Federal Reserve officials deny the incident took place. Serious accusations have been made today by Bangladesh’s central bank, which has said that hackers breached its US Federal Reserve account and stole a large amount of money.
The allegations were made by Bangladesh officials after central bank employees noticed that a large chunk of their funds went missing from a foreign account set up by bank officials at the US Federal Reserve Bank of New York.
The Federal Reserve Bank’s New York branch is where over 250 foreign banks, governments, and large financial institutions have accounts and keep their funds, due to the bank’s high-end security measures.
Bangladesh’s money was rerouted to accounts in the Philippines
Now, Bangladesh officials are saying that someone managed to penetrate their account and steal some funds. Bangladesh bank officials have stated that they’ve tracked some of the money to the Philippines and have recovered a part of the stolen sum after working with local authorities specialized in anti-money laundering operations.
Bangladesh central bank officials have declined to say how much the hackers stole.
In a statement for Reuters, a Federal Reserve spokesperson has declined to acknowledge the incident, saying that, on their end, the bank did not detect any sign of an intrusion.
This means that there is also the real possibility of an inside job, with someone from inside Bangladesh’s central bank aiding the hackers.
US Federal Reserve Bank had been hacked before
While the Federal Reserve Bank of New York is considered a standard in bank physical and electronic security, this particular branch had been hacked before.
The event took place in 2012, when British hacker Lauri Love and other co-conspirators leveraged SQL injections and ColdFusion vulnerabilities to gain access to some of the bank’s data. British law enforcement eventually arrested Love in October 2013.
Another incident involved the Saint Louis branch of the US Federal Reserve Bank, in May 2015, when the bank’s IT department initiated a password reset for all customers following a DNS hijacking incident.