A cybersecurity researcher investigating the massive £81m heist at the Bangladesh central bank has reportedly been abducted, only 24 hours after telling local media outlets he had uncovered three user IDs involved in the hack.
Tanveer Hassan Zoha, 34, was working as a 'shadow investigator' in the ongoing police probe into the cyberattack and had previously raised concerns about security standards at the bank – a move his family claim may have played a part in his mysterious disappearance.
Family members have said that Zoha met with an acquaintance called 'Yamin' on 16 March. While heading home in the early hours of the next morning both men were intercepted and blindfolded by unknown assailants. After being bundled into two different vehicles, Yamin was dumped at a location in the capital city of Dhaka. Zoha never reappeared.
The next day, Zoha's family said they attempted to report the researcher as missing but police refused to investigate. According to the researcher's wife, Kamrun Nahar Chowdhury, the family was instead re-directed to multiple police stations before giving up and contacting local media. "We don't know why he was picked up," she told Reuters.
According to BDNews24, Zoha had previously worked for a number of government agencies in the past and was actively aiding the ongoing investigation into the Bangladesh banking heist. Talking to reporters before his suspected kidnapping, Zoha had raised concerns over the security standards and cybersecurity protections in place on the bank's computer servers.
Suspected police involvement
Law enforcement in the region has remained tight-lipped over the disappearance of the researcher, however Home Minister Asaduzzaman Khan Kamal indicated he may have been scooped up by the local police. "Police have been questioning people who they believe are suspects," he said. When asked specifically if Zoha was detained, he added: "I can't say that right now. He might have been arrested for the investigation. But I don't know."
In February, criminals managed to carry out a coordinated cyberattack against the nation's central bank – successfully compromising over $80m (£56m: €71m) by falsifying payment transfers and funnelling money from Bangladesh's account in the Federal Reserve Bank of New York to locations in the Philippines.
The hackers were only thwarted from a massive $1bn payday after banking officials noticed a glaring typo in one malicious transfer request. Bangladesh banking officials became aware of the heist almost immediately but withheld the information for about a month. Because of this slow response, the governor of the bank, Atiur Rahman, was subsequently forced to resign from his position amid claims of negligence from high-level politicians.
In the latest development, FBI investigators have become embroiled in the case. "This is the biggest transnational organised crime ever seen in Bangladesh and so we sought both technical and human assistance [from the FBI]," said Mirza Abdullahel Baqui, a senior police official, adding that evidence now suggests the culprits hail from six different countries.