Meet the malware that screwed a Bangladeshi bank out of $81m February's hack against Bangladesh's central bank that netted $81m in diverted funds is one of the biggest cyber heists of all time. Now researchers think they've found the malware that did it. A sample of the software nasty was obtained by researchers at defense contractors BAE Systems. The malware appears to have been custom …
This post has been deleted by its author
Please don't hack me with machetes (or the other Bangladeshi past time throwing acid on people) as I am no fan of random bloggers either. Oh wait that's right I won the lottery of life and live in the %15 of the world that is not a total ass pit (though long term shrug). Not through karma I suppose. But for the grace of $DEITY I could have showed up today for my 16 hour shift in the garment sweat factory that suddenly had two floors added illegally and quite shabbily overnight.
"Wow, blame a country for being poor and for its people working hard,"
Its perfectly possible to have an opinion about a country without that being an automatic slur against its people. FWIW Bangladesh IS a dump and there's no point trying to pretend otherwise. However there should be sympathy for people struggling to survive there and in similar run down parts of the world.
The people whose culture is completely immediately self destructive like at least half the world. They complain about the world's policeman but are always complaining how the West doesn't fix their self inflicted problems and doesn't just give them money. They hate the West until they get on the rickety boat in the middle of the night to go there. Still let them come as they and we can prosper. Funny how much of a difference it makes when you care about things like rule of law over your tribe. Color of skin does not matter but what culture you live in sure does.
I have faith in humanity as a whole if not in most of its short bus cultures. For example I do believe its very likely somebody with Afghan heritage may truly change the world for the better in the next century but I also am reasonably sure Afghanistan itself will not be developed in a century.
Maybe I'm being old-fashioned in some way, but why go for almost a billion like they planned? Most folks I know would be happy and content with a just few million. Do the miscreants have obscene expenses?
The other thought comes to mind is maybe miscreants such as this are state actors channeling the funds into their government's coffers since governments do love money coming in.
"why go for almost a billion like they planned? Most folks I know would be happy and content with a just few million. "
They went for nearly a billion and got barely 8% of that. If they'd aimed for just a few million, they might have run into similar issues but could perhaps have achieved a 100% take - and ended up with a tenth as much money as they actually did. What would be the benefit? As it is, if they don't want/need some of the money, they can just leave it uncollected at the laundry, give it to charity, set fire to it, do whatever they want.Having more money usually gives you more options than less money.
I suspect it's just someone playing the probabilities game - make lots of transactions in the expectation most will fail and/or be successfully traced before they can be cashed out, and hope what's left after paying off the middlemen makes it worthwhile.I don't know how much it costs to launder cash but it wouldn't surprise me if the ~$80MM ends up as a tenth of that - which is about enough to support a couple of people in a lavish lifestyle in the third world or a very comfortable one in a developed country.
Perhaps they don't plan to collect it all. 95% could be used to build false trails and abandoned still leaving a healthy payoff. Split the money up and move it as many times as possible. I don't know which countries are hardest for Globo-Plod to follow the money through but I'd be finding out if I had something like this in mind. Some countries will allow automated follow-the-money enquiries and so are no help in hiding the loot. Any country that requires transaction data requests to be hand written (signed in triplicate, sent in, sent back, firelighters etc) is going to be really handy to know about.
SWIFT typically uses a minimum of a not Cisco redundant small gateway/firewall at the client end of the circuit.
The perpetrators of this experience must have had very elevated access on the client side of network to execute these trades.
ANON because.
Why go for a billion? The conversation probably went something like this.
Dr. Evil: ... we hold the world ransom for... ONE MILLION DOLLARS!
Number Two: Don't you think we should ask for *more* than a million dollars? A million dollars isn't exactly a lot of money these days. Virtucon alone makes over 9 billion dollars a year!
Dr. Evil: Really? That's a lot of money.
[pause]
Dr. Evil: Okay then, we hold the world ransom for...
Dr. Evil: One... Hundred... BILLION DOLLARS!
