Proof Reading: The Difference Between $80 Million and $850 Million

Foundation. One relatively average word that brought down a scam worth nearly $1 billion. On February 5, 2016, the Federal Reserve Bank of New York received a succession of requests seemingly from the Bangladesh Central Bank in Dhaka. If the 35 requests had gone unchallenged by the New York bank, just over $850 million would have been lost in a single weekend.

The Federal Bank released a statement that the requests “were fully authenticated by the SWIFT messaging system in accordance with standard authentication protocols,” and all requests had the proper bank codes. The hackers knew that the Bangladesh Central Bank would be closed Friday and Saturday, and that the New York bank would be closed both Saturday and Sunday, giving them the perfect time to strike unnoticed.

bank[i] Image retrieved from Die Hard Wikia

While large transfer requests and payment instructions between banks in not unheard of, the unusually large number requested to private entities did raise suspicions at the Federal bank. Simultaneously, four requests totaling approximately $80 million, went through before the Bangladesh Bank returned to work and detected the fraudulent transfers and requests.

A fifth transfer for $28 million however was stopped. A spelling mistake in the transfer is what tipped the banks off, the hackers misspelled the name of the recipient non-profit organization – Shalika Foundation, with a spelling of “fandation.”

How the hackers were able to gain bank credentials is still unclear. Spotting the irregularities and the spelling errors, certainly stopped the cyber-heist from achieving its target of approximately $850million. Although, the unknown hackers still managed to get away with $80 million, one of the largest bank thefts in history.

Secure Sense partner FireEye, investigators of some of the biggest cyber thefts on record, has deployed their Mandiant forensics division to help investigate the heist. To read more about how FireEye responds to the most critical breaches, read here.

Connect with Secure Sense to protect data, your network, and systems 24/7, 365 days a year. If you have questions or want to learn more, please contact Secure Sense by calling 866-999-7506.

You can find Secure Sense on Facebook,  LinkedIn and Twitter. Follow us for current company and industry news.


[i] Yes, this is the bank from Die Hard: