$81-M Bangladesh bank heist:

Where's the money now?

By Levi A. So , August 9, 2016,http://www.philstar.com/news-videos/2016/08/09/1611714/81-m-
bangladesh-bank-heist-wheres-money-now

MANILA, Philippines A high-level delegation from Bangladesh will arrive next month seeking to
recover the $81 million laundered in the Philippines.

RELATED: DOJ to help Bangladesh recover $81 M | Bangladesh nears recovery of $81-M stolen funds

Close to $1 billion from the Bangladesh bank account at the Federal Reserve Bank of New York was
targeted by hackers, but the US bank managed to stop 30 of the 35 transactions.

Five of the transactions amounting to $81 million went to fictitiousaccounts at the Rizal Commercial
Banking Corp. Jupiter Street branch, allegedly facilitated by the bank's dismissed branch manager
Maia Santos-Deguito and customer relations officer Angela Torres.

Investigations by both the Senate blue ribbon committee and the Bangko Sentral ng Pilipinas (BSP)
over the heist already ended.

Senate Minority Leader Ralph Recto said that the Bangladesh delegation should not leave our country
without their money.

In fact, they should not be made to beg for their money. It would even be wise if we could return the
money before they arrive here. In this case, apologies must come with cash, he said.

So far, the Anti-Money Laundering Council has accounted for $60 million of the stolen money. But the
remaining $21 million has yet to be traced.

During the Senate probe, casino junket operator Kim Wong turned over $15 million. A lower court in
Manila approved the forfeiture of the money turned over by Wong which is currently being kept at the
BSP vault. To recover the money, the Bangladesh government should file a third-party claim.

Muhith defers release of probe

report again
September 22, 2016
The government has once again deferred the release of the probe report on the
Bangladesh Bank reserve heist for the sake of bringing back the money from the
Philippines.

We filed cases there [in the Philippines]. They will be upset if the report is made
public now, Finance Minister AMA Muhith told reporters yesterday after a meeting
of the cabinet committees on economic affairs and purchase.
Earlier, Muhith said the report would be released before his two-week tour of a
number of countries, including the US, which starts on Saturday.

Now it will not happen in my absence. We can't say when it will be published, but it
will definitely be published later, he added.

A three-member government-formed committee led by former Bangladesh Bank

Governor Mohammed Farashuddin submitted the report to the finance ministry on
May 30. Since then, Muhith on several occasions pledged to publish it.

On July 21, the minister told his colleagues in parliament that the probe report on the
heist will be made public within the next few days.

According to his latest public confirmation, the report was scheduled to go online on
the finance ministry's website today.

Muhith said separate discussions with the law minister and the attorney general over
the matter led him to decide not to publish the report for now.

In February, $101 million was hacked from the BB's reserve account with the Federal
Reserve Bank of New York Fed. Of the sum, $81 million was siphoned off to the
Philippines and $20 million to Sri Lanka.

Bangladesh has already got back the money laundered to Sri Lanka. Of the $81
million, the Philippines court gave an order to return $15 million to Bangladesh and
the amount would be deposited to the BB account in a few days.

The finance minister yesterday said he is hopeful of getting back almost 100 percent
of the stolen money.

Muhith said Bangladesh's ambassador to the Philippines met the new president of the
country and invited him to visit Bangladesh.

President Rodrigo Duterte told the ambassador that he will not visit Bangladesh until
his country returns the money, the finance minister added.

After heists, bank transaction

service adds new security
feature
http://thehill.com/policy/cybersecurity/296790-after-bank-heists-swift-adds-new-security-feature
By Joe Uchill - 09/20/16

The Society for Worldwide Interbank Financial Telecommunication (SWIFT), the

banking transactions messaging service that hackers used to steal more than $80
million from the central bank of Bangladesh, is adding a new fraud protection
system.

