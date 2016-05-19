The $81 million heist, which the experts have said has been one of the biggest in the history of cyber crimes, was carried out after the hacking of the computer of an official at Bangladesh's central bank, a Bangladeshi diplomat confirmed on Thursday.

John Gomes, Bangladesh Ambassador to the Philippines, revealed this while briefing a Philippine panel investigating how the stolen $81 million from Bangladesh central bank ended up in Manila. He also said that the hackers were neither Filipino nor Bangladeshi. The envoy also demanded Philippines' authorities to immediately return millions of dollars recovered from this high-profile hacking theft. But Filipino officials warned that resolving the case could take months.

How Bangladesh's $81 million heist money ended up in Manila?

On February 4, some hackers used SWIFT credentials of Bangladesh Central Bank employees to send more than 36 requests to the Federal Reserve Bank of New York seeking to transfer nearly $1 billion from Bangladesh Bank's account to bank accounts in the Philippines and Sri Lanka.

The hackers managed to get $81 million sent to Rizal Commercial Banking Corporation in the Philippines with four different transfer requests and an additional $20 million sent to Pan Asia Banking in a single request. However, the Bangladesh Bank somehow managed to halt $850 million in other transactions. The $81 million was deposited into four accounts at a Rizal branch in Manila on February 4.

What role did ‘technicians' play in the heist?

The Bangladeshi authorities had requested SWIFT (Society for Worldwide Interbank Financial Telecommunication) to help its police question technicians who made upgrades to the bank's system to connect a new bank transaction system months before February's $81 million cyber heist. Bangladesh's Criminal Investigation Department (CID) sent an email to SWIFT on Monday saying that it wants to interview the technicians in Dhaka next week.

Investigators believe that the technicians introduced some security holes when they connected SWIFT to Bangladesh's first real-time gross settlement (RTGS) system.

"We have some specific and tangible evidence against the (SWIFT) technicians," said a CID official currently linked to the heist investigation. "They have to defend themselves. The technicians may have acted without the knowledge of SWIFT, in their personal capacity."

Who are those technicians?

Around half a dozen technicians, including some of whom are contract employees, were involved in installing and upgrading the new system at Bangladesh's central bank. Bangladesh has also invited senior SWIFT officials to Dhaka who declined to be named because of the ongoing investigations. The names and nationalities could not be revealed due to the issue being a sensitive one.

The investigators believe that the technicians did not follow their own procedures to ensure the system was completely protected, this being the reason SWIFT messaging at the Bangladesh Bank became very easily accessible.

Bangladeshi authorities blame SWIFT

The Bangladeshi panel investigating the heist has accused SWIFT of making a number of mistakes in connecting up the local network. However, SWIFT has rejected the allegations. SWIFT claims its financial messaging system was secure and had not been breached by the hackers during the heist.

The RTGS, which enables domestic banks and the central bank to settle large transfers between themselves, was installed at Bangladesh Bank in October last year and then connected to SWIFT.

The "fandation" fiasco

One of the hackers misspelled "foundation" in the NGO's name as "fandation", prompting a routing bank, Deutsche Bank, to seek clarification from the Bangladesh central bank, which stopped the transaction, one of the officials said. There is no such NGO with the name Shalika Foundation in Sri Lanka.

What is SWIFT?