He is Missing, Bank Hack of $90 Billion

HackerNews: Tanvir Hassan Zoha, a 34-year-old security researcher, who spoke to media on the $81 Million Bangladesh Bank cyber theft, has gone missing since Wednesday night, just days after accusing Bangladesh’s central bank officials of negligence.

Zoha was investigating a recent cyber attack on Bangladesh’s central bank that let hackers stole $81 Million from the banks’ Federal Reserve bank account.
Though the hackers tried to steal $1 Billion from the bank, a simple typo prevented the full heist.
During his investigation, Zoha believed the Hackers, who are still unknown, had installed Malware on the bank’s computer systems few weeks before the heist that allowed them to obtain credentials needed for payment transfers.
With the help of those credentials, the unknown hackers transferred large sums from Bangladesh’s United States account to fraudulent accounts based in the Philippines and Sri Lanka.
However, at the same time, Zoha accused senior officials at Bangladesh central bank of gross negligence and weak security procedures that eventually facilitated the largest bank heist in the country.
The Central bank’s governor Atiur Rahman, along with two of his deputy governors, had to quit his job over the scandal, hugely embarrassing the government and raising alarm over the security of Bangladesh’s foreign exchange reserves of over US$27 Billion.
However, when the investigation was still going on, Zoha disappeared Wednesday night, while coming home with one of his friends, according to sources close to Zoha’s family.
While speaking to media in the wake of the massive cyber attack, Zoha identified himself as the ICT (Information and Communication Technology) Division’s cyber security expert who had worked with various government agencies in the past.
Soon after Zoha’s disappearance, the government officials put out a statement but did not provide more details besides the fact that they opened an investigation.

Zoha’s family members suspect that the comments Zoha made about the carelessness of bank’s officials on the Bank heist to the press on March 11 are the cause of his disappearance.
***
(Reuters) – The SWIFT messaging system plans to ask banks to make sure they are following recommended security practices following an unprecedented cyber attack on Bangladesh’s central bank that yielded $81 million, a spokeswoman for the group told Reuters on Sunday.

Brussels-based SWIFT, a cooperative owned by some 3,000 global financial institutions, will issue a written warning on Monday asking banks to review internal security, the spokeswoman said.

SWIFT staff will also begin calling banks to highlight the importance of reviewing security measures after the attack in Bangladesh, she added.

“Our priority at this time is to encourage customers to review and, where necessary, to reinforce their local operating environments,” the spokeswoman added.

Unknown hackers breached the computer systems of Bangladesh Bank and in early February attempted to steal $951 million from its account at the Federal Reserve Bank of New York, which it uses for international settlements. Some attempted transfers were blocked, but $81 million was transferred to accounts in the Philippines in one of the largest cyber heists in history.

SWIFT has so far said little about the attack, except that it was related to “an internal operational issue” at Bangladesh Bank and that there was no compromise in its core messaging system.

SWIFT prepared a summary of previously issued recommendations for implementing security measures to thwart hackers, which advises members to pay close attention to best practices, the spokeswoman added.

A confidential interim report on the investigation, which forensics experts submitted to the bank on Wednesday, said that attackers took control of the bank’s network, stole credentials for sending SWIFT messages and used “sophisticated” malicious software to attack the computers it uses to process and authorize transactions.

Investigators said in the report, which was reviewed by Reuters, that they believe the attackers have targeted other financial institutions.

The report was prepared by FireEye Inc and World Informatix, which were hired by Bangladesh’s central bank to investigate the massive theft.

The investigators did not identify other victims or name the hackers, but said that forensic evidence suggests they were also behind other recent cyber attacks on financial institutions.

“FireEye has observed these same suspected FIN threat actors within other customer networks in the financial industry, where these threat actors appear to be financially motivated, and well organized,” said an interim report sent to the bank last week.

Representatives of Bangladesh Bank and FireEye declined to comment on the confidential report and their probe into the Feb. 4 heist.

World Informatix Chief Executive Rakesh Asthana told Reuters via email that he could not discuss the investigation, but that he expected Bangladesh Bank to issue a news release on Monday.

Details from the confidential report were previously reported by Bloomberg News and a Bangladesh publication, The Daily Star.

Posted in Citizens Duty, Cyber War, European Banks International Monetary Fund, FBI, Presidential campaign, Terror, The Denise Simon Experience, Treasury, Whistleblower.

Denise Simon