Bangladesh Bank files suit to recover money lost after cyberattack

Bangladesh Bank suffered a security incident that resulted in a millionaire robbery; they point to the possible participation of North Korean hackers

According to ethical hacking and network security experts from the International Institute of Cyber Security, Bangladesh Bank has filed a lawsuit with the federal Court of new York to try to recover the approximately 80 million of dollars.

In the lawsuit, the central bank of Bangladesh accuses the Philippine financial institution Rizal Commercial Bank Corp. (RCBC), in complicity with other institutions and individuals, to be part of a conspiracy to rob about one billion dollars from the Bangladesh Bank account at the New York Federal Reserve.

According to reports of network security specialists, the conspirators injected a variant of malware into the bank’s systems, thus being able to send fraudulent messages through the SWIFT interbank system. The attackers managed to steal 100 million dollars, of which about 81 million have not yet been recovered.  

An investigation conducted by the U.S. Department of Justice (DOJ) has concluded that these funds were transferred to four RCBC-controlled accounts and then distributed through multiple casinos in the Philippines. All accounts were registered with false names.

Bangladesh Bank, for its part, is responsible for these attacks to groups of hackers sponsored by the North Korean government, and also states that these groups were responsible for sending the assets to the Philippines.

Network security specialists believe that the attackers were able to use Fedwire (an electronic transfer system designed by the U.S. government) to expedite the transactions of these large sums, which was instrumental in completing the attack. “The use of the Fedwire system was vital for the conspiracy, as it allowed the attackers to transfer money to the intermediaries without delay.”

Although Bangladesh Bank has formally initiated the legal process, it is still unclear whether the court has jurisdiction or whether the U.S. law is applicable in this case. The demand emphasizes how the U.S. Fedwire system was adjusted to the hacker scheme; however, most of the money laundering process was carried out outside of North American territory.

Still, the central Bank of the Philippines (BSP), decided to investigate on its own to RCBC and impose a fine of 1 billion Philippine pesos (about $20 million dollars). In addition, in December 2016, the governor of the Bangladesh Central Bank, Mohammed Farashuddin, stated that a government-integrated committee to investigate the robbery pointed to five RCBC officials as guilty of the incident. 

Finally, on 10 January last, a court of first instance of the Philippines that convicted the administrator of the RCBC, Maia Santos Deguito, of eight charges of money laundering and imposed a fine of 109 million dollars, in addition, the officer faces a sentence of up to 56 years in prison. The defendant anticipates that they will appeal this sentence.