Bangladesh’s central bank saved several hundred dollars by using cheap second-hand network switches. Unfortunately that move has now cost it $80 million.
The bank was hit in February by hackers who actually tried to instigate just under a billion dollars worth of bogus payments. The sheer number of payments, along with a spelling error in one of the names they used for the transactions, raised the alarm. Still, the haul was enough to put it in the 20 biggest bank robberies in history, albeit without adjusting for inflation.
Forensic investigators have now revealed serious shortcomings in the bank’s cybersecurity. It used switches that had been bought used for $10 and, perhaps more shockingly, did not have a firewall in place for the four servers which handle SWIFT international payments.
The lack of security meant the hackers were able to remotely access the servers and in turn use them to authorize payments from the bank’s own account at the Federal Reserve Bank of New York.
To make things worse, the network switches were so bargain-basement that they appear to have logged little useful information that might help with the search for the culprits.