The Bangladesh central bank at the center of one of the largest cyber-heists of all time was vulnerable to hackers from the beginning – it did not even have a firewall, according to an investigator looking into the incident.
The revelation was made by Mohammad Shah Alam, head of the Forensic Training Institute of the criminal investigation department of the Bangladesh police.
Through his investigation, Alam revealed that the central bank in Bangladesh did not employ firewalls and used basic, second-hand $10 switches to band together networks connected to the global payment network set up by SWIFT.
Hackers tried to pull off the near billion-dollar heist using the bank’s SWIFT credentials and a significant reason for their success in getting as far as they did was due to the clear shortcomings in the security infrastructure, according to the investigator.
“It could be difficult to hack if there was a firewall,” Alam said in a Reuters report.
Switches used for connecting with SWIFT’s networks routinely cost several hundred thousand dollars, if not more. The lack of these sophisticated switches also makes it harder for investigators to locate the hackers.
SWIFT to Share Blame?
Alam put some of the blame on SWIFT, noting that the fault lies with both the payment network and the central bank of Bangladesh for the oversight displayed.
While a spokesperson for SWIFT declined to comment, Alam said:
It was their responsibility to point it out but we haven’t found any evidence that they advised before the heist.
Meanwhile, SWIFT has previously claimed that its core messaging services were not compromised and that the attack was related to an internal operational issue specific to the Bangladesh central bank.
The investigation into the cyber heist still did not bear any clues as to the identity of the hackers involved behind the plot.
Alam’s investigation revealed that bank officials used nearly 5,000 computers in different departments within the central bank. The SWIFT room is about 12 feet by 8 feet, an office located on the eight floor of the building as is windowless with four servers and four monitors in the room.
In an ideal security setup, the SWIFT facility should have been walled off from the rest of the network completely, according to Alam. This could have been the case if more expensive, sophisticated, “managed” switches were used, allowing engineers to create separate networks.