Simple, punishment is inversely proportional to the crime. Steal $10 and go to jail for years. Steal billions, get a verbal slap on the wrist and keep the money. We saw this happen just a few years ago. Kill one person, go to jail for a long time or get killed by the state while war makers often go unpunished after killing thousands or millions.
The answer is pretty simple: Bankers are greedy. It is the nature of the beast.
FTFY.
The job certainly benefitted from banking industry inside information... the database and message details, how transactions are printed for confirmation, how to search for a vulnerable terminal in a different bank so that you don't get caught immediately... maybe even the transaction size was chosen to be less suspicious - "small" might be a red flag.
"Note: Most crooks are caught due to this flaw, or trying to brag about their exploits."
The classic example of this is the guy who hit the repeat button whilst the computer was printing his paycheck - around 80 times.
He was only caught because he attempted to bank them all at once
Interesting how these funds keep getting "diverted" - in the old days you grabbed some jewelry and accepted that $1,000,000 of jewels translated to about $300,000 in clean money, with expenses you would net less but still something that you could put in a suitcase and retire on.
But what do you do with $81,000,000? You've already laundered it so there's no need to fence it - that's a lot of money and it's a safe assumption that no matter what insurance policy you've set up you'll be watching your back for the rest of your life. However long that is.
So I tend to think that this is more like a state financed or agency generating some cash for "black" expenditures. Let's face it, the NSA, GCHQ, FAPSI and other nations versions of these organizations have all the tools necessary for this sort of operation.
"$5M Would go a long way in Dhaka though."
But what makes you think that anyone responsible for this is in Dhaka now - or was there in the first place?
The network was completely open, which means that any compromised system inside it could have been used to compromise the SWIFT terminals - a lot of stuff that's assumed to be on a "private/secure" network has no security of its own - the assumption is all that's been done already and so only trusted people are getting access(*).
(*) This is STILL the case with the international phone number routing tables (somewhat akin to BGP4) and has been repeatedly exploited in various international calling scams.
>But what do you do with $81,000,000?
>Share it amongst all of the people involved in the crime, and use some of it to bribe various officials to keep the heat off. Maybe an individual would be left with less than $5 million.
After reading about the real Lufthansa heist the score if anything is the easy part. A good night's rest the rest of your life quickly becomes optional.
>So I tend to think that this is more like a state financed or agency generating some cash for "black" expenditures.
They do, but I'd guess they also have a black budget for off-the-books projects. When was the last time you heard of GCHQ or the NSA being short of cash?
More likely it was a nation state that needs/wants US dollars, or one of the more organised criminal supergangs.
Or both.
" SWIFT said that the attack didn't exploit a vulnerability in its security systems and was entirely dependent on an attacker compromising a local terminal."
Including your terminals within your security system boundaries might be a good idea. After all, they're the obvious points of attack.
IIRC the SWIFT terminal (supplied by SWIFT and acting as the endpoint of the SWIFT network) is pretty much a locked box, but a SWIFT member organisation is responsible for writing and implementing the code (local terminal) on their system that exchanges messages with the SWIFT terminal.
SWIFT supply a test suite that verifies that the member's software has correctly implemented their side of the link to the SWIFT terminal. The member won't be allowed to connect to the SWIFT terminal until it gets a pass from the test suite.
Apart from that, the security of the member's local terminal is, like the rest of their financial system, 100% their responsibility.
It's not a vulnerability on the SWIFT side which is why they aren't footing the bill. Their network is more secure than any of my other previous employers, including Air Traffic Services. If they are culpable at all it is for allowing the Bangladesh Bank to join their network.
It seems suspcious that the Bangladesh Bank was seup using $10 second hand switches unable to isolate the SWIFT terminal, not just criminal incompetence and more likely a designed in vulnerability.
There were 36 fraudulent wire transfers, and only 5 were successful, so these were very high value transactions. Rizal Commercial Banking Corporation's branch manager Maia Santos Deguito took $427,000 from one of the laundery accounts in the Philipines, but the main criminals appear to be Chinese with a very good knowledge of SWIFT terminals and procedures.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2023
