Bangladesh Bank has officially called to an end the forensic investigation by cybersecurity firm Mandiant as the $81m (£55m, €66m) stolen by hackers four months ago (February 2016) remains missing.
Mandiant, which is owned by US security firm FireEye, had been working on the case after being contracted to find out how hackers were able to infiltrate the bank's computer systems and file fraudulent money transfers with its account at the Federal Reserve Bank of New York.
According to Reuters, Mandiant researchers had requested a contract extension that would have allowed nearly 600 extra hours to complete its probe. However, this was turned down by banking officials as the costs quickly mounted.
"It was a unanimous decision," Jamaluddin Ahmed, a director of the central bank, told Reuters, adding that the Bangladesh bank had instead decided to "take steps on its own" to improve security. Unnamed sources, who spoke on condition of anonymity, said the cost of the investigation was a major factor in choosing to end the contract.
The sources said Mandiant was paid roughly $280,000 (£213,000) for about 700 hours of work. However, while Mandiant would no longer be involved, the banking sources did admit that it may still work alongside "external experts" to get cybersecurity advice.
A spokesperson for Mandiant said: "We will continue to support law enforcement and the industry past the close of our engagement."
Evidence from local investigators has revealed that – at the time of the hack – cybersecurity protections at the bank were shockingly weak. As previously reported, the financial institution was reportedly not using a firewall and had purchased cheap routers to connect to Swift, the secure-messaging system that links roughly 11,000 banks across the globe.
In February, as-yet-unknown cybercriminals accessed the Bangladesh bank's computer network and made 35 transfer requests totalling $951m (€841m, £647m) to the New York federal reserve. Five of these were eventually passed, worth $101m – however, one transfer of $20m was later stalled due to a spelling error on the request.
Most recently, Atiur Rahman, the former governor of the bank – who was pressured to resign following the hacking controversy – criticised the American institutions for failing to stop the theft. "Bangladesh should not be blamed for something going wrong in the chain," he claimed.