How the New York Fed fumbled over the Bangladesh Bank cyber heist. DHAKANEW YORK Jupiter. That single word, by a stroke of luck, helped stop the Federal Reserve Bank of New York from paying nearly 1 billion to the cyber criminals behind a notorious bank heist earlier this year, according to sources familiar with the incident. When hackers broke into the computers of Bangladeshs central bank in February and sent fake payment orders, the Fed was tricked into paying out 1. But the losses could have been much higher had the name Jupiter not formed part of the address of a Philippines bank where the hackers sought to send hundreds of millions of dollars more. By chance, Jupiter was also the name of an oil tanker and a shipping company under United States sanctions against Iran. That sanctions listing triggered concerns at the New York Fed and spurred it to scrutinise the fake payment orders more closely, a Reuters examination of the incident has found. XyZh7OJAnpg/hqdefault.jpg' alt='Hack A Bank Account Software' title='Hack A Bank Account Software' />It was a total fluke that the New York Fed did not pay out the 9. Feds handling of the matter. There is no suggestion the oil tanker or shipping company was involved in the heist. Video How the heist worked, an animated guide. The Philippines connection where the money disappeared. From May SWIFT in the dark about previous security breaches. The Reuters examination has also found that the payment orders sent by the hackers were exceptional in several ways. R Link Toolbox. They were incorrectly formatted at first they were mainly to individuals and they were very different from the usual run of payment requests from Bangladesh Bank. Yet it was the word Jupiter that set the loudest alarm bells ringing at the New York Fed. Even then it appeared to react slowly. By the time the fraud was discovered, the New York branch of the U. S. central bank had approved five of the payments. Sri Lankas Criminal Investigation Department, in collaboration with Taiwanese law enforcement, has apprehended two suspects in Colombo for allegedly aiding in the. Western Union Hacker Transfer Service. Hack Western Union Database Online Transfer Money To Your Bank Account, Paypal Account or Bitcoin Wallet. How to Hack Facebook Password Account this trending topics actually going through our contact mail and also the request tutorial form very intensively. It took 1. 01 million from Bangladesh Bank and paid it to accounts in Sri Lanka and the Philippines including 8. Most of that 8. 1 million remains lost. It was among the most audacious cyber heists ever to emerge shining a light on worrying weaknesses in the global financial system and into a little known corner of the U. S. Federal Reserve its Central Bank and International Account Services unit CBIAS, which one former employee described as a bank within a bank. Interviews with investigators, lawyers and current and former central bank officials in several countries, as well as a Reuters review of payment messages, emails and other documents, show disarray and bungling at all the financial institutions involved. But the most striking is the inertia and clumsiness at the New York Fed, the most powerful of the U. S. central banks 1. The heist revealed that the New York Fed lacked a system for spotting potential fraud in real time even though such systems are used elsewhere instead relying at times on checking payments after they were made, usually for problems such as violating U. S. sanctions. Months of bitter finger pointing over who is to blame for the fiasco have damaged the sensitive diplomacy of correspondent banking, where big Western institutions are entrusted with safeguarding the treasures of smaller economies. Bangladesh Bank is now preparing a legal case to seek compensation for what it says were failures by the Fed, according to a source close to the Asian bank. It also claims that errors by SWIFT, a messