Bangladesh Bank Accused of Hiding Details of $81m Theft
A war of words has emerged between Bangladesh’s central bank and a Philippines lender over responsibility for an audacious $81m cyber-heist carried out last year.
The spat began when Bangladesh finance minister Abul Maal Abdul Muhith said over the weekend that he wanted to “wipe-out” the Makati-based Rizal Commercial Banking Corp (RCBC).
He claimed the lender had been “playing delinquent” for its part in helping the hackers siphon the stolen funds from the Bangladeshi central bank’s account with the Federal Reserve Bank of New York last year.
However, RCBC hit back in a statement, claiming it had been completely transparent with the Senate and its regulator, while accusing the Bangladesh Bank of concealing “everything it could.”
“BB is definitely partly to blame for the heist. Its refusal to be transparent is a continuing cover-up and a disservice to global efforts to combat cybercrime. RCBC is clearly a victim of BB’s negligence,” head of legal affairs George dela Cuesta is quoted as saying.
“BB must be sanctioned until it owns up and shares what it knows to prevent a repeat. Up to now, not one Bangladeshi has been identified in the inside job, much more hauled to the court.”
Reports suggest Bangladesh Bank could be gearing up to file a lawsuit seeking damages against RCBC and has asked the Fed to join it — presumably to add legitimacy to its case.
RCBC has already been fined a record one-billion pesos ($20m) by the Philippines central bank for allowing the stolen funds to be effectively laundered through its network.
For its part, the Makati-based lender has claimed that malicious insiders were responsible. Prosecutors are said to have filed money laundering charges against a former RCBC bank manager and the four account owners who received the stolen funds.
After almost two years there’s no news on who might have carried out the raid, with Bangladesh Bank managing to reclaim just $15m.
However, last year, researchers claimed the infamous North Korea-linked Lazarus Group may have been responsible.
Source: Information Security Magazine