REUTERS: Bangladeshi investigators have identified 20 foreigners - 12 Philippine nationals and eight Sri Lankans - suspected to have been involved in the cyber heist of tens of millions of dollars from its central bank, a police officer said yesterday.
The officer gave no other details, but the suspects appear to be those who received some of the payments, and not the hackers.
The hackers breached Bangladesh Bank’s systems between February 4 and February 5 and tried to steal nearly US $ 1 billion from its account at the Federal Reserve Bank of New York. Most of the payments were blocked but US $ 81 million was routed to accounts in the Philippines and diverted to casinos there. Another US $ 20 million was sent to a company in Sri Lanka but the transfer was reversed because the hackers misspelled the name of the firm, raising a red flag at the routing bank.
Mohammad Shah Alam, a senior officer at the criminal investigation department of the Bangladesh police, said Interpol had helped identify the foreigners suspected to be involved in one of the largest cyber heists in history. “We have identified at least 20 foreigners with name and full particulars who we believe were involved,” Alam told reporters.
Another official on his team said the results of the investigation had been submitted to Philippine and Sri Lankan authorities. Both Alam and the other official who declined to be named said they could not provide more details about the foreign suspects because investigations were not complete. A Senate committee in the Philippines is holding hearings into how the money stolen from the Bangladesh central bank wound up with two casinos and a junket operator in the country.
Sri Lanka’s criminal police department is also investigating the cyber theft, but has declined to provide any information. Alam, the Bangladesh police officer, said there was no evidence yet of anyone inside the Bangladesh bank being involved in the hacking of its computer systems. Police were investigating if service providers to the central bank had been negligent in setting up secure computer systems, he said.