In the aftermath of an $81 million cyber heist at the central bank of Bangladesh, New York’s Federal Reserve Bank said there were no issues with its fund transfer approval process, according to a letter revealed on Friday by a US lawmaker who had queried the methods.
US Representative Carolyn Maloney called for probes of the fund transfers involved in the cyber attack in February on Bangladesh’s central bank.
In the letter dated 14th April, Thomas Baxter, the general counsel and executive VP at the New York Federal Reserve Bank said that correct procedures were followed when approving five money transfers and blocking thirty. The thirty which were blocked prevented the cyber attackers from their goal of stealing $951 million.
Baxter also said the NY Fed’s systems flag transfers to people and jurisdictions that are subject to sanctions, however they do not block transfers if they have passed the authentication process in the SWIFT network.
That indicates that the Fed, like other banks, typically relies only on SWIFT verification to prevent fraud and doesn’t apply any additional steps.
“Unlike the SWIFT authentication protocols, these steps are not designed to protect our customers from an unauthorized transfer“, Baxter wrote in the letter.
“The vast majority of authenticated instructions received from foreign official account holders are not flagged for manual review by the automated systems”.
Meanwhile in Bangladesh, authorities are trying to work out how the hackers carried out the attack and where the money went, which was sent from the bank’s account at the New York Fed to banks in the Philippines.
Cyber security company BASE systems said the heist was connected to the hack at Sony’s film studio in 2014, just a day after SWIFT revealed a second attack in a vein similar to the one in Bangladesh but targeting a commercial bank.
The recent attacks have highlighted the global financial messaging system run by SWIFT, which is a co-operative owned by member banks in Belgium.
On Friday, Maloney said she remained “concerned that there are critical security gaps in the international payment system”, and that she would urge the New York Federal Reserve Bank to review its security to ensure a similar heist cannot occur in future.