Bangladesh Bank heist explained by a cybersecurity firm

[ThirstyMoon]

"In February 2016 one of the largest cyber heists was committed and subsequently disclosed. An unknown attacker gained access to the Bangladesh Bank’s (BB) SWIFT payment system and reportedly instructed an American bank to transfer money from BB’s account to accounts in The Philippines. The attackers attempted to steal $951m, of which $81m is still unaccounted for."

http://baesystemsai.blogspot.bg/2016/04/two-bytes-to-951m.html

A really interesting read, though the toolkit of the operation is not fully uncovered.

"The wider lesson learned here may be that criminals are conducting more and more sophisticated attacks against victim organisations, particularly in the area of network intrusions (which has traditionally been the domain of the ‘APT’ actor). As the threat evolves, businesses and other network owners need to ensure they are prepared to keep up with the evolving challenge of securing critical systems."

[1715048152]

1715048152

[1715048152]

1715048152

[1715048152]

1715048152

[Kprawn]

These guys are not your basic script kiddies... the level of knowledge needed to pull this off is significant and narrows the scope of people, who would be capable to do this. I also think this might be

orchestrated and combined with people working within these institutions. They have too much access to privileged information to be a outsider. I agree with this statement.. "  The tool was custom

made for this job, and shows a significant level of knowledge of SWIFT Alliance Access software as well as good malware coding skills.  " These people are professionals and very good at hiding their

tracks... This is one of the major reasons why SWIFT { a centralized service} needs to shift to a decentralized Blockchain solution like Bitcoin. 

[Quartx]

These guys are not your basic script kiddies... the level of knowledge needed to pull this off is significant and narrows the scope of people, who would be capable to do this. I also think this might be

orchestrated and combined with people working within these institutions. They have too much access to privileged information to be a outsider. I agree with this statement.. "  The tool was custom

made for this job, and shows a significant level of knowledge of SWIFT Alliance Access software as well as good malware coding skills.  " These people are professionals and very good at hiding their

tracks... This is one of the major reasons why SWIFT { a centralized service} needs to shift to a decentralized Blockchain solution like Bitcoin. 

Even if they were not script kiddies, the bank security members were definitely cute kiddies. No enterprise networking equipment for a bank at all speak volumes about security

[Evildrum]

http://www.npr.org/sections/thetwo-way/2016/05/27/479760450/north-korea-linked-to-81-million-bangladesh-bank-heist?utm_source=twitter.com&utm_campaign=npr&utm_medium=social&utm_term=nprnews

North Korea Linked To $81 Million Bangladesh Bank Heist

Thought some of you might be interested in a follow up to this issue and who was behind it.