Investigators probing the $81m Bangladesh Bank heist have reportedly uncovered evidence of three unknown hacker groups, two of which are believed to be originating from North Korea and Pakistan. However, it is the third unknown entity which is believed to have pulled off the heist.
Cybersecurity firm FireEye, which is investigating the cyber-heist, has reportedly identified the digital trail of hacker groups from North Korea and Pakistan. However, it is still unclear if the third unknown entity is part of a criminal network or a state-sponsored hacker, Bloomberg reported.
Meanwhile, the FBI reportedly suspects insider involvement in the theft. There are indications that a conspirator possibly played a vital role in infecting the bank's system from within, thereby making it vulnerable to a cyberattack. Although the Bangladesh police have found evidence of negligence within the bank's security, a conclusive link to criminal intent is yet to be established.
Bangladesh Bank officials as well as the police have alleged that SWIFT technicians introduced vulnerabilities into the system, which in turn made vulnerable to hacking.
SWIFT has denied all allegations. The company said: "SWIFT rejects the false, inaccurate and misleading allegations made by Bangladesh Bank and Bangladesh Police's Criminal Investigation Department (CID) officials to Reuters. The accusations have no basis in fact. As a SWIFT user like any other, Bangladesh Bank is responsible for the security of its own systems interfacing with the SWIFT network and their related environment – starting with basic password protection practices – in much the same way as they are responsible for their other internal security considerations."