Hackers steal $81 million from bank thanks to crappy $10 routers

You should never blame the victim—but sometimes, it’s hard not to point a finger in their general direction.

An $81 million bank heist, perpetrated by hacking into the networks of Bangladesh’s central bank, was made easier because the bank used second-hand $10 routers to connect to global financial networks and neglected to use a firewall for security, Reuters reports.

The hackers tried to take nearly $1 billion from Bangladesh Bank in February 2016 but succeeded in taking only a fraction of that amount due to mistakes made.

A firewall would have made the heist “difficult,” Mohammad Shah Alam, a forensic investigator on the Bangladeshi investigative team, told Reuters. The cheap routers, then, hamstrung the investigation because they collected so little network data.

A more capable router could have cost hundreds of dollars.

When hackers gained access to Bangladesh Bank’s network, they transferred cash from Bangladesh’s account at the Federal Reserve Bank of New York. Some $100 million was traced to Sri Lanka and the Philippines. Over $20 million was recovered, but $81 million remains out of hand.

What finally stopped the thieves from getting away with the full billion-dollar haul was a spelling mistake on the fraudulent transfer orders that flagged the heist for the bank staff that was, until then, completely ignorant of the mass siphoning of cash going on under their noses and through their network.

No one involved in the heist has been accused, identified, or caught.

H/T Reuters

Patrick Howell O'Neill

Patrick Howell O'Neill

Patrick Howell O'Neill is a notable cybersecurity reporter whose work has focused on the dark net, national security, and law enforcement. A former senior writer at the Daily Dot, O'Neill joined CyberScoop in October 2016. I am a cybersecurity journalist at CyberScoop. I cover the security industry, national security and law enforcement.