Skip to main content
  1. Home
  2. Computing
  3. News

Billion dollar bank heist foiled by one spelling mistake

By

bangladeshi bank heist foiled by spelling mistake internet hacking dark net
Image used with permission by copyright holder
Proofing your work is important. We’ve known that since school days, but you would think when you have the chance to swipe a billion dollars in an international bank heist, you’d make sure you dotted all the i’s and crossed all the t’s. That didn’t happen in the case of one hacking group though, which made away with a comparatively paltry $80 million because they made a spelling mistake when transferring the ill gotten gains.

The hack in question took place at the start of February and targeted Bangladesh’s central bank, which was breached in a manner that did not initially raise any suspicion. The hackers then used that official channel to contact the Federal Reserve Bank of New York, and began issuing transfer orders that sent millions overseas.

Requests successfully directed over $80 million to accounts in the Philippines and Sri Lanka, with further planned payments of over $850 million. However one $20 million payment request was flagged by the routing bank, Deutsche Bank, when it was noticed that the name of the recipient organization, Shalika Foundation, was spelled “fandation” (as per the Guardian).

Related

Related: Department of Defense recruits white hats for ‘Hack the Pentagon’ program

With that request flagged, all others were halted as a routine security measure and it was soon discovered that these transactions were anything but approved by the Bangladeshi bank. Some of the sums were also noted for their surprising size, though individually that may not have been enough to manually vet the transfers.

The Bangladeshi bank holds billions of dollars with the Federal Reserve and could potentially have seen much of it disappear if this spelling mistake had not triggered a further inquiry.

Now, more than a month on from the hack, officials at the Bangladeshi bank say that they have been able to recover some of the funds, but that there are still many millions outstanding. Moreover, it’s still not entirely sure how the bank was hacked in the first place.

The bank sees it as extremely unlikely that those who perpetrated the hack will ever be caught, suggesting that this was a highly successful digital attack. Although the nationality of the thieves is unknown, they are thought to originate from outside of Bangladesh.

Suggestions from security analysts indicate that the hack would have required intimate knowledge of the Bangladeshi bank’s internal systems, so it’s possible someone on the inside was either involved, or that the bank’s information was otherwise compromised.

Editors’ Recommendations

Topics
Jon Martindale
Jon Martindale
Computing Coordinator
Jon Martindale is the Evergreen Coordinator for Computing, overseeing a team of writers addressing all the latest how to…
A dangerous new jailbreak for AI chatbots was just discovered
the side of a Microsoft building

Microsoft has released more details about a troubling new generative AI jailbreak technique it has discovered, called "Skeleton Key." Using this prompt injection method, malicious users can effectively bypass a chatbot's safety guardrails, the security features that keeps ChatGPT from going full Taye.

Skeleton Key is an example of a prompt injection or prompt engineering attack. It's a multi-turn strategy designed to essentially convince an AI model to ignore its ingrained safety guardrails, "[causing] the system to violate its operators’ policies, make decisions unduly influenced by a user, or execute malicious instructions," Mark Russinovich, CTO of Microsoft Azure, wrote in the announcement.

Read more