An audacious $1 billion central bank cyber raid was scuppered by a typo
The Financial Times reports that cyber-criminals allegedly hacked the Bangladesh Central Bank's computer system before sending fraudulent requests to the New York Federal Reserve to transfer big chunks of money from its account there. The attack is believed to have happened about a month ago.
The criminals successfully managed to extract $101 million from the Bangladesh Central Bank's account, routing it to bank accounts in the Phillippines and Sri Lanka. But the hackers would have bagged $1 billion if all their requests had gone through, according to the FT.
The scam was only uncovered after a typo was spotted in one of requests. The hackers misspelled the name of a Sri Lankan non-governmental organisation, writing "fandation" instead of foundation. That triggered a check of the request which raised the alarm.
The Bangladesh Central Bank and New York Fed are now rowing over who exactly is responsible according to the FT. Bangladesh has cyber security experts investigating the breach and a spokesman for the bank is quoted by the FT as saying: "We have confidence the stolen funds will be recovered in full."
Justin Harvey, chief security officer of Fidelis Cybersecurity, told Business Insider in an emailed statement: "Spelling mistakes and an unusual amount of activity are tell-tale signs that something untoward is going on and it begs the question whether these were the first slip-ups of the cyber criminals."