Officials claim to have made much progress in Bangladesh Bank reserve heist investigation but many questions still remain unresolved even though nine months have passed since the biggest financial crime took place.
Police's Criminal Investigation Department (CID) is investigating the $81 million digital heist. Officials linked to the probe now say that they have started to get a clear idea about the heist process. The whole picture is likely to be completed if the international agencies and countries involved cooperate properly.
The investigators have so far found the involvement of at least seven officials of the central bank. The number may rise at the end of the investigation. On the other hand, another investigating source says that at least 23 foreigners of six countries took part in the digital heist.
CID sources said that the heist procedure had started months ago with installing RTGS (Real Time Gross System) with the central bank's SWIFT network which in fact weakened the SWIFT system.
Also Read- Even after heist revelation, burglars thriving inside Bangladesh Bank HQ
The investigators have received evidence that the bank authorities were in a fix over implementing the project though the agreement was signed in 2014. It was supposed to be completed by February 2016, and later the deadline was extended until April.
But all of a sudden, in April 2015, they started working on the matter and started implementing the project in late October.
The investigators have found that the central bank had four fibre network connections from two separate companies, which was enough to ensure uninterrupted network; but the authorities wanted to connect RTGS to the SWIFT server.
Besides this, a number of foreigners visited the central bank from time to time, but those were not mentioned in the register logs and their activities were not monitored properly.
Also Read- Investigator: Some Bangladesh Bank officials involved in heist
“The foreigners could be banking experts but the authorities were supposed to check their connections,” a senior CID official said seeking anonymity. “This incident indicates incompetency of the officials if they are not involved in the conspiracy.
CID officials said that the assistance from US cyber security firm FireEye and SWIFT had not helped them much, except for identifying the malware.
“The suspected Bangladesh Bank officials will be interrogated to find concrete answers. They will have to clarify their position,” the CID official added.
Abul Kalam Azad, joint secretary of Bangladesh SWIFT users, told the Dhaka Tribune that one of the core security measures for SWIFT is that the computers used for transactions must be kept isolated from other networks and computers.
Also Read- RCBC denies responsibility, blames Bangladesh Bank for cyber heist
“It is definitely not only negligence. We are yet to confirm if Bangladesh Bank officials were involved in the heist directly or their professional incompetency led the heist,” CID’s Additional DIG Shah Alam said.
Bangladesh Bank Executive Director Subhankar Saha could not be reached over the phone for comments despite repeated attempts.
Another investigation source said that they had found the involvement of at least 23 foreigners from the Philippines, Sri Lanka and some other countries.
The transaction was made in two major portions – one went to the Philippines and another to Sri Lanka. The Philippines conspirators had got their portion but the other transaction was unsuccessful as the bank concerned acted responsibly.
Also Read- SWIFT confirms new cyber thefts, hacking tactics
Here comes the matter of responsibilities on the part of RCBC bank in the Philippines. They disbursed the money despite learning about the Bangladesh Bank’s request not to release it. The money was withdrawn through a small branch of the RCBC and it was their biggest transaction till date.
The investigators have found the involvement of 16 RBRC officials and seven from Sri Lanka. Moreover, names of many gamblers also came up during the investigation.
The CID has already received information about the people who withdrew the money but the agency is taking time since the police of the Philippines, Sri Lanka and some other countries are yet to turn in their reports.
CID official Shah Alam said that the central bank’s delaying in filing of the case helped the hackers conceal evidence. “If all the countries concerned consider the criminals as criminals and provide the CID with information and evidence they have got, it will be easy to trace every criminal.”