New York Federal Reserve $1 Billion Cyber Heist Thwarted by Spelling Error, While Casinos Allegedly Helped Funnel $81 Million

Posted on: March 12, 2016, 12:00h. 

Last updated on: March 12, 2016, 12:01h.

New York Federal Reserve cyber heist
It’s quite unimaginable someone could physically rob the New York Federal Reserve as it’s one of the most secure buildings in the world, but cyber thieves were able to steal $81 million rather easily. Imagine if they could spell. (Image: AP/huffingtonpost.co.uk)

The New York Federal Reserve was in the midst of approving a series of what seemed to be authorized transfer requests by the Bangladesh central bank when it came to light that cyber hackers were the ones scheduling the financial activity.

If you’re thinking cyber-security measures infiltrated the arranged transfers, or the CSI and FBI intercepted the exchange, or the Department of Homeland Security noticed something just didn’t seem right, well…you’d be wrong.

The reality is the hackers themselves made a simple spelling error that alarmed Deutsche Bank employees. That prompted the financial institution to reconfirm with Bangladesh that it did, in fact, want to move millions of dollars from its account held in Manhattan by the New York Fed.

Grade school teachers stress the importance and value of correct spelling to their students, and in this case, poor grammar cost unknown thieves nearly $1 billion.

What We Know Now

Bangladesh representatives first blamed responsibility for the heist on the United States, but New York Fed personnel said there was no evidence of a hack on its end.

A total of $101 million was moved from the Bangladesh account in New York to private entities before the robbery was identified. On February 5, some three dozen requests to move money from its account appeared authentic and validated by Bangladesh officers.

The first payment was for $81 million from four requests and was sent to a non-governmental organization. The money was allegedly moved from the Fed via the Society for Worldwide Interbank Financial Telecommunications (SWIFT) and then allegedly laundered through casinos in the Philippines and Sri Lanka.

The next round of requests was for $20 million and was supposed to be forwarded to the “Shalika Foundation.” The hackers entered the recipient as the “Shalika Fandation,” which prompted routing service provider Deutsche Bank to reconfirm the payment.

When it did, Bangladesh authorities realized the foul play. Reuters still cannot confirm if the “Shalika Foundation” even exists.

The dozens of remaining requests were terminated and likely prevented the thieves from stealing an additional $850-870 million. The $20 million was returned to the Bangladesh account, but the first $81 million is still at large. 

This Spells Disaster

More than a month since the hacking occurred, it’s finally coming to light just how the operation was carried out. Following a week of pointing fingers, it’s apparent the theft started on the Bangladesh side.

Reuters is reporting that the unknown hackers managed to install malware on the Bangladesh government computer system in order to obtain the proper banking credentials. The cyber thieves then likely observed for weeks how the country scheduled and carried out financial withdrawals from its account in New York, an account that has a balance estimated to be around $28 billion.

Investigators probing the case say high-level hackers accessed vulnerable software to plant the malware device.

Solving one of, if not in fact the biggest, cyber heists in the history of the Internet is crucial to aiding in future attacks and tightening online financial security.

In the US, the Federal Deposit Insurance Corporation (FDIC) insures each account holder up to at least $250,000 per bank. However, the question must be asked, “What happens if along with our personal banks, the FDIC is also hacked?”

It’s a scary notion, but the reality of the world in which we now all live.