Software, printer problems delayed discovery of Bangladesh heist

Reuters: The cyber thieves who stole $81 million from Bangladesh Bank hid their tracks by installing malware that manipulated a central bank printer to hide evidence of the heist, according to a person familiar with the investigation.

Earlier, two central bank officials filed a police report that said that a computer and printer the bank uses to order SWIFT wire transfers was manipulated so that authorities could not see records of outgoing wire transfer requests or receipts confirming that they had been received.

Details about the issues with the computer and printer were among the first clues to surface as to how the attack was carried out. Last week, central bank officials briefed on the investigation said malware was suspected to have been installed on the central bank’s computer systems. Then, the hackers appeared to have stolen Bangladesh Bank’s credentials for the SWIFT messaging system, which banks around the world use for secure financial communication.

The computer linked to the SWIFT system at Bangladesh Bank was supposed to keep records so they could be easily reviewed by bank staff, according to the police report.  

The officials saw the first signs that something was off on Feb. 5, when they noticed a glitch with a printer that is set up to automatically print all SWIFT wire transfers.

When they realised the previous day’s transactions had not been printed, they attempted to manually print them but were unable to do so, according to the report, which was reviewed by Reuters on Wednesday. One official asked that the printer be repaired before leaving the office that day, which was a Friday and the first day of the weekend in Bangladesh. Other bank employees later decided to wait until the next day to fix it, according to the report.

When the officials tried to access the computer the bank uses to send SWIFT messages, they got messages saying a file NROFF.EXE “is missing or changed.”