Malware made by a North Korean or Pakistani hacker used in $80 million Bank hack

[Al-zakir]

Excellent news. Not unhappy at all. Anyone can help to kick this Illegal Awami is welcome and appreciated. Take the money and use it for good cause.

 

[BanglaBhoot]

According to @MBI Munshi RAW was behind the heist.

Yes and that hasn't changed. Accusing Pakistan in this heist is just plain rubbish. Why would 5 Hindu Bangladesh Bank employees and 1 Indian national join with Pakistan in this conspiracy. This is just AL and Indian propaganda to side track the investigations. FireEye was appointed by the Indian national to assist in these investigations so its findings cannot be trusted.

 

[livingdead]

Link? Never saw about Russian hackers.



No Russia. Turkish hackers hacked some other private banks' info, not Bangladesh Bank. Money is in US dollar and its big so whole world can go behind it.

I dont have link but initial story pointed to russian crime syndicate.. not sure where I read, its all probably speculation.

 

[RoadRunner401]

Simple Spelling Errors Prevented the Bank from Losing Billions

It is extremely critical to develop Linux skills to become a hacker. Nearly all the tools we use as a hacker are developed for Linux and Linux gives us capabilities that we don't have using Windows.

Oh, For crying out loud, Hack is a game of words and letters plus (simplified), if one can't spell he or she can't hack. At least, if you are going to create a lie do some research before.

To make long story short money taken by Russian, Turkish and now Pakistani Hackers, mysteriously ended up in Sheikh Hasina off shore accounts. Can this women sleep at night without blaming Pakistan!!

Investigators probing the cyber heist of $81 million from the Bangladesh central bank connected it on Friday to the hack at Sony Corp's film studio in 2014, while global financial network SWIFT disclosed a previously unreported attack on a commercial bank.

SWIFT did not say which commercial bank it was or whether it had lost money, but cyber-security firm BAE Systems said a Vietnamese bank, which it did not name, had been a target. It was not clear if they were referring to the same attack and there was no immediate comment from authorities in Hanoi.

SWIFT, the linchpin of the global financial system, said forensic experts believed the second case showed that the Bangladesh heist was not a single occurrence, but part of a wider campaign targeting banks.

In both cases, SWIFT said, insiders or cyber attackers had succeeded in penetrating the targeted banks' systems, obtaining user credentials and submitting fraudulent SWIFT messages that correspond with transfers of money.

The cooperative has maintained that its core messaging service has not been compromised. But confirmation of a second attack on a bank will likely increase scrutiny on the security of a network used by 11,000 financial institutions globally.

In Bangladesh, cyber-security experts hired by the central bank said in a report that hackers were still inside the bank's network, monitoring the investigation into one of the biggest cyber heists in the world. Reuters reviewed parts of the report, but the source who shared the document declined to provide access to its full contents, saying the release of some details could hamper a multinational effort to catch the criminals.

Asked about the report, a Bangladesh Bank spokesman said: "We have engaged forensic experts to investigate the whole thing, including this." He did not elaborate.

Investigators have determined that one team of hackers, dubbed Group Zero in the report, was responsible for the heist and remained inside the network. Group Zero may be seeking to monitor the ongoing cyber investigations or cause other damage, but is unlikely to be able to order fraudulent fund transfers, the investigators wrote.



"NATION-STATE ACTOR"

Two other groups are also inside the bank's network, which is linked to the SWIFT international transaction system, the report found. One of the two is a "nation-state actor" engaged in stealing information in attacks that are stealthy but "not known to be destructive", it said.

A spokeswoman for SWIFT said she was unable to comment.

The report said investigators knew little about a third group of hackers found inside the network, referred to as Group Two, except that they were using mostly commodity, or off-the-shelf, hacking tools.

The report, which was submitted earlier this month, did not further identify any of the groups.

BAE Systems, Europe's largest weapons maker, which also has a large cyber-security business, said it had uncovered evidence linking malicious software used in the Bangladesh heist to the high-profile attack on Sony's Hollywood studio in 2014 and other cases.

"What initially looked to be an isolated incident at one Asian bank turned out to be part of a wider campaign," BAE's cyber-security team said in a report it released on Friday.

BAE also said it uncovered malware that was recently used to target a Vietnamese commercial bank using fraudulent messages on the SWIFT money-transfer network. The malware operated "in a similar fashion" to the Bangladesh Bank hack, BAE said.

SWIFT also did not name the victim, and neither firm said whether any funds had been stolen.

Reuters was not able to independently confirm the findings of BAE's determination about similarities between the Bangladesh and Sony attacks. The U.S. government has blamed North Korea for the attack on Sony's film studio, a charge Pyongyang has rejected.

BAE's head of threat intelligence, Adrian Nish, told Reuters that the company was only focused on the technical evidence that links the attacks, not determining who was behind them.

The report said the malware used against Bangladesh Bank exhibits "the same unique characteristics" as software used in "Operation Blockbuster", a campaign documented by a coalition of security firms that dates back to at least 2009 and includes the Sony hack.

BAE asserted the Operation Blockbuster connection after analyzing tens of millions of malicious file samples, but the report acknowledged there could be alternate explanations for the similarities.

