A few Bangladesh central bank officials deliberately exposed its computer systems, allowing hackers to steal $81 million from its account at the Federal Reserve Bank of New York in the February heist, Mohammad Shah Alam, a top police investigator told Reuters on Monday in Dhaka.
The revelation by Alam, who is the head of the Forensic Training Institute of Bangladesh police’s criminal investigation department, is the first sign that investigators have a firm lead in what is being called one of the world’s biggest cyber heists.
Alam also told Reuters that arrests in the case are likely to be made soon.
Last week, the head of a Bangladeshi government panel that investigated the heist had said that five bank officials were found to be guilty of negligence but stressed that they were only unwilling accomplices.
While talking to Reuters, Alam said investigators had found that some bank officials had deliberately created vulnerabilities in the bank’s connection to the Society for Worldwide Interbank Financial Telecommunication (SWIFT) global messaging and payments system.
"Bangladesh Bank's SWIFT network was made insecure by some bank employees in connivance with some foreign people," Alam said. "They knew what they were doing."
In February this year, the hackers used SWIFT to send out fake orders asking the transfer of around $1 billion from Bangladesh Bank's account at the Federal Reserve Bank of New York.
Many of these orders were either blocked or reversed but following a series of miscommunications, the New York Fed ended up sending $81 million to four fake accounts in a branch of Rizal Commercial Banking Corp in the Philippines. Most of the money disappeared into Manila's loosely regulated casino industry.
Alam did not reveal the names or the number of suspects.
He said the team was probing how the mid-ranking officials were connected to the hackers and whether they benefitted from the heist financially.
The heist was followed by an international probe headed by the US Federal Bureau of Investigation.
The thrust in investigations comes after months of international finger-pointing and a trading blame among Bangladesh Bank, the New York Fed, SWIFT, and a Philippine lender that received much of the stolen funds before they disappeared.
SWIFT told Reuters that its messaging system has been targeted in a "meaningful" number of other cyber attacks this year, using an approach on the lines of the Bangladesh one.
An investigator in Dhaka,who did not want to be named, told Reuters that more than 100 Bangladesh Bank employees have been interviewed in connection with the case and some are barred from leaving the country.