Program: Information Systems Business Analysis (T405)

Course Number BUS 4065

Course Title FINANCIAL SYSTEMS IN CANADA
Semester Winter 2017
Instructor Graeme McPhaden

Student Name Abdullah Al Mamun

Student ID 101103107
Submission Date March 26, 2017

ASSIGNMENT No. 01,

Title: Financial Crisis and the Role of the
Business Analyst

Cyber-attack on the Bangladesh Central bank

and hacked to carry out $81 million heist in
2016

1
 Overview:
It was in February 2016, instructions to steal US$951 million from Bangladesh Bank,
the central bank of Bangladesh, were issued via the SWIFT network. Five transactions
issued by hackers, worth $101 million and withdrawn from a Bangladesh Bank account
at the Federal Reserve Bank of New York. The Federal Reserve Bank of NY blocked
the remaining thirty transactions, amounting to $850 million, at the request of
Bangladesh Bank. It was identified later that Dridex malware was used for the attack.

What is SWIFT?
SWIFT stands for the Society for Worldwide Interbank Financial
Telecommunication and is a consortium that operates a trusted and closed computer
network for communication between member banks around the world. The SWIFT
platform has some 11,000 users and processes about 25 million communications a day,
most of them money transfer transactions. Financial institutions and brokerage houses
that use SWIFT have codes that identify each institution as well as credentials that
authenticate and verify transactions.

What Happened?
On February 4, unknown hackers used SWIFT credentials of Bangladesh Central
Bank employees to send more than three dozen fraudulent money transfer requests to
the Federal Reserve Bank of New York asking the bank to transfer millions of the
Bangladesh Banks funds to bank accounts in the Philippines, Sri Lanka and other parts
of Asia.

The hackers managed to get $81 million sent to Rizal Commercial Banking
Corporation in the Philippines via four different transfer requests and an additional $20
million sent to Pan Asia Banking in a single request. But the Bangladesh Bank managed
to halt $850 million in other transactions. The $81 million was deposited into four
accounts at a Rizal branch in Manila on Feb. 4. These accounts had all been opened a
year earlier in May 2015, but had been inactive with just $500 sitting in them until the
stolen funds arrived in February this year, according to Reuters.
A printer error helped Bangladesh Bank discover the heist. The banks
SWIFT system is configured to automatically print out a record each time a money
transfer request goes through. The printer works 24 hours so that when workers arrive
each morning, they check the tray for transfers that got confirmed overnight. But on the
morning of Friday February 5, the director of the bank found the printer tray empty.
When bank workers tried to print the reports manually, they couldnt. The software on

2
 the terminal that connects to the SWIFT network indicated that a critical system
file was missing or had been altered.

When they finally got the software working the next day and were able to restart
the printer, dozens of suspicious transactions spit out. The Fed bank in New York had
apparently sent queries to Bangladesh Bank questioning dozens of the transfer orders,
but no one in Bangladesh had responded. Panic ensued as workers in Bangladesh
scrambled to determine if any of the money transfers had gone throughtheir own
records system showed that nothing had been debited to their account yetand halt
any orders that were still pending. They contacted SWIFT and New York Fed, but the
attackers had timed their heist well; because it was the weekend in New York, no one
there responded. It wasnt until Monday that bank workers in Bangladesh finally learned
that four of the transactions had gone through amounting to $101 million.

Bangladesh Bank managed to get Pan Asia Banking to cancel the $20 million
that it had already received and reroute that money back to Bangladesh Banks New
York Fed account. But the $81 million that went to Rizal Bank in the Philippines was
gone. It had already been credited to multiple accountsreportedly belonging to
casinos in the Philippinesand all but $68,000 of it was withdrawn on February 5 and 9
before further withdrawals were halted. The manager of the Rizal Bank branch has
been questioned about why she allowed the money to be withdrawn on the 9th, even
after receiving a request that day from Bangladesh Bank to halt the money.

The hackers might have stolen much more if not for a typo in one of the money
transfer requests that caught the eye of the Federal Reserve Bank in New York. The
hackers apparently had indicated that at least one of the transfers should go to the
Shalika Foundation, but they misspelled foundation as fandation.

What were the triggers behind this cyber-crime?

To understand what happened, a number of points are worth noting:
Poor IT Management System
According to investigative reports by cyber-security company FireEye seen by
Reuters, is that someone obtained the computer credentials of a SWIFT operator at
Bangladesh Bank, installed six types of malware on the banks systems and began
probing them in January. The hackers did a series of test runs, logging into the system
briefly several times between Jan. 24 and Feb. 2. One day they left monitoring software
running on the banks SWIFT system; on another they deleted files from a database.
Computer is not protected by Firewall
Bangladesh's central bank was vulnerable to hackers because it did not have a firewall.
It had not protected its computer system with a firewall. The hackers had infected the

3
 system with malware that disabled the printer, and Bangladesh bank officials
did not see the Feds query and knew nothing of the fraudulent transactions.

Cheap routers

Used second-hand $10 electronic switches to network computers linked to the SWIFT
global payment system. Hackers may have exploited such weaknesses after
Bangladesh Bank connected a new electronic payment system, known as real time
gross settlement (RTGS), in November last year. However, it remains unknown exactly
who broke into its systems or how they did it.

