How a hacker's typo helped stop a billion dollar bank heist(reuters.com)
reuters.com
How a hacker's typo helped stop a billion dollar bank heist
http://www.reuters.com/article/us-usa-fed-bangladesh-typo-insight-idUSKCN0WC0TC
20 comments
https://news.ycombinator.com/item?id=11262177
I worked at a very large company that had a email virus move quickly through the ranks...
The subject of the email was "Please see attached documens" in which a PDF was attached that upon opening would hijack your email account and send the same. Over the first day, I had about 100 emails from coworkers in my inbox. After our "IT Security" team sent out an email claiming they stopped the threat, the following day more emails came from coworkers that was a slight variant but had more typos.
I still wonder what sort of breach occurred and whether our internal teams performed a true investigation... obviously a foreign intrusion and they managed to at least gain control of quite a few internal machines.
I still get a laugh out of using the same subject in an occasional email to coworkers...
The subject of the email was "Please see attached documens" in which a PDF was attached that upon opening would hijack your email account and send the same. Over the first day, I had about 100 emails from coworkers in my inbox. After our "IT Security" team sent out an email claiming they stopped the threat, the following day more emails came from coworkers that was a slight variant but had more typos.
I still wonder what sort of breach occurred and whether our internal teams performed a true investigation... obviously a foreign intrusion and they managed to at least gain control of quite a few internal machines.
I still get a laugh out of using the same subject in an occasional email to coworkers...
As someone totally ignorant in this space, how does opening a .PDF document allow for email hijacking (assuming it was actually a PDF)?
I think I'm stuck at how code is able to execute when opening a document inside a PDF viewer or something of the sort. Thanks for sharing your story!
I think I'm stuck at how code is able to execute when opening a document inside a PDF viewer or something of the sort. Thanks for sharing your story!
Usually some variant of: The PDF file contains binary data somewhere within it that will cause a particular PDF reader to misallocate memory. Because data and code are jammed next to each other when you run a program, a clever memory misallocation can be used to rewrite the program (the PDF reader) as it executes in order to execute whatever malicious commands the author of said PDF file intends.
The typical defenses against these attacks include:
* Exploit mitigation tools, such as EMET
* Writing applications to be more memory-safe
* Various other tactics, many of them disingenuous.
The typical defenses against these attacks include:
* Exploit mitigation tools, such as EMET
* Writing applications to be more memory-safe
* Various other tactics, many of them disingenuous.
PDFs support scripting as well as the ability to embed other media such as Flash files.
http://www.malwaretracker.com/pdfthreat.php
http://www.malwaretracker.com/pdfthreat.php
If it's a pdf it could be a bug in Adobe Reader that allows the hackers to spread a virus
Why can't we escrow these say 10 million plus wire transfers for long enough to seek some form of two factor authentication? Fax a random code to the head office or something? Seems like a pretty weak system.
SWIFT and NY Fed are making many $10M+ transactions every hour, maybe every minute.
I am sure that the Bangladesh Central Bank could have requested daily or transaction limits for their accounts. But they most likely did not have that in place. Being a government bank they might make $20M transactions on a daily basis. They probably also could have 2-factor authentication, but that won't help you if its an inside job.
The most telling part of the story is that you can transfer $80M into Manila casinos (a city I didn't even know had casinos before today) and get that in chips without any trouble. I can't even imagine the volume of money flowing in Vegas or Macau casinos.
I am sure that the Bangladesh Central Bank could have requested daily or transaction limits for their accounts. But they most likely did not have that in place. Being a government bank they might make $20M transactions on a daily basis. They probably also could have 2-factor authentication, but that won't help you if its an inside job.
The most telling part of the story is that you can transfer $80M into Manila casinos (a city I didn't even know had casinos before today) and get that in chips without any trouble. I can't even imagine the volume of money flowing in Vegas or Macau casinos.
Still, their margins on 20M should be high enough to pay someone to manually check every transaction, within the amount of time it takes to become irreversible.
Reminds me of http://www.theguardian.com/business/2015/oct/20/deutsche-ban...
Reminds me of http://www.theguardian.com/business/2015/oct/20/deutsche-ban...
It just doesn't work that way. Once a batch file goes through, that's it until another batch file gets processed.
Does the misspelling of "foundation" as "fandation" suggest the first language of an attacker(s)?
I think the real moral of the story is why is the Fed even part of these transactions without any actual security.
What's the point of transferring to a bank account? Wouldn't a bank account have an address associated with it? and some kind of ID proof of the account holder?
The article mentions that the money was further laundered through casinos in the Philippines. At that point, it's pretty much gone.
it could be used as a proxy in a series of transfers. Maybe it was compromised.
"They then bombarded the Federal Reserve Bank of New York with nearly three dozen requests to move money"
Crime pays. They still got away with $80m.
They can't just anonymously withdraw $80m from an ATM...