The central bank of Bangladesh has revealed that it is withholding the findings of an investigation into a February cyber theft that netted criminals around $81 million in order to avoid tipping off the “foreign perpetrators” of the hack.
According to a report from the Reuters news agency, the state-run Bangladesh Bank had its funds stolen from the Federal Reserve Bank Of New York before the cash was routed through the Rizal Commercial Banking Corporation and disappeared via at least two Manila casinos.
Ajmalul Hossain, a lawyer for Bangladesh Bank, made the revelation in response to comments from Rizal Commercial Banking Corporation that the Dhaka central bank could be wary of releasing any results as these may implicate members of its own staff.
“Bangladesh Bank knows enough about what happened from the internal and external reports so far obtained by it and others,” said Hossain. “This truth is being deliberately withheld from the public domain so as not to allow the foreign perpetrators of the hacking to have knowledge of the investigations.”
Reuters explained that most of the stolen $81 million is still missing with Bangladesh Bank continuing to hold Manila-based Rizal Commercial Banking Corporation responsible. The central bank earlier announced that it may sue the Philippines bank if other efforts to recover the money are unsuccessful.
June saw Rizal Commercial Banking Corporation question Bangladesh Bank’s decision not to extend a contract with American cyber security firm FireEye and proclaimed that any efforts to recover the funds could be “imperiled” if someone within the bank was found to be responsible for the heist. An initial report from FireEye seen by Reuters in March blamed a sophisticated third party for the attack, which allegedly used as many as six types of mal-ware, and identified about 35 “compromised” bank assets.
Reuters reported that a Bangladesh government-appointed panel announced in May that officials at Bangladesh Bank may have been involved in the theft but it has also yet to release the full findings of its investigation.
“That’s why I think a report is not forthcoming,” Maria Celia Estavillo from Rizal Commercial Banking Corporation’s legal and regulatory affairs department told Reuters. “[Bangladesh Bank] should finish its investigation, it should find out what happened in Bangladesh, it should find out who is liable there, it should give a copy of that to the Philippines government and, if it is confident of the strength of its case, it should file a case in court.”
Last week saw the Central Bank Of The Philippines fine Rizal Commercial Banking Corporation to the tune of $21 million for its connection with the heist. Estavillo declared that her firm had expected the penalty due to some lapses but blamed only a couple of rogue employees for letting the money go out of the bank despite stop-payment instructions from Bangladesh Bank. She stated that internal investigations had indicated that its head office had not been complicit in the heist despite Bangladesh Bank’s assertion that the institution must have had “corporate knowledge” of the money laundering.