Hackers take $81M from Bangladesh's central bank by pwning its $10 second-hand routers


[Read the post]


Speelling got them caught. Who’d a thunk that?


Is the problem that they were too cheap? Or was it that there weren’t effective firewalls and logs?

If the bank manager had help from experienced coders, despite a limited budget, could the bank deposits have been better protected?



There’s some pretty standard and well understood security practices that do not rely on having clever people reinvent the wheel.
And logs, you want a lot of logs.


I’m reminded of the time I went into an Indian bank to change one Australian dole payment into rupees, and the teller whistled at my fat stacks.

Still, a bank can’t pay for IT services, near India?



BBC:[quote=“doctorow, post:1, topic:77078”]
This has been traced to accounts in the Philippines and to casinos in the same country. Most of the cash has yet to be recovered.

Quite a change in story.


2/5 is much. 3/5 is most. For example.


So experienced coders may have better protected the bank deposits despite the limited budget? Though I’m outside the coder profession, that conclusion fits my expectation.

The right tools help. Especially for engineers — and coders are a sort of engineer — a tool may be indispensable for a particular job. But the core value of professional help originates with the professional’s experience and training, not tools. And a tool is useless or even dangerous without someone who can use it.

I’d also think that an experienced lawyer or an experienced accountant could better protect a bank’s depositors despite a limited budget if inclined to do so.

For example, lacking a current Westlaw account or the latest accounting software license may not be an insurmountable barrier in the U.S. to compliance with federal banking regulations or generally accepted accounting principles.




Do we have a new member of the bbs disapointment club? Excellent.


I guess it’s not really a software problem is what I’m getting at.
The unwillingness to invest in proper security or the lack of knowledge to even understand that the current implementation was insecure or the lack of understanding of what’s at risk and a lack of oversight into security practices at this location are not the sort of thing that get fixed in software.


I’m puzzled by the photo with this story. It’s not of a bank. It’s not of a router. It’s not a picture which suggests a lot of money. Was it taken in Bangladesh? Does Bangladesh not have office buildings or other other structures which would suggest that modern, electronic, transactions happen there?


The perps must be gutted that a typo stopped them that early. But at least they’ll be able to use it as a counter-argument to those who believe that spelling isn’t worth getting over-excited about.


how is this still a list and not a badge?


Would you say you’re disapointed it’s not a badge.


Disappointed has two Ps. You just blew $919M.


Guess I’ll just have to live with the 81 million then. Oh well it’s a hard life.


If only the thieves had invested in better word processing software and hired experienced editors.


The real problem, as usual, is everybody involved assuming that it matters how much money they have. That’s a personal problem.