DHAKA (Reuters) – A Bangladesh government-appointed panel investigating the theft of $81 million from the country’s central bank has found that SWIFT, the international banking payments network, committed a number of mistakes in connecting up a local network, the panel head said on Sunday.
“We have shown that SWIFT made a number of errors that made it easy for the hackers,” Mohammed Farashuddin, a former governor of the Bangladeshi central bank, told reporters.
He said SWIFT, a cooperative owned by 3,000 financial institutions, could not escape responsibility as it had connected its network to the central bank’s new real time gross settlement (RTGS) system launched in October for domestic transactions.
“SWIFT is responsible for the heist of Bangladesh Bank as it approached the central bank for the installation of RTGS real time gross settlement,” Farashuddin said.
SWIFT has already rejected allegations made by Dhaka that it had been at fault, saying its financial messaging system remained secure and had not been breached by the hackers during the attack on Bangladesh Bank.
The hackers broke into the computer systems of the central bank in early February and issued instructions through the SWIFT network to transfer $951 million of its deposits held at the New York Federal Reserve Bank to accounts in the Philippines and Sri Lanka.
Most of the transactions were blocked but four went through amounting to $81 million, prompting allegations by Bangladeshi officials that both the Fed and SWIFT had failed to detect the fraud.
Bangladeshi police and a bank official said earlier this month that the central bank became more vulnerable to hackers when technicians from SWIFT connected the new bank transaction system to SWIFT messaging three months before the cyber theft.
The local Daily Star newspaper quoted Farashuddin as saying that SWIFT failed to implement 13 security measures in the installation of the system.
Farashuddin is due to submit his final report to the government in the next few days.
A spokeswoman for SWIFT said she had no immediate comment to make.
In a letter to users dated May 3, SWIFT told its bank customers that they were responsible for securing computers used to send messages over its network.
(Reporting by Serajul Qaudir; Writing by Sanjeev Miglani; Editing by Greg Mahlich)