A simple spelling mistake has saved a bank from losing a huge amount of money — Hackers misspelled “foundation” in the NGO’s name as “fandation” ?
A spelling mistake proved to be the savior for the Bangladesh central bank and the New York Fed, banking officials said. The spelling mistake which was made during the bank transfer instruction helped the bank save $1 billion dollars last month.
However, the hackers still managed to get $80 million, in one of the biggest bank thefts in history.
The hackers stole Bangladesh’s Bank’s credentials for payment transfers after they had breached the bank’s system. They then left a large number of requests with the New York Fed Bank with at most three dozen requests to get money from Bangladesh’s bank account to several accounts of their own that were in Sri Lanka and the Philippines, two senior officials at the bank reported.
One of the officials claimed that the amount that was able to be stopped was in the range of $850 to $870 million due to the mistake. The Bangladesh Bank has billions of dollars in its current account with the Federal Bank, which they apparently use for international settlements.
Reports from Kaspersky Lab from last year said that as much as $1 billion had been stolen in the past two years by cybercriminals from at least 100 financial institutions.
Bangladesh Bank claims it recovered some of the money that was stolen and is working with the relevant authorities to try and recover the rest. The recovered funds were taken from Sri Lanka where the transaction was stopped.
The transaction had reached the Pan Asia Banking Corp, which had gone back for verification with the Deutsche Bank because they felt the sum involved was too large and was unusual, a Pan-Asia official confirmed.
Hackers misspelled “foundation” in the NGO’s name as “fandation”, prompting a routing bank, Deutsche Bank, to seek clarification from the Bangladesh central bank, which stopped the transaction, one of the officials said.
“The transaction was too large for a country like us, and then Deutsche came back saying that the transaction was suspect.”
Initially, the Bangladesh bank did not know that they had been breached, but cybersecurity experts hired indicated otherwise when they saw hacker footprints that suggested the system had been hacked. They also noticed that the attack had been from outside Bangladesh, adding that an internal investigation was ongoing.
The Philippines Amusement and Gaming Corp said it had launched an investigation. The country’s anti-money laundering authority is also working on the case.