Even after 11 months of investigation by half a dozen of the world’s investigative agencies, no suspect has been arrested in a case that has highlighted vulnerabilities in SWIFT.
According to Mohammad Shah Alam, a deputy inspector with the Bangladesh police, who has been investigating the cyber heist of $81 million from Bangladesh’s central bank, the role of a few IT technicians from the central bank needs to be looked into, since he suspects that the suspects have hooked up the bank’s computer systems to the public internet and have thus provided access to the bank’s digital doors to hackers.
Alam stated he was focusing his investigation into why a password token which protects the SWIFT international transactions network at Bangladesh’s central Bank was left inserted in the SWIFT server for months leading up to the heist.
The token should have been removed and locked in a secure vault on a daily basis, once business hours are up at the bank.
Thanks to the token remaining in the bank’s servers, the hackers were able to penetrate the bank’s system when it was not being monitored. The hackers were first able to infect the system with a malware and then were able to exploit the SWIFT system to their advantage, he said.
Alam’s comments in the face of assertions made by Bangladeshi authorities who have faulted central bank officials of nothing more than mere negligence in the heist.
No arrests have been made so far.
When asked to respond to requests for comments, Subhankar Saha, Bangladesh Bank’s spokesman declined comment.
The FBI had no comment on Alam’s claims.
Interpol also was not available for comment.
A spokeswoman for SWIFT declined to comment.
Even after 11 months after the world’s biggest cyber heist, in which half a dozen investigative agencies are involved, there is no sign of cracking the case.
According to Alam, no suspect has been arrested since the investigation into the case is yet to be completed. However, suspects are being monitored.
Help has been sought from government agencies in the Philippines, Japan, Sri Lanka and China, countries in which the hackers are believed to have links, said Alam.