports that this hack has banking officials around the world on edge and that leaders of central banks in particular will be paying very close attention to the methods of the hackers and to evaluating their own internal vulnerabilities. Some experts in the field are predicting that this criminal event will spur new standards and requirements in the field.


SURETY Eco–The BSA/AML Software Ecosystem for End-to-End AML Compliance

If the current environment around AML and counter-terrorist financing is keeping you awake at night, contact us today. SURETY Eco, our BSA/AML software ecosystem, is a fully integrated end-to-end AML software solution for the 21st century. This AML system covers the entire lifecycle of your customer relationships–from CDD/KYC on-boarding to sanctions screening to transaction monitoring and FinCEN 314a Compliance. And our commitment to “Comply on the Fly” technology means that this AML ecosystem is fully configurable for immediate adaptation to new regulatory requirements. It’s also user friendly with dynamic workflows, dynamic risk, dynamic question management, and configurable dashboards. It’s the peak of efficiency, effectiveness, and transparency in your AML/CTF Compliance. It’s what you need, and it’s what you will want once you see a personal demonstration. Call us today.