Home - Article

Featured Article

May 09, 2016

$82 Million Cybersecurity Loss at Bangladesh Bank Could have been Prevented


There are virtually no impenetrable computer systems but sometimes companies actually invite the bad guys to steal from them. Here at our IT support company, we had two appointments with potential new customers on the same day last week and in both cases, there were no backups being done.

A single hard disk crash or cryptolocker hit where the hacker doesn’t restore the data and either company would be out of businesses. Without warning. We are talking multimillion dollar businesses in both cases by the way.

You might have heard Bangladesh Bank was recently hit with a billion dollars of fraudulent transfers of which $82 million were successful and most of the money is now gone. $101 million in total was stolen but thankfully some of it was returned.

According to IDG news:

The technicians worked on Bangladesh's Real-time Gross Settlement (RTGS) system, used to transfer money among Bangladeshi banks, three months before hackers attempted to steal US$951 million from the central bank. The work opened up "a lot of loopholes" in bank computer systems, said the head of the criminal investigation department leading the investigation.

Now the police want to know if the technicians did this on purpose or were just negligent. The technicians did not follow usual security procedures, Bangladeshi bank and police officials told Reuters, leaving the bank's SWIFT messaging system remotely accessible, protected only via a simple password and no firewall.

To make a long story very short, the technicians should have isolated the system and not allowed it to be accessed wirelessly, from the internet or hacked via a thumb drive. In addition, no firewall was used.

Could this hack have been prevented? Absolutely, yes.

Had Bangladesh Bank simply hired any above-average IT consulting firm to work in tandem with the technicians, they would have added a firewall, cordoned off the server and done what was needed to be done.

In other words, it doesn’t matter if the intent here from the technicians was malicious or they were just a bunch of amateurs. It always makes sense to bring in a second set of eyes to ensure that technology is being implemented correctly and your company is secure and safe. This breach was a direct result of a lapse of good judgement from the bank stakeholders and should serve as an important lesson to every company with something important to protect.

See also:





Apex Technology Services
Choose from comprehensive, affordable solutions for IT consulting, network services and computer help desk support in Fairfield county including Norwalk, Darien, Stamford, Greenwich, Ridgefield and Bridgeport. Also Westchester county including Rye, New Rochelle, White Plains, Yonkers and New York including Manhattan and the five boroughs.
IT SERVICES

IT SERVICES

Apex Technology Services is a cutting edge MSP offering quality IT support to financial, medical, legal, Fortune 500 and government agencies while adhering to the highest of quality...

LEARN MORE
CYBERSECURITY Services

CYBERSECURITY

Apex Technology Services has the cybersecurity expertise to help your business in a world filled with attackers looking to shut down your business hold it ransom or steal your valuable...

LEARN MORE
CLOUD SERVICES

CLOUD SERVICES

Apex Technology Services delivers a combination of traditional IT functions such as infrastructure as a service (IaaS), applications, software, security, monitoring, storage...

LEARN MORE

Ranked Top 10 Network security Solution Provider

One Stop Shop For All Your Technology Needs


Contact us Now!