$10 Router Blamed for $80m Bangladesh Bank Hack

Last month, we brought you the story of a group of hackers that managed to steal around $80 million from Bangladesh Bank – a figure which could have been closer to $1 billion had it not been for an unfortunate spelling mistake – and the subsequent investigation has now revealed that the cyber-heist was made possible due to lax security on the bank’s end, which had no firewall and used second-hand, $10 routers.

“It could be difficult to hack if there was a firewall,” Mohammad Shah Alam, head of the Forensic Training Institute of the Bangladesh police’s criminal investigation department, told Reuters.

The cheap routers also hindered the investigation that followed, since they collected virtually no network data that could have been used to trace the hackers responsible. While the thieves were found to be using IP address originating in the Philippines – with further links to a number of local casinos – the culprits are yet to be identified and the majority of the money stolen is yet to be recovered.

Security experts across the globe have expressed concern over Alam’s findings – described as “egregious” by Tom Kellermann, a former World Bank security team member and CEO of Strategic Cyber Ventures LLC – with calls for world financial institutions to take cybersecurity more seriously.

“You are talking about an organization that has access to billions of dollars and they are not taking even the most basic security precautions,” Jeff Wichman, consultant with cyber firm Optiv, said.