(Reuters) - SWIFT has rejected allegations by officials in Bangladesh that technicians with the global messaging system made the nation’s central bank more vulnerable to hacking before an $81 million cyber heist in February.
The comments were in response to a Reuters story that cited Bangladeshi police and a central bank official as saying that SWIFT technicians introduced security holes into the bank’s network while connecting SWIFT to Bangladesh’s first real-time gross settlement (RTGS) system.
“SWIFT was not responsible for any of the issues cited by the officials, or party to the related decisions,” the Brussels-based bank-owned cooperative said in a statement posted on its website on Monday.
“As a SWIFT user like any other, Bangladesh Bank is responsible for the security of its own systems interfacing with the SWIFT network and their related environment – starting with basic password protection practices – in much the same way as they are responsible for their other internal security considerations,” the statement said.
But Bangladesh’s main police investigator maintained there were loopholes in the way SWIFT carried out the integration of its network with the RTGS platform that left the central bank’s computer systems vulnerable to hackers.
Mohammad Shah Alam, the head of the criminal investigation department of the Bangladesh police, said the probe had identified specific deviations from set procedures that compromised Bangladesh Bank’s security.
“We stand by our investigation,” he said in response to the comments by SWIFT. But he added he did not want to engage in a debate and urged greater international cooperation to identify the culprits behind one of the world’s biggest cyber thefts.
Reuters has not been able to independently verify the allegations by Bangladeshi officials about the SWIFT technicians.
U.S. investigators suspect the involvement of employees of the Bangladesh Bank in helping the hackers breach the systems, the Wall Street Journal said, quoting people familiar with the matter.
It said the Federal Bureau of Investigation had found evidence that at least one bank employee acted as an accomplice but there could be more who assisted the hackers in navigating around Bangladesh Bank’s computer systems.
Bangladesh police said they have been looking for inside involvement in the heist from the beginning of the probe, but no evidence has turned up against anyone.
Investigators say they think there was some level of local facilitation in the attack on the central bank’s computers but haven’t identified it as yet.
“If the FBI has uncovered evidence, they should share with us,” a police officer said.
The revelations came ahead of a meeting on Tuesday in Basel, Switzerland, where Bangladesh Bank officials have said their governor and a lawyer appointed by the bank would discuss recovery of about $81 million stolen by hackers with the head of the Federal Reserve Bank of New York and a senior executive from SWIFT.
The money was stolen from Bangladesh Bank’s account at the New York Fed through fraudulent transfer orders sent on the SWIFT system.
SWIFT’s statement said it “looks forward to the meeting with Bangladesh Bank and New York Federal Reserve Bank officials in Basel on 10th May, when the bank’s security issues and these baseless allegations will be discussed.”
Bangladesh Bank officials have said they believed SWIFT, and the New York Fed, bear some responsibility for the February cyber heist.
Additional reporting by Serajul Quadir in DHAKA; Editing by Toni Reinhold and Raju Gopalakrishnan