Bangladesh Bank Sues A Philippine Bank Over Cyber Heist
In a fascinating read Bangladesh Bank is suing “Rizal Commercial Banking Corporation (RCBC) in the Philippines, as well as various other organizations and dozens of individuals, with being part of a conspiracy aimed at stealing nearly $1 billion from its New York Federal Reserve account.” Bangladesh Bank believes it was North Korean hackers that were behind this scheme.
The alleged scheme involved hackers and insiders and appeared to be well thought out planned and coordinated. The law suit alleges that the hackers broke into the bank's systems and caused fraudulent payment instructions to be delivered to the New York Fed’s SWIFT inter-bank messaging system. The money was delivered, through the Fedwire system in NYC, to four (4) accounts controlled by RCBC, and the money was quickly dispersed to Philippine casinos. They even are alleging that an employee at one of these banks was seen leaving with about $380,000 cash from one of the fraudulent accounts. Compromised, disenfranchised, and/or disgruntled insiders conspiring with external hackers that have compromised internal processes. Wow. This reminds me of that Bank of America breach out in California where insiders were providing customer personal information to a fraud ring. There were 95 individuals arrested for being involved in that scheme and it ended up costing BoA $10 million.
You don’t often see complicit insiders working with external bad guys, but when you do it is a huge loss for the company.