Two years after the theft of $101 million from the Bangladesh Bank reserve, many mysteries persist.
One of the mysteries is what type of attack it was - a criminal heist or something state-sponsored and thus inherently more sinister?
Sources claimed that it was a state-sponsored attack, as the government did not publish the report of the probe committee, headed by former Bangladesh Bank Governor Mohammed Farashuddin, which investigated the incident.
The government did not publish the report as they thought the heist might be an external attack and that the report would have a negative impact on the chances of retrieving the money, a top level official of the Ministry of Finance told the Dhaka Tribune.
On the other hand, the Criminal Investigation Department under Bangladesh Police has termed the cyber attack a transnational crime, finding around 40 citizens from nine to ten countries involved in the incident.
Meanwhile, according to a Reuters report an FBI officer in the Philippines who has been involved in the investigations said: “The heist of $81 million from the Bangladesh central bank’s account at the New York Federal Reserve in 2016 was ‘state-sponsored’,” on March 29 2017.
The legal attaché at the US embassy Lamont Siller did not elaborate, but his comments at a speech in Manila were a strong signal that authorities in the United States are close to naming who carried out one of the world’s biggest cyber heists, according to the news report.
“Officials in Washington, speaking on condition of anonymity, blamed North Korea,” mentioned the report.
“We all know about the Bangladesh Bank heist. This is just one example of state-sponsored attacks that were made on the banking sector,” Siller told.
According to another Reuters report on April 3, 2017, the cyber security firm Kaspersky Lab said it had obtained digital evidence that bolsters suspicions by some researchers that North Korea was involved in the cyber heist.
Russian-based Kaspersky released a 58-page report on Lazarus, a group linked to the heist in Bangladesh and the 2014 attack on Sony’s Hollywood studio, which the US government blamed on North Korea.
Among its findings, the report said Lazarus hackers made a direct connection from an IP address in North Korea to a server in Europe that was used to control systems infected by the group.
Meanwhile, Dr Atiur Rahman, then Governor of the Bangladesh Bank, told the Dhaka Tribune: “The consequences of the cyber attack clearly indicate that it was a state-sponsored attack.
“I do not believe that anyone inside Bangladesh Bank was involved with the incident. There may have been unwanted errors by the concerned employees, but they might not be involved in it.”
Also Read - Can Bangladesh Bank tackle another cyber attack?
When asked why he resigned even though neither he nor any of his employees was held culpable, Rahman said: “I want to create a culture of taking responsibility. An accident occurred during my tenure, and I stepped down taking moral responsibility as well as for the sake of an impartial investigation of the incident.”
However, in another development, the Philippines bank through which the $81 million stolen from Bangladesh’s central bank was channelled in February 2016 has accused Dhaka’s monetary authority of covering up its negligence and demanded that it stop making the bank a “scapegoat”, according to another Reuters report published on December 12, 2017.