How a few $10 routers cost a bank $80 million

An investigation into Bangladesh central bank, known for being the almost-victim of a billion dollar hacking heist last month, has revealed how the hackers managed to break into the bank’s system; cheap second-hand routers.

In March, hackers broke into the Bangladesh central bank’s system, managing to steal $80 million before a simple spelling typo by one of those hackers spoiled their attack. The Forensic Training Institute of the Bangladesh police has now revealed that the bank was using second-hand $10 network switches without even a firewall to link its computers, leaving the whole system vulnerable to any veteran hacker.

The Bangladeshi police have managed to track down 20 foreigners involved in the heist but the real hackers still elude the grasp of the law.

The computers in question were also connected to SWIFT global payment system, making it even easier for the hackers to gain access to the credentials required to make high-value transfers straight into their own accounts. To make the matters even worse, the lack of any sophisticated hardware by using such cheap devices has prevented the authorities from making any decent headway into tracing the culprits.

“You are talking about an organization that has access to billions of dollars and they are not taking even the most basic security precautions,” said Jeff Wichman, a consultant with cyber firm Optiv.

Security experts are always recommending against using cheap knockoff hardware, especially if your work involves dealing with private data. But when you are handling such huge transactions, the use of these cheap unprotected routers is simply a disaster waiting to happen.

Source – Reuters