Local Rizal Commercial Banking Corp. (RCBC) and top Bangladesh officials traded accusations over the almost two-year joust on the $81 million stolen from the Bangladesh Central Bank in a cyber heist of a Chinese group that operates from the Philippines.
Bangladesh’s finance minister has said he wanted to “wipe out” RCBC.
The Dhaka Tribune reported the Bangladesh government is considering lodging a court case against RCBC which was used to funnel the proceeds stolen from the Bangladeshi Federal Reserve Bank of New York bank account by attackers.
Speaking at the annual meeting of the Zoological Society of Bangladesh, Finance Minister Abul Maal A. Muhith said “We will discuss the case with Bangladesh Bank. We want to wipe out Rizal Bank from earth.”
Muhith also claimed that RCBC has been “playing delinquent.”
“We previously discussed the matter of recovering the money with the Philippine government multiple times,” Muhith added.
“We were assured that the money will be returned but they are lingering on it. That is why we are thinking about lodging a case,” he said.
RCBC, in response, said the Muhith made an extremely irresponsible statement for a finance minister while accusing Bangladesh Bank (BB) of a cover-up.
“Reports say it was an inside job as BB refuses to divulge its own findings,” RCBC added.
“Wipe out RCBC extremely irresponsible statement from finance minister,” he said.
RCBC said in a statement that BB must be compelled to disclose its findings which are crucial to the global fight against cybercrime.
RCBC said that the BB had been asked to share the result of investigation. Instead, BB has been coming out with empty sound bites like “wiping out RCBC” which, coming from a Bangladeshi finance minister, is “extremely irresponsible”.
“At least from five reports — SWIFT; FireEye, an international cyber security outfit; Bangladesh’s own finance minister; its government-appointed panel; and a Bangladeshi expert — point to a conclusion that somebody inside BB would have made the heist possible,” RCBC said.
It was also reported that BB had no firewall to protect its system and used second-hand $10 switches, making itself vulnerable to hackers.
In January, the hackers also did trial runs but apparently BB did nothing to protect its system.
In February last year, a threat group used stolen SWIFT credentials to make over three dozen large and rapid money requests from the bank account to entities in the Philippines.
While the group attempted to steal over $850 million, they managed to make off with $81 million before a small typographical error in a transfer request alerted staff that something was wrong.
The transfers were stopped, but the damage was done. Almost two years later, only approximately $15 million has been recovered.
Security experts have linked the heist to Lazarus, a threat group linked to attacks on entities including manufacturing companies, media, and financial institutions in at least 15 countries worldwide.
RCBC was fined P1 billion in 2016 for failing to prevent the flow of fraudulent cash being sent to the Philippines.
The cyberattackers behind the scheme have not been identified. However, RCBC has filed money laundering charges against a former RCBC bank manager and four individuals who owned the bank accounts the money was sent to.
RCBC has so far refused Bangladesh’s requests for compensation.
RCBC added that reports have it that BB terminated its contract with FireEye. The Bangladeshi expert who came out with a similar finding disappeared. He was found days later already out of his wits.
“Bangladesh police investigated some BB people but only for negligence. Up to now, we do not know if anybody has been taken to court,” RCBC said.
RCBC added: “BB should stop making RCBC its scapegoat. RCBC has revealed everything it legally could to the Senate and to the Bangko Sentral ng Pilipinas; BB, however, has concealed everything it could. The contrast is telling.”
BB wants RCBC to return the stolen money, in reply, RCBC said “if it was stolen by your own people, why ask us? We are actually a victim of BB’s negligence.”
RCBC said it received the funds in February last year in good faith because these were cleared and authenticated by the New York Fed and SWIFT, whose secure communications system is used by banks all over the world for their transactions.
Three global banks — Citibank, New York Mellon and Wells Fargo — remitted the funds to RCBC.
“These organizations are among the most sophisticated in the world and their remittances are accepted as a matter of course”,” RCBC said.
BB belatedly requested the funds to be frozen using ordinary email message, not the equivalent of a Code Red message banks use to raise an alarm.
“This resulted in their message being bunched with thousands of ordinary messages RCBC receives from all other banks all over the world each day. Had they sent a Code Red, we would have caught it,” RCBC said, adding that BB did not reach out to RCBC in any other way.