More than four months after one of the world’s biggest cyber heists ever, Bangladesh's central bank is unlikely to extend the contract of US cyber security firm FireEye to investigate the electronic theft. Sources at the bank have cited high costs as one of the factors for the decision.
The move comes as law enforcement in Bangladesh and the United States have reported little progress in identifying the criminals after the bank was robbed of $81 million of its money.
FireEye's Mandiant forensics division was hired by Bangladesh Bank weeks after the cyber heist in early February. It said in an interim report that hackers took control of the bank's network, stole credentials for sending messages on the SWIFT transactions system and used "sophisticated" malicious software to attack the computers the bank uses to process and authorise transactions.
While Mandiant has said it needs 570 hours of more work to complete its investigations, the bank has already paid about $280,000 to the company at an hourly rate of $400, he and other officials said on condition of anonymity.
Another official familiar with the computer security systems at the bank said it did not want to extend Mandiant`s contract because board members were not sure what tangible results could come from further investigation.
Further, FireEye said in a statement that it would seek to help with the investigation even after completing its assignment for Bangladesh Bank.
"We have uncovered and provided Bangladesh Bank and the global financial community extensive data about this unprecedented financial attack and how to prepare for the future, and will continue to support law enforcement and the industry past the close of our engagement," the statement said.
‘Purpose of hiring Mandiant has been achieved’
Notably, the bank director has said that Bangladesh Bank planned to seek external help in the investigation, but only after drawing up new terms of reference on the basis of its own internal investigation, a police inquiry and a government-appointed probe.
Cost was a factor in the Mandiant decision, the director said. "Its charges are so high," the director said, adding a formal meeting of the board on Thursday was scheduled to formally end the contract.
FireEye, however, said that the $400 per hour figure cited by the Bangladesh Bank officials was not a standard rate for its services. "The pricing and duration of our investigative work is unique to every incident," the statement said.
A third bank official further mentioned that the initial purpose of hiring Mandiant had been achieved: identifying and addressing lapses in the bank's computer security.
At Thursday’s board meeting, terms for a possible new contract for an external investigator will be finalised, the bank director said. It wasn`t clear if FireEye would be invited to bid.