12:00 AM, February 03, 2018 / LAST MODIFIED: 02:28 AM, February 03, 2018

Two Years of $101m Cyber Heist

BB still waits for $66m of stolen money

CID probe could not identify culprits involved; BB, CID team now in Philippines; Bangladesh mulls filing case against RCBC

Two years have gone by since the Bangladesh Bank cyber heist, but Bangladesh could not bring back the major portion of the $81 million wired to the Philippines from BB's account with the New York Fed.

Also, the Criminal Investigation Department (CID) has yet to complete its investigation into the transnational crimes, one of the world's biggest cyber thefts.

As part of the probe, the CID sought information from several countries about the suspects, but only the Philippines has responded so far.

The BB is now considering suing Manila-based Rizal Commercial Banking Corporation (RCBC), known as Rizal Bank, as a last resort to to retrieve the fund.

On February 4, 2016, hackers broke into the BB's systems and generated 70 fake payment orders for the Federal Reserve Bank of New York to draw about $1.94 billion.

While the NY Fed's security measures flagged the payment orders, five of them fell through, and $101 million against them was released. Of the amount, $81 million was wired to the Philippines (RCBC branch in Manila) and $20 million to Sri Lanka.

Sri Lanka sent back $20 million immediately after the heist exposed while Philippines sent back $14.54 million in November, 2016, meaning $66.46 million are yet to be retrieved from Philippines.

SLOW PACE IN RETRIEVING MONEY

Amid huge uproar, the BB governor, several ministers and MPs visited the US and and the Philippines as part of their effort to retrieve the money.

Initially, the Philippines authorities also cooperated, initiating legal steps against RCBC and individuals.

But BB officials said they found lacking in the Philippines' efforts lately.

Contacted, SK Sur Chowdhury, ex-deputy governor of BB and currently an adviser at the central bank, said bringing back money took time.

“But our effort to retrieve the money is on,” said Chowdhury.

BB Governor Fazle Kabir told reporters on January 29 that several cases were now pending with courts in the Philippines, and the process for the return of over $7 million was nearing its end.

A joint team of the BB and the CID left for the Philippines on January 29 to complete the formalities.

Of the $66.46 millions yet to be retrieved, the Philippines authorities could trace $47.2 million, now in possession of several individuals and companies and the matter is now pending with different courts and authorities, according to BB sources.

Holders of rest of the money ($19.26 million) could not be traced, they said.

Of the $47.2 million traced, $29 million were transfer to a Manila-based casino -- Solaire -- from RCBC. A court froze the casino account and the case is now pending before the Supreme Court, they said.

Another $17 million remains in the account of Philrem Service Corporation, a money remittance company. This matter too is pending before a court.

The remittance firm has been used as a “cleaning house” to hide the trail of $81 million looted from a Bangladesh bank, according to a Reuters' report in April 2016.

Philrem muddied the process and washed the stolen funds via a web of transfers and currency conversions around Philippine bank accounts, before moving it into Manila casinos and junket operators, it added.

Philrem has denied any wrongdoing.

PREPARATION ON TO SUE RIZAL

Bangladesh will claim $19.26 million in untraced money from Rizal Bank as it was transferred via the bank, BB officials said.

The Philippines Central Bank has already fined the RCBC $21 million as it found irregularities in its money transaction linked to the heist, they said.

Bangladesh will sue Rizal if the bank does not send back the money, officials said, adding, preparations in this regard were underway.

NY Fed and SWIFT, the messaging system through which fund transfer requests are made, will help Bangladesh in this regard.

Under international money laundering laws, Bangladesh has to file the case within three years of the heist, BB officials said.

“So we will file the case within this year if Rizal Bank does send back money,” said a BB official, wishing not to be named.

“We will claim more money from Rizal Bank if we do not get back the money from the individuals and companies after the cases are disposed of,” he said.

The BB may file the case with the court in New York as the money was transferred from NY.

NO ACTION AT BB

Mohammed Farashuddin, head of the three-member committee that probed the theft, said they submitted the report in May last year, but the government did not publish the report.

“Had the government published the report and taken steps as per our recommendations, retrieving the money would have been easier,” said Farashuddin, also a former governor of BB.

In August last year, Finance Minister AMA Muhith said the government was not publishing the report as a case was pending with a court in the Philippines.

Ministry officials said the report may be publish on completion of the investigation.

US-based FireEye had conducted a forensic investigation into the heist. The BB handed the report over to the investigators.

BB governor said they did not take any action following the probe report of Farashuddin-led committee and did not publish the report so as not to influence the ongoing investigations at home and abroad.

“We will take action about implementing the recommendations after the report is published,” he added.

CID INVESTIGATION 

CID officials said they could not complete the investigation as they did not get response from other countries whose citizens were allegedly involved in the heist.

“It is difficult to say when we will be able to submit the charge sheet,” said Molla Nazrul Islam, Special Superintendent of CID, who is coordinating the team probing the case.

“The case involves transnational crimes and criminals from different countries are involved. We have to exchange correspondences with different countries, which takes time,” he said.

Citizens from eight to nine countries, including the Philippines, Sri Lanka, China and Japan, are involved, he said.

Investigators sent letters to those countries, seeking particulars of some 40 suspects in the last 10 months. No countries, except the Philippines, have responded. 

“We are trying to get information from other countries through our embassies there,” Nazrul said.

“People from Bangladesh -- inside and outside of Bangladesh Bank -- may have assisted in the hacking. We are investigating the heist keeping this in our mind,” he said, but declined to give any details.

REMEDIATION PLAN

As the hackers used sophisticated tools to break into BB's payment systems, the BB has taken up a major remediation plan involving around Tk 200 crore to strengthen its security system.

It has already purchased some sophisticated tools but they have not been installed yet, BB officials said.

For this reason, BB continues to follow its three-stage payment system, which it had introduced to communicate with NY Fed following the heist.

The BB government said the remediation plan would be implemented by June.

More from Front Page

KM Nurul Huda
Election won't be inclusive without BNP participation
SL in control after Day 3
Khaleda to outline course of action
TOP QUOTE!
Dhaka North City Corporation Logo
DNCC By-polls: EC seeks stay on HC order
Daily Star Bangla

    In case you missed it

    Rohingya crisis A concern for the region
    Rohingya crisis: A concern for the region
    Change Maker: Dragon fruit kindles hope
    From land of death, despair
    The Joy of Cropping
    Violence in Rakhine: India keeps off the Bali declaration

    Multimedia you may like
    Today's Gallery (2018.02.02)
    Today's Gallery (2018.02.01)
    Today's Gallery (2018.01.31)
    Today's Gallery (2018.01.30)
    Today's Gallery (2018.01.29)
    Today's Gallery (2018.01.28)