Hackers sent deceptive email for BB money heist

Industry Report: The hackers sent a phishing e-mail message before stealing the reserves to hack the central bank’s servers. The message was answered from the computer device used by AFM Asaduzzaman, then General Manager of the Central Bank Governor’s Secretariat.
The sender Russell Ahlam sent a cover letter and a resume or biodata in the e-mail message, hoping to receive a job interview. When AFM Asaduzzaman responded to that message, he was not supposed to be at his place of work as per the scheduled time. By exploiting that phishing message, hackers took control of the central bank’s server late at night.
Later, through Real Time Gross Settlement (RTGS), the reserve money of Bangladesh Bank was withdrawn. Apart from this, the RTGS file hastily approved by showing a deputy governor as absent before the theft of reserves also happened from this office. Investigators said that almost all of these suspicious sources about reserve theft are centered on the Governor’s Secretariat. The term Internet fishing is used in the case of using a mail or link for the purpose of extorting money and information. Spear-fishing is basically sending fraudulent e-mails targeting an organization or individual to gain access to sensitive information. According to the information received from the concerned sources, the Criminal Investigation Department (CID) of the police took custody of the computer seized from the central bank and other devices for forensic examination to identify the device that received the messages of the hackers in the case of reserve theft.
Besides, samples of the devices seized from the central bank governor’s secretariat were collected at the United States Federal Bureau of Investigation (FBI) lab for further forensic examination. After a few rounds of these sample tests, the organization confirmed that the fishing mail sent by hackers named Russell Ahlam was clicked first from the device of AFM Asaduzzaman, the official of Bangladesh Bank’s Governor’s Secretariat.
He was then working as General Manager in the Secretariat of the Governor of the Central Bank and Assistant Spokesperson of Bangladesh Bank. He responded to the fishing mail using the bank’s own server. CV was attached to the mail. After clicking on that file, the hackers took control of the central bank’s SWIFT server. $101 million of the central bank’s reserves were removed in a few transactions through RTGS for several hours at night.
After testing the devices seized from Bangladesh Bank in its own lab, the agency said in a criminal case filed by the FBI in the US District Court of California, the agency said, in order to initially break into Bangladesh Bank’s computer network, nearly identical ‘spear-fishing’ e-mails were sent from all e-mail accounts. Four Google accounts were used to launch cyber-attacks and target Bangladesh Bank.
The spear-fishing e-mails sent from these four addresses were almost identical. From these e-mails, messages are sent to several devices to own e-mails connected to the central bank’s server. As it was the end of the working day, the phishing mails from any other device were not responded to. Only the device used by the GM of the then Governor’s Secretariat responded. The phishing e-mail was clicked between August 11 and 12, 2015.
Asaduzzaman joined the Public Relations Department of Bangladesh Bank in 1983 as a junior officer. Received ‘Shubjan Padak’ in 2015 as the best public relations officer in his long service life of 30 years. The theft of the central bank’s reserves happened in the following year. Currently, Asaduzzaman is working as a director of a public relations organization. Despite several attempts to get a comment, he could not be contacted.
On the other hand, the stakeholders are also suspicious of the swift connection of the RTGS project file before the theft of reserves. According to them, the central bank reserve theft happened with the connivance of officials of the governor’s office in several stages.
The then Deputy Governor of the Central Bank, Abul Kashem, was opposed to the implementation of the RTGS project, fearing that the reserve fund would be at risk. Later the RTGS project file was approved within a day showing his absence. In this case, the entire work is done from the Governor’s Secretariat.
An official involved in the investigation of the case said that the then Deputy Governor Abul Kashem was in the office on the day of RTGS project approval. But Executive Director Shubhankar Saha himself signed and sent the file directly to the Governor’s Secretariat for approval of the project, showing him absent. From there, with approval, the file is again deposited in the document branch after visiting the table of the concerned officials. Abul Kashem is now retired.
An officer of the central bank spoke to him in his room. The former deputy governor also expressed anger about the extra travel of outsiders to the central bank before the theft of reserves. However, he also thinks that a crime like theft of reserves by someone from the central bank is not possible. On the contrary, he thinks that joining the RTGS project even though he is behind in the use of technology is more responsible for this theft.
At the time of the incident, the governor of Bangladesh Bank was engaged Atiur Rahman. He told, “The New York court case is still ongoing. The judgment given by that court in January went in favor of Bangladesh. There they clearly stated that the RCBC Bank of the Philippines had received Bangladesh Bank’s reserve funds from the New York Fed through hackers. They have conspired to open fake accounts without KYC (Know Your Customer).
The last line of the judgment said that the allegations made by Bangladesh are true. Mediate with Bangladesh and report the matter to the court. That mediation is still going on. So, I don’t want to comment on reserve hacking right now. We hope that the matter will be resolved quickly as per the instructions of the New York Court.
Meanwhile, the CID could not submit the investigation report of Bangladesh Bank’s reserve theft case to the court on the scheduled date. July 31 was the scheduled date for submitting the report in this case. But even on that day, the investigating officer could not submit the investigation report of the reserve theft case.
Later, Magistrate Rajesh Chowdhury of the Chief Metropolitan Magistrate (CMM) court of Dhaka has set a new date for submitting the report on September 20. The date of submitting the case report has been delayed for 73 times.
When asked about the progress of the investigation in the case, CID spokesperson Azad Rahman told, “There are some international issues involved in the theft of reserves. We have asked for some information from several countries. I have already received the information of some countries. After getting the rest of the information, a report will be submitted to the court in this case.
The chief counsel of the state, Abdullah Abu told, “When the investigation report of the case of reserve theft is submitted to the court, the trial of the case will begin.” However, the CID has not yet submitted the investigation report of the case to the court. September 20 is the next date for submitting the report.
As the case is more important and sensitive, its entire investigation should be thorough. That may be why it takes some time. Care should also be taken to ensure that no one involved in the reserve crime is exempted while reporting in haste. We hope that the investigating agency will be able to give an accurate report on the reserve theft incident.
In February 2016, $101 million was stolen from Bangladesh Bank’s account at the Federal Reserve Bank of New York. At least $81 million of the stolen reserves were transferred to the accounts of Manila-based RCBC. From there they are spent in casinos in the Philippines. In this incident, on March 15, 2016, Bangladesh Bank Deputy Director (Accounts and Budget) Zobair bin Huda filed the case at Motijheel police station.
Bangladesh Bank’s lawyer Ajmalul Hossain QC told, “The investigation of the reserve theft case is taking a little longer. Such additional time is required for a fundamentally accurate investigation. 12 countries are involved in reserve theft. They were asked for information. Several countries have already sent information. Many did not send.
For example, we have not yet received any letter from China. Some information came from Japan, but not completely. In the meantime, the New York court has jurisdiction over our case. We are providing information as per their demand. They (defendants) may be doing it too. This process will end in October. A hearing may be held after that. We will win there, God willing.
So far, Bangladesh has recovered $15 million from RCBC and another $20 million sent to a bank in Sri Lanka. On February 1 this year, Bangladesh Bank filed a case against Rizal Bank in the United States court to recover the stolen $66 million.