Proofing your work is important. We’ve known that since school days, but you would think when you have the chance to swipe a billion dollars in an international bank heist, you’d make sure you dotted all the i’s and crossed all the t’s. That didn’t happen in the case of one hacking group though, which made away with a comparatively paltry $80 million because they made a spelling mistake when transferring the ill gotten gains.
The hack in question took place at the start of February and targeted Bangladesh’s central bank, which was breached in a manner that did not initially raise any suspicion. The hackers then used that official channel to contact the Federal Reserve Bank of New York, and began issuing transfer orders that sent millions overseas.
Requests successfully directed over $80 million to accounts in the Philippines and Sri Lanka, with further planned payments of over $850 million. However one $20 million payment request was flagged by the routing bank, Deutsche Bank, when it was noticed that the name of the recipient organization, Shalika Foundation, was spelled “fandation” (as per the Guardian).
Related: Department of Defense recruits white hats for ‘Hack the Pentagon’ program
With that request flagged, all others were halted as a routine security measure and it was soon discovered that these transactions were anything but approved by the Bangladeshi bank. Some of the sums were also noted for their surprising size, though individually that may not have been enough to manually vet the transfers.
The Bangladeshi bank holds billions of dollars with the Federal Reserve and could potentially have seen much of it disappear if this spelling mistake had not triggered a further inquiry.
Now, more than a month on from the hack, officials at the Bangladeshi bank say that they have been able to recover some of the funds, but that there are still many millions outstanding. Moreover, it’s still not entirely sure how the bank was hacked in the first place.
The bank sees it as extremely unlikely that those who perpetrated the hack will ever be caught, suggesting that this was a highly successful digital attack. Although the nationality of the thieves is unknown, they are thought to originate from outside of Bangladesh.
Suggestions from security analysts indicate that the hack would have required intimate knowledge of the Bangladeshi bank’s internal systems, so it’s possible someone on the inside was either involved, or that the bank’s information was otherwise compromised.
