Headline
** Titas seeking foreign aid to install prepaid metres in all households ** A student has his body temperature checked before entering the central library of Dhaka University on Monday amid falling Covid-19 infections in the country. ** 74 lakh cases pending before courts ** Automation of diplomatic bonded warehouse halted ** SSC exams from Nov 14, HSC Dec 2 ** Angry biker sets bike on fire in Dhaka ** Former DU student found dead ** 1,212 new Covid cases, 25 more deaths ** Technical panel to gear up e-commerce sector ** HC orders closure of unauthorized microcredit institutions ** Sheikh Hasina’s 75th birthday today ** German Social Democrats seek allies to form govt ** 15 stranded fishermen rescued ** Pfizer starts large trial for anti-Covid pill ** If VIPs can empty bank's vault then what bank robbers will do? ** Titas for foreign fund to install 1.25m metres ** A large number of pedestrians crossing a busy road in Savar EPZ area ignoring the heavy traffic, while violating rules and risking their lives, instead of using the foot overbridge that is just several feet away. ** 18k river grabbers evicted ** Flat owner gets anticipatory bail over Munia rape, murder ** Fraud case filed against Dhamaka officials ** German polls open to elect new chancellor ** History distortion HC summons Textbook Board Chairman ** Iceland elects Europe’s first female majority parliament ** Covid daily death toll falls further as 21 more die ** Where is the need for Narcotics Department? **

Atiur blames global money transfer system for heist

24 June 2016 bdnews24.com


The former governor of Bangladesh's central bank has defended himself and his colleagues in the $81 million cyber heist in February.
He told New York Times in an interview that flaws in the global money transfer system - and not any misstep by him - are to blame for the brazen heist. Atiur Rahman, who resigned from his post in March after the heist, told the NYT that the loss had been a "systemic failure" and that "Bangladesh should not be blamed for something going wrong in the chain". In particular, he blamed the Federal Reserve Bank of New York, where the central bank had placed the money. "If you want to take $500 out of your account in the US, you'll be asked several questions,'' Atiur told NYT. "But here, millions are going, and you're not asking any questions."
The New York Fed, he added, "should have immediately called someone in Bangladesh - the governor or someone." Atiur also said that he tapped an online security firm a year ago to help the bank beef up its defences but that it could be hired only after the theft because of bureaucratic delays.
His comments go to the heart of fears in the international banking community, says the NYT.
The theft exposed weaknesses in the way the world's banks, companies and other financial institutions transfer money around the globe. SWIFT - the system they use to move that money and through which the money was transferred out of the New York Fed - has since said it has seen other such attempts to steal money from the global banking system. In the case of Bangladesh Bank, the thieves used stolen credentials to try to transfer nearly $1 billion of the central bank's money at the New York Fed to accounts around the world.
About $81 million was ultimately transferred to casinos in the Philippines, where much of it disappeared.
A spokeswoman for the New York Fed declined to comment on Aitur Rahman's remarks but told NYT that the theft had not been the result of a breach of its computer systems. Some experts have said the theft was the result of weaknesses in Bangladesh Bank itself. Local news reports have said the bank used $10 routers and no firewalls. But Atiur disputed the notion that the bank's digital security was lax.
"I made cybersecurity the top of the agenda," he told NYT, adding, "I smelt a year back that this could be a problem. It was my bad luck that this happened now." He said that the bank had tapped Mandiant, a security firm owned by FireEye Inc of the US, as an adviser before the theft, but  bureaucratic tangles in Bangladesh had kept Mandiant from fully joining until after the incident. Dan Wire, a spokesman for FireEye, declined to comment.
SWIFT executives have also been frustrated that some of its users have been slow to disclose a breach in their systems and - in one case - failed to inform the consortium of an attack at all, the NYT report said. SWIFT representatives have suggested to federal officials in the US that banks that cannot maintain a basic level of digital security may have to be removed from the network, a decision that could economically marginalise certain parts of the world. A spokeswoman for SWIFT - which stands for Society for Worldwide Interbank Financial Telecommunication - declined to comment on Atiur Rahman's remarks but told NYT : "Security weaknesses at individual customer firms have an impact on others in the wider financial system, which means that the industry as a whole has to respond by renewing and enhancing its security."
Atiur told NYT that an investigation was continuing and that there might have been negligence at Bangladesh Bank. But he said he was not responsible for any wrongdoing. "As a governor, I'm not supposed to look at each and every small thing." "Maybe someone's password was compromised," he added. "It was a departmental failure and not the fault of the governor. It was a high dosage attack, like a 15 on the Richter scale attack. Other parties could have helped or warned Bangladesh. You cannot imagine my shock."
On speculation that someone within the bank had actively helped the thieves, he said, "If there's a criminal, catch him, but don't blame anyone without reason." He had resigned after the theft for the greater good of the bank, Atiur said. But he defended his conduct after the theft. The former governor has been criticised for not reporting the theft to the government for a month. "I wanted to save the financial system and the image of the country," he said. "It could be a mistake, but it was not a crime," he told NYT, adding, "People should not expect that I'll be technically so smart that I would know from the start what happened."
To steal the money, the thieves sent transfer orders to the New York Fed using the Bangladesh Bank's credentials. The heist was well timed - it took place during Thursday night in Bangladesh, on the eve of the country's weekend. When workers there discovered the transfers on Saturday, they tried to reach the New York Fed, which was closed for its weekend. Atiur Rahman contends that the New York Fed did not do enough to verify that the orders were real. "There was a terrible lack of efficiency from the Fed," he said. "We were sending mails, faxes, but there was no one to pick that up. We need a hotline."
In May, representatives of the Fed, Bangladesh Bank and SWIFT met in Basel, Switzerland, to discuss protecting the global financial system from these types of attacks. Atiur also laid some of the blame on the Philippines, where the theft has exposed what critics say are holes in efforts to counter money laundering. "If the Fed really wants to help, it only needs to make one small phone call to the Philippines central bank governor and order it to return the money," he said. "It's the credibility of the system that's at stake." In March, the agency that tackles money laundering in the Philippines filed criminal charges against two businessmen, accusing them of breaking the country's money-laundering laws by receiving some of the money from the heist. A spokeswoman for the governor of the Filipino central bank, Amando Tetangco Jr, wrote in an email, "Charges have been filed against those who have been identified as being involved in the Bangladesh heist. We await the decision of the courts."

Add Rate