Could a “rogue” government be responsible?
A U.S.-based cyber-crime expert says the culprits who stole millions from the Bangladesh central bank may go unidentified and unpunished.
According to Reuters, Sean Kanuck, former senior official in charge of cyber-security at the Office of the Director of National Intelligence, said the crime was likely carried out by a sophisticated criminal rind or what the news outlet called “a rogue nation.”
UK-based security firm BAE Systems has said malware was used to erase the signature of hackers in the heist, which employed code similar to that used to attack Sony Corp. in 2014. The U.S. Federal Bureau of Investigation blamed that crime on North Korea.
“We have actually seen criminal enterprises that were able to bring together a range of capabilities, ranging from insider access to credentials, going through to people who were willing to go physically remove money from ATMs,” said Kanuck. “On the other side of the table, you have a growing number of nation-states developing very broad capabilities to do different kinds of operations. The water is very muddy, it’s very complex.”
The FBI continues to investigate the theft, along with authorities in Bangladesh, the Philippines and other countries. The money was stolen from the Bangladesh bank’s account at the New York Federal Reserve. Four transfers totaling $81 million ended up in the Philippines and was funneled through casinos and junket runners there. The Philippine government has since called for stricter anti-money laundering rules. Presently, casinos are exempt from the rules.
Kanuck warned that sophisticated, organized thieves would try to throw off the scent to confound law enforcement efforts.
“An analyst or an investigator would need to consider that nation states may try to make their activity look like it’s the work of criminals, and criminals might also try to make their activity look like it’s the work of nation-states or even ideologically motivated cyber actors,” he said.