Hackers stole $80 million from a bank, but it could have been a lot worse if they had just Googled the name of a company, according to Reuters. Thieves got inside servers of the Bangladesh Bank, stealing the credentials used to make online transfers. They then bombarded the Federal Reserve Bank in New York with up to 13 money transfer requests to organizations in the Philippines and Sri Lanka. The Fed allowed four to go through totaling $81 million, but the next one was flagged by a routing bank in Germany because the hackers misspelled “foundation” as “fandation.”
Once alerted, officials put a stop to the the remaining transfers, which amounted to nearly $850 million. The $81 million theft is still one of the largest ever, but if all the transfers had gone through, it would have been one of the biggest heists on record. Last year, Russian hackers reportedly got away with up to $1 billion from 100 banks using malware.
Meanwhile, Bangladeshi officials are trying to lock down their systems and figure out how the attack happened, but say there’s little hope the hackers and money will be recovered. As with many large-scale attacks, experts told Reuters that the thieves likely targeted and spied on employees to gain access to servers. While the bank blames the US Federal Reserve Bank for not stopping the transfers, Fed officials say that it’s systems were not breached and that it has been cooperating in the investigation. Luckily, hackers are just as bad at spelling in large fraud attempts as they are in basic spear-phishing attacks.
source: engadget.com by Steve Dent