Bangladesh Bank Chief Resigns After Cyber Theft of $81 Million
By RICK GLADSTONE

A spreading scandal over the mysterious electronic theft of $81 million from Bangladesh’s official account at the Federal Reserve Bank of New York prompted the governor of that country’s central bank to resign Tuesday, and three of his subordinates were fired.

They were the first political casualties since the theft came to light this month, when news reports from the Philippines said unidentified hackers using official electronic bank messaging technology had diverted the money in early February. Most or all of the stolen money, one of the biggest electronic heists in history, is thought to have been transferred to accounts in the Philippines.

The Bangladesh central bank governor, Atiur Rahman, a widely respected economist, appeared to be caught by surprise, having learned of the theft only from Philippines news reports about a money-laundering investigation there. Last week he threatened to sue the New York Fed, a critical global financial gateway that holds the deposits of many foreign central banks.

The New York Fed said in a statement last Wednesday that the transfer of the money had been “fully authenticated” by an international financial messaging system, known as Swift, suggesting that there may have been a security breach in Bangladesh. The Fed statement said its systems had not been compromised.

With pressure intensifying to explain how such a theft could have happened, Mr. Rahman submitted his resignation on Tuesday, and Bangladesh news agencies said it was accepted by Prime Minister Sheikh Hasina.

The news agencies also said the Finance Ministry had dismissed two deputy central bank governors and the Bank and Financial Institutions division secretary, who were all accused of having kept the theft a secret from their superiors.

Mr. Rahman, who had held the central bank post for seven years, said in Dhaka that he had been conflicted about the decision to resign. He also said he had informed foreign law enforcement authorities and had brought in cybercrime specialists to help investigate.

“Such cyberattacks are happening across the world,” Mr. Rahman said, according to news accounts from Bangladesh. “We are new in facing such attacks. We lack experience.”

A spokeswoman for FireEye, a computer security company in Milpitas, Calif., confirmed on Tuesday that its forensics division Mandiant was helping to investigate the Bangladesh theft.

Reuters, quoting unidentified banking officials, reported on March 10 that the hackers appeared to have been intent on transferring nearly $1 billion out of Bangladesh’s account, with nearly three dozen messaging requests. They succeeded with four requests, totaling $81 million, to move money to the Philippines, before a fifth attempt, for $20 million to be sent to Sri Lanka, was stopped because the hackers misspelled the recipient’s name as the Shalika Fandation instead of the Shalika Foundation.

The banking officials also were quoted as saying they were suspicious because of the unusually high number of transfer requests, so they alerted the Bangladeshis.

Why a month elapsed before the news came to light remains unclear, as are the prospects for recovering any of the money.

While incomes and living standards have improved, Bangladesh remains one of the poorest countries in the region. A 2014 study by Oxford University, using data on the percentage of the population considered destitute, ranked Bangladesh as the third-most impoverished in South Asia, after Afghanistan and India.

The resignation and firings in Bangladesh came as testimony in a Philippines Senate panel hearing about the money-laundering investigation suggested that most of the purloined Bangladesh funds had been delivered, in dollars and Philippine pesos, to three Philippines casino operators. An anti-money-laundering law in the Philippines does not apply to the gambling industry.

The senator leading the hearing, Teofisto Guingona III, said the loophole abets money laundering, an important ingredient in the crime that victimized Bangladesh’s central bank.

“The funds can easily be traced until the casinos,” the senator said, according to the Philippines News Agency account of the hearing. “Once it is in the casino, it seems it was a dark cave, it was just one big cave, a black hole which we cannot trace anymore.”

印表機凸槌 孟加拉央行被駭盜27億元

孟加拉中央銀行海外帳戶遭駭客盜走八千一百萬美元（約台幣廿七億元），根據央行兩名官員向警方提交的報告，是因駭客植入惡意軟體，操控央行的印表機隱匿存款遭到盜取的紀錄。

被駭走巨款的是孟加拉央行在紐約聯邦準備銀行的帳戶。報告指出，央行用來進行國際轉帳電匯款項的一部電腦和一部印表機遭到駭客入侵操縱，以致央行無法看見要求匯出電匯與確認收到電匯的紀錄。

也因此，匯款在央行毫無察覺下，進入駭客指定的帳戶。駭客企圖盜走約十億美元，最後得手八千一百萬美元。

孟加拉銀行和轉帳系統連接的電腦，理應保存可讓職員輕易查看的匯款紀錄。二月五日官員發現印表機故障，未自動列印所有電匯紀錄。

因當天是星期五即將休假，並未立即將系統修復，二月八日星期一官員進入電腦系統列印出訊息，發現紐約聯邦準備銀行傳了三則訊息，詢問數筆可疑匯款的資訊。在這四天空檔，駭客已將贓款匯入菲律賓銀行帳戶，轉匯往當地賭場進行洗錢。

孟加拉央行總裁拉曼和兩名副總裁已因這樁有如電影情節的醜聞丟官。

菲國調查人員仍在了解，這些錢如何轉至菲國以及後來下落。

菲國賭場不受許多反洗錢法令規範。菲國參議員歐斯曼納說：「他們挑我們洗這筆錢，因為我們的體系充滿漏洞。數十年來我們一直想修法，但在國會過不了關。」

原文參照：
http://www.nytimes.com/2016/03/16/world/asia/bangladesh-bank-chief-resigns-after-cyber-theft-of-81-million.html

Video：Atiur Rahman, the governor of Bangladesh’s central bank, resigned on Tuesday after hackers stole $81 million from the country’s official account at the Federal Reserve Bank of New York.
http://nyti.ms/1UzeYtp

2016-03-18．聯合報．A17．國際．編譯王麗娟