Starting in December, the network will send its member banks summaries of their
communications, with a separate summary flagging suspicious transactions.
ADVERTISEMENT
Hackers attempted to steal more than $1 billion from the Bangladeshi bank by hacking into its systems
to request large transfers from foreign accounts. The New York Fed transferred $81 million before the
fraudulent activity was noticed.

The transaction summaries which SWIFT is calling Daily Validation Reports

will give banks a better chance to see whether messages are being sent in their names
and cut off robbers before another large robbery.

Though the biggest known SWIFT heist, Bangladesh has not been the only one.
Similar burglaries have hit banks from the Philippines to New Zealand.

Daily Validation Reports will provide a reliable and independent source of

information, providing such institutions with an activity lens to help them quickly
detect fraud whether perpetrated by external attackers or by malicious insiders,
said Stephen Gilderdale, the head of SWIFTs Customer Security Program, in a
Monday press release announcing the reports.

Bangladesh central bank withholding

$105m heist probe information from
'foreign perpetrators'
14 Aug 2016, 8:54am

HYPERLINK
"http://www.abc.net.au/news/2016-08-14/bangladesh-central-bank-building/7732762" PHOTO:
The theft occurred over six months ago in one of the biggest-ever cyber heists.(Reuters: Ashikur
Rahman (file photo))
 MAP:Bangladesh

Bangladesh's central bank says it is withholding findings of investigations into

the cyber theft of $US81 million ($106 million) from its account at the Federal
Reserve Bank of New York to avoid tipping off the "foreign perpetrators" of the
hack.

Key points:
The theft is one of the biggest-ever cyber heists
The culprits have not been identified
As many as six types of malware were used to infect Bangladesh Bank computer systems
Bangladesh Bank lawyer Ajmalul Hossain was responding to comments by Rizal
Commercial Banking Corp (RCBC) in the Philippines through which the stolen
money was routed before disappearing into Manila's casino industry that the
central bank in Dhaka was wary of releasing reports that could implicate its own
officials.

More than six months have passed since hackers broke into the Bangladesh central
bank's computer systems in one of the biggest-ever cyber heists.

Most of the $US81 million stolen is still missing and the culprits have not been
identified, but Bangladesh Bank has held RCBC accountable for the loss.

It has said it may sue RCBC if other efforts to recover the money are unsuccessful.

"Bangladesh Bank knows enough about what happened from the internal and external
reports so far obtained by it and others," the central bank's lawyer Mr Hossain said.

"This truth is being deliberately withheld from the public domain so as

not to allow the foreign perpetrators of the hacking to have knowledge
of the investigations."
RCBC has questioned Bangladesh Bank's June decision not to extend a contract with
US cyber security firm FireEye to investigate the February theft, saying the recovery
of the money could be "imperilled" if someone within the central bank was found
responsible for the heist.

The initial FireEye report submitted to Bangladesh Bank in March and seen by
Reuters had blamed a sophisticated third party for the attack and had identified around
35 "compromised" Bangladesh Bank assets.

As many as six types of malware were used to infect Bangladesh Bank computer
systems.

A Bangladesh Government-appointed panel said in May that Bangladesh Bank

officials may have been involved in the brazen theft, but its report has also yet to be
released.

"That's why I think a report is not forthcoming," said Maria Celia Estavillo, RCBC's
legal and regulatory affairs head.
"They should finish their investigation, they should find out what happened in
Bangladesh, they should find out who is liable there, they should give a copy of that
to the Philippines government.

"And if they are confident of the strength of their case, they should file a case in
court."

The central bank of the Philippines last week fined RCBC a record 1 billion pesos
($28 million) in connection with the heist.

RCBC had expected the fine because of some lapses within the bank, Ms Estavillo
said, but blamed a couple of rogue employees for letting the money go out of the bank
despite stop-payment instructions from Bangladesh Bank.

She said internal investigations by the bank showed nobody from its head office was
complicit.

Bangladesh Bank said RCBC had "corporate knowledge" of the money laundering.