Timing
The timing was important. The thieves exploited the difference in the timing of
weekends in Bangladesh and New York, so that queries from one country went
unanswered in the other. And the heist occurred over Chinese New Year, when Filipinos
go on holiday, leaving only skeleton staff to monitor bank transactions.

SWIFT Network
The scale of the SWIFT payments network and the systems that connect to it makes it
difficult to prevent unauthorized penetration by a determined hacker. There are 11,000
member institutions in more than 200 countries and therefore millions of employees,
both present and former, who use, or have used, the system and understand aspects of
its operation. The ability of the network to withstand a cyber-attack is only as great as
the weakest link in the network. Criminals will inevitably target those institutions with the
weaker controls and lower levels of security.

How the Business Analyst could have helped to mitigate

Cyber crime
A business analyst is any person who can determine problems and
identify business needs, identify and recommend solutions, elicit, document, and
manage stakeholder requirements and facilitate the successful implementation of
the product, service, project or program

Business Analyst will taking measures find out the root cause for ascertaining
existing technical gap assessment and vulnerability through a comprehensive
cyber security risk study.

Business Analyst should coordination of Central bank participation in department

wise Analytic Capability Development and Collaboration

4
 Business Analyst will participation in Working Group initiatives around
financial sector improvements for topics relevant to: Cyber Crime; Threat
Intelligence Support; Improving Systemic Response and Resiliency;

Business Analyst will determine, socialize and implement ways that the SWIFT
can drive value for internal IT security functions;

Develop a layered approach to guard against malicious software

Provide IT related training for skill development and Mandatory adoption of IT

related precaution to avoid such incidents.

Business Analyst take initiative to implement the following model for cyber risk
identification and mitigation-

Executive Level Audit & Risk Legal IT

Institute sound understanding and Be aware of the
Cyber security coverage of changing
strategy technology threat landscape
risks and
attack vectors
Track the evolving
Ensure quality Conduct up-front cyber regulatory Test incident
information is due environment response
received diligence to Plans and
and assimilated eliminate 3rd Implement effective
party risk monitoring
processes

Implement user Addressing risks cyber-attack

security associated with simulations,
awareness operational gamification of
programs systems Monitor decisions security
made
by regulators in

5
 Support Address basic IT response cyber-attack
strategy-based audit to cyber incidents simulations,
spending on issues gamification of
security security

Measures to prevent similar crisis in the future:

To prevent a same problem in the future, Bangladesh Bank Admiration should take the
following initiatives to mitigate the risk of Cyber-attack:

1. Demand more information from SWIFTs customers and share it back with the
community.

2. Harden security requirements for customer-managed software to protect

customers local environments

3. Enhance guidelines and develop security audit frameworks for customers.

4. Support banks increased use of payment-pattern controls to identify

suspicious behavior.

5. Introduce certification requirements for third party providers.

A particular focus of the assessment should be the skills and resources available
at each institution. Some members of the SWIFT network lack the knowhow to
safeguard their assets from the sophisticated cyber-attacks we are now seeing. And
many have limited, or no, staffing of their security and fraud teams at weekends or on
public holidays. Criminal gangs do not take the day off. Indeed, they are more likely to
be active when banks guards are lowered.

Conclusion
Technological and legal advancement in the area of banking sector is necessary
to overcome the cyber-threats in banking industry. Bangladesh Bank should take
necessary steps discussed above to create awareness among the banks and their
clients as well as making the application of the laws more rigorous to check crime. As
the regulatory authority of the banking sector, Bangladesh Bank should also ensure
mandatory compliance of cyber risk management and cyber security governance for the
operating banks. There is also a need to bring changes in the Information Technology

6
 (ICT) Act to make it more effective to combat cyber-crime. Cyber security has
become a paramount concern for the banking sector, but some banks have been
hesitant to implement much-needed security measures and regulators have been slow
to develop a plan to address major attacks if and when they occur. Consumers may be
able to recover their money under federal law, but some experts are concerned that the
escalating attacks could render a major bank insolvent if successful, or at least create
panic that leads to a run on a bank.

Citations:
$81M theft from Bangladesh Bank linked to Sony attack, as second cyber heist raises
fears of wider campaign-http://business.financialpost.com/investing/market-moves/81m-
theft-from-bangladesh-bank-linked-to-sony-attack-as-second-cyber-heist-raises-fears-
of-wider-campaign
After Bangladesh: How a massive hack shook the banking world-
http://www.theglobeandmail.com/report-on-business/international-business/cybertheft-
of-bangladeshs-central-bank-threatens-global-bank-system/article30408324/
Bangladesh Bank official's computer was hacked to carry out $81 million heist:
diplomat-http://www.reuters.com/article/us-cyber-heist-philippines-idUSKCN0YA0CH
How the New York Fed fumbled over the Bangladesh Bank cyber-heist-
http://www.reuters.com/investigates/special-report/cyber-heist-federal/
Bangladesh Bank exposed to hackers by cheap switches, no firewall: police-
http://www.reuters.com/article/us-usa-fed-bangladesh-idUSKCN0XI1UO
$10 router blamed in Bangladesh bank hack-http://www.bbc.com/news/technology-
36110421
That Insane, $81M Bangladesh Bank Heist? Heres What We Know-
https://www.wired.com/2016/05/insane-81m-bangladesh-bank-heist-heres-know/
2016 Bangladesh Bank heist-
https://en.wikipedia.org/wiki/2016_Bangladesh_Bank_heist