Bangladesh police suspect insider help in $81m central bank cyberheist

The Bangladesh bank hack was one of the most audacious cyberheists of 2016. Nearly a year after hackers successfully broke into the Central Bank of Bangladesh and stole nearly $1bn, of which $81m (£65.9m) still remains unrecovered; numerous investigations launched by various agencies are yet to yield fruitful results in cracking the case. However, one of Bangladesh police's top investigators reportedly believes that IT employees of the bank may have been involved in providing avenues of access for the hackers.

According to Bangladesh police deputy inspector general Mohammad Shah Alam, who is heading up the probe into the cyberheist, IT technicians may have hooked up the bank's internal transactions systems onto the public internet, thereby providing hackers with a viable way to access the systems.

"There were a number of other things, which if the Bangladesh Bank people had not done, the hacking would not have been possible," Alam said, Reuters reported. He added that the malware that hackers used to compromise the bank's system also customised it, making it easier for the cyber thieves to make away with the bank's money. Alam speculated that the hackers were probably given technical details of the bank's computer systems by someone knowledgeable about the systems.

Alam said that he was looking into why and how the password token, which protects the Swift international transaction network systems at the bank, was exposed by having been inserted into the Swift server, for months leading up to the hack. The password token is ideally supposed to be removed and locked inside a secure vault, every day after business hours.

Alam claimed that the failure to remove the passwords token lead to the hackers gaining entry to the bank's internal systems and allowed the attackers to infect systems with malware and proceed to issue out fake transfer orders.

No suspects have been named or arrested yet. The Bangladesh bank, Swift and the FBI, which also launched its own probe into the attack, are yet to comment on that matter.

Alam said that no arrests have been made, as the investigation is still ongoing. He added that the suspects are currently being monitored by the authorities. Alam said that he was waiting for "specific information" on any communications between the suspects and the hackers, which may help further solidify the case.

Alam's comments appear to stand in contrast to recent repeated assertions by authorities in Bangladesh that employees of the bank were guilty of only negligence. However, according to Alam, investigation points to an insider being involved in the cyberheist. He added that authorities have sought help from police in countries such as Philippines, China, Sri Lanka and Japan.