Bangladesh Slams `Incompetent' Central Bank After Hack Theft

Updated on
  • Finance minister says central bank didn't inform him of theft
  • Central bank declines to comment, investigation under way

Abul Maal Abdul Muhith.

Photographer: Andrew Harrer/Bloomberg

Bangladesh’s government lashed out at the central bank in a rare public split as tensions escalate after hackers stole about $101 million from its foreign reserves.

Finance Minister Abul Maal Abdul Muhith vowed to take action against Bangladesh Bank after it failed to inform the government immediately when the funds went missing from an account with the Federal Reserve Bank of New York last month. Other transfers totaling $850 million were blocked, according to the central bank.

“Bangladesh Bank has the audacity not to inform me,” Muhith told reporters in Dhaka on Sunday. “I am very unhappy about it. The handling of the matter by Bangladesh Bank is very incompetent."

Subhankar Saha, a spokesman for Bangladesh Bank, declined to comment on Muhith’s remarks when reached by phone on Monday.

The cyber heist has rattled authorities from Bangladesh to the Philippines, where much of the stolen money ended up. Both governments are cooperating on investigations as they look to figure out how to prevent a similar theft in the future.

Computers Inoperative

Bangladesh Bank is investigating eight officials who carry out foreign exchange transactions by rotation, according to a Finance Ministry official who asked not to be identified because he’s not authorized to speak about the probe. Some of the officials found the central bank’s computer systems inoperative on Feb. 5, a day after the theft, but didn’t immediately inform their supervisors, the official said.

Some of the transfers were blocked because the hackers spelled the name of one of the recipients incorrectly, according to a person familiar with the investigation who asked not to be identified because he was unauthorized to speak publicly. The central bank said it recovered $20 million of the stolen funds, and $81 million is outstanding.

Saha, the central bank spokesman, said that Bangladesh Bank has set up a forensic team led by Rakesh Asthana, chief executive officer of World Informatix, a Virginia-based cyber security company. FireEye Inc. is also involved in the investigation, the company has said.

Flawed Systems

“We can’t disclose any finding of our investigation at this moment as the Federal Reserve Bank and the Philippines are also involved in this whole process,” Saha said.

Muhith last week said the Fed was responsible for the missing money and planned a legal fight to retrieve the funds. A Fed spokeswoman said afterward that instructions to make the payments from the central bank’s account followed protocol and were authenticated by the SWIFT codes system. There were no signs the Fed’s systems were hacked, she said.

“Cyber attacks are not unexpected,” Muhith said on Sunday. “It appears that our protection systems have some flaws.”

The Philippines is cooperating with Bangladesh and will continue investigating until the funds are recovered, Teresita Herbosa, the chairman of the Securities and Exchange Commission, told reporters in Manila on Monday. The Anti-Money Laundering Council is preparing charges in the case, she said separately, without elaborating.

Philippines Bank

Some of the stolen funds that entered the Philippine financial system will be recovered, Herbosa said. She declined to say how much could be returned.

The Philippine Daily Inquirer has reported that the cash may have entered the country via a branch of Rizal Commercial Banking Corp., converted into pesos and deposited in the account of an unidentified Chinese-Filipino businessman who runs a business flying high net worth gamblers to the Philippines.

Lorenzo Tan, Rizal’s chief executive officer, has offered to go on leave during the investigation. He has vowed to cooperate with authorities and condemned “insinuations" that the bank’s management knew about and tolerated the alleged money laundering.

Bangladesh is the 20th most-cyber attacked country, according to a real time cyber threat map developed by Kaspersky Lab, an international software security company.