During a recent meeting in Basel, Switzerland, to discuss the $81 million cyberheist at the central bank of Bangladesh, representatives from the Federal Reserve Bank of New York, Bangladesh Bank and SWIFT agreed to work together to track down the stolen funds.
According to a statement from the New York Fed, the parties discussed the initiatives taken and the information exchanged concerning the cyber and physical vulnerabilities that led to that hack that’s been dominating headlines since February.
“All parties stated their concern over this event and their continued commitment to work together to normalize operations,” the statement said. “The parties also agreed to pursue jointly certain common goals: to recover the entire proceeds of the fraud and bring the perpetrators to justice and protect the global financial system from these types of attacks.”
The latest news from the ongoing investigation into one of the world’s biggest cyberheists, in which a total of $101 million was lifted from the Bangladesh central bank’s account with the New York Federal Reserve, found fingers pointing at SWIFT technicians as being partly to blame for the hack.
Earlier this week, Bangladeshi police and banking officials said that the connection of SWIFT messaging to a new bank transaction system could have led to the cyberheist, with the change being made just months before the cyberattack occurred.
The specific issue seems to have been with how SWIFT was connected with Bangladesh’s first real-time gross settlement (RTGS) system.
“We found a lot of loopholes,” noted Mohammad Shah Alam, head of the criminal investigation department of the Bangladesh police who is leading the probe. “The changes caused much more risk for Bangladesh Bank.”
But now, according to Reuters, SWIFT is firing back at the allegations.
“SWIFT was not responsible for any of the issues cited by the officials or party to the related decisions,” SWIFT said in a statement posted on its website on Monday (May 9).
“As a SWIFT user like any other, Bangladesh Bank is responsible for the security of its own systems interfacing with the SWIFT network and their related environment — starting with basic password protection practices — in much the same way as they are responsible for their other internal security considerations,” the statement continued.