Dirt-Cheap Routers Led to an Ingenious International Bank Heist

​​Don't buy your routers secondhand, especially if you're the central bank of a government.

The term "central bank" is meant to sound authoritative enough to inspire trust in consumers, which means Bangladeshi citizens are in for a shock. The country has determined that an $80 million theft through hacking only occurred because their banking system was relying on second-hand $10 routers and didn't even have a basic firewall in place.

The entire story of the theft is an international embarrassment, and the new developments, released by a Bangladeshi investigation, provide a clearer picture of what happened. Thanks to the cheap routers and no firewall, hackers were able to easily infiltrate the Society for Worldwide Interbank Financial Telecommunications, or SWIFT.  SWIFT messages are the lingua franca of international banking, used by every major financial institution worldwide.  The hackers were able to put in a request that appeared to be from Bangladeshi sources, asking for the $100 million to be transferred into five different entities in South Asia, including casinos in the Philippines and non-governmental organizations in Sri Lanka.

Where'd they screw up? Grammar. When describing their bogus NGO in a SWIFT message, they spelled the word "foundation" as "fandation," prompting a routing bank to put in an inquiry with official Bangladeshi sources. They put a stop to the transfer, but not before the vast majority was already sent out. 

Bangladeshi officials have tried to blame the Fed for not double checking in the first place on the unusual transaction to businesses, although security experts are asking why the country didn't have its own standards in place. When asked to comment by Bloomberg, Sri Lankan central bank Governor Arjuna Mahendran mentioned that there were several technical issues at fault, from SWIFT to internal security, and the new information about the cheap routers will only be added to that long list. He also cut to the heart of the problem: "The key is people," he said. "They get lazy, they develop bad habits." In this case, those bad habits have cost $80 million.