It is possible that multiple programmers shared the same code, or even that it was painstakingly recreated to confuse investigators, according to BAE.



(Additional reporting by Serajul Quadir in Dhaka, Nathan Layne in Chicago and Joseph Menn in San Francisco; editing by David Greising and Raju Gopalakrishnan)

 

[bongbang]

To make long story short money taken by Russian, Turkish and now Pakistani Hackers, mysteriously ended up in Sheikh Hasina off shore accounts. Can this women sleep at night without blaming Pakistan!!

You may be already know all these news are coming from reputed International sources. So Hasina has no control in this.

 

[Roybot]

Yes and that hasn't changed. Accusing Pakistan in this heist is just plain rubbish. Why would 5 Hindu Bangladesh Bank employees and 1 Indian national join with Pakistan in this conspiracy. This is just AL and Indian propaganda to side track the investigations. FireEye was appointed by the Indian national to assist in these investigations so its findings cannot be trusted.

So the case is already solved?

Who are these 5 Hindu Bangladesh Bank employees, and 1 Indian national that you speak of? Whats the source of this claim, is this known to everyone or this confidential information?

 

[jaunty]

According to @MBI Munshi RAW was behind the heist.

Perhaps his crusader 100 is finally being put to work.

 

[BanglaBhoot]

So the case is already solved?

Who are these 5 Hindu Bangladesh Bank employees, and 1 Indian national that you speak of? Whats the source of this claim, is this known to everyone or this confidential information?

No it is public information. One of the Hindus is Deputy Governor Sur Chowdhury and the Indian national is IT consultant Rakesh Astana. The other four Hindus are lower level employees and one the spokesman for Bangladesh Bank.

 

[Roybot]

No it is public information. One of the Hindus is Deputy Governor Sur Chowdhury and the Indian national is IT consultant Rakesh Astana. The other four Hindus are lower level employees and one the spokesman for Bangladesh Bank.

Source?

 

[fallstuff]

Interesting development. The IT forensic company FirEye hired by the Hasina Govt was founded by Ashar Aziz, a man born in Pakistan. Hmmmm..

 

[BanglaBhoot]

Source?

It is all over social media. There isn't going to be an official source or media source because they are both owned by India ... These 6 Hindus are however the obvious suspects for the positions they hold in the bank and being directly involved in forex and IT issues at BB.

 

[Roybot]

It is all over social media. There isn't going to be an official source or media source because they are both owned by India ... These 6 Hindus are however the obvious suspects for the positions they hold in the bank and being directly involved in forex and IT issues at BB.

So no source then

 

[Kyusuibu Honbu]

Interesting development. The IT forensic company FirEye hired by the Hasina Govt was founded by Ashar Aziz, a man born in Pakistan. Hmmmm..

FirEeye irrespective of having a Pakistani-American founder is a Global leader in detecting nation state cyber espionage, cyber security appliances and Financially motivated cyber crime.

Only Vendors that come close to FirEye would by Kaspersky or TrendMicro.

They are best company for the job, also most likely the most expensive.

 

[FalconsForPeace]

The malware behind the mega $80 million hack of Bangladesh Bank was allegedly made by a Pakistani or North Korean hackers according to the Investigators. The investigators in the high profile Bangladesh Bank today said that a malware made by either Pakistani or North Korean hackers were used in stealing US 80 million dollars from Bangladesh Bank account with Federal Reserve Bank of New York.

Mohammed Farashuddin, head of the committee probing the Bangladesh Bank heist, said that malware was installed at the server of the central bank

The investigators also held SWIFT primarily responsible for the hack. SWIFT now is telling that its job is to provide solutions and it is the responsibility of the client to ensure the safety of the system, Mohammed Farashuddin added.

“Okay, I admit that. But if SWIFT or any individual gives any system, it is the provider’s responsibility to supply device to keep the system secure.”

On May 9, SWIFT rejected allegations by Bangladesh officials that technicians with the global messaging system made the nation’s central bank more vulnerable to hacking before an $80 million cyber heist in February.

The remarks were in response to a Reuters story that cited Bangladeshi police and a central bank official as saying that SWIFT technicians introduced security holes into the bank’s network while connecting SWIFT to Bangladesh’s first real-time gross settlement (RTGS) system.

Earlier it was reported that the Bangladesh Bank used second hand $10 routers to power its network and that was believed to have been compromised by the hackers.

There is also a debate going on about actually how much money Bangladesh Bank lost in the hack attack on February 4. The report says that the hackers were actually attempting to steal $950 million but a typo stopped the hack at $101 million. The report says that the hackers were successfully in remittance of advices worth $101 million. Of this $101 million, the Bangladesh Bank got back $20 million because of misspelling of the beneficiary organisation in Sri Lanka and now the amount of missing money stood at $81.16 million.

The preliminary report of the probe findings was submitted to the government on April 20. In the forwarding, the probe committee said the report is final on that part.

http://www.techworm.net/2016/05/malware-north-korea-pakistan-hacker-80-million-bank-hack.html

 

[CHD]

Bangladesh is acting like veena malik and rakhi sawant trying to grab attention by cheap publicity