How would you rate the information security of government agencies in most countries?
Pretty good, probably.
You might not go as far as to bet that they would never, ever suffer a breach of security. Yet today’s scandals seem to concern entities in the private sector, even if there are some big names among them (Sony, Target, Anthem, to mention a few).
So how about a central bank being robbed of US $81 million?
And with the money being willingly transferred to the criminals’ accounts by none other than the US Federal Reserve?
This robbery took place one Friday evening, recently. Perhaps the most remarkable thing about it, even more than the brazenness of the operation, was the way the theft was discovered.
The cybercriminals sent over 30 requests for transfers for a total of over US $1 billion to the Fed, in the name of the central bank of Bangladesh. In the first instance, everything appeared to tally.
The Bangladeshi central bank had an account with the Fed in New York, the bank codes were correct, and the requests appeared to emanate from servers in Dacca, the Bangladesh capital.
At the fifth request however, the Fed halted the transfers. The name of the destination appeared as “Shalika Fandation”, when it should have been written as “Shalika Foundation”.
The good news was that the Bangladeshi central bank did not lose a billion dollars. The less good news was that $81 million had the time to disappear into a web of accounts and casino operations in the Philippines.
If pirates can fool the Fed, is anybody safe?
Make the most of the short breathing space (if any) while pirates improve their spelling skills to check your own security systems and processes. Even if security can never be perfect, the harder you make it for pirates, the less likely it is you will be their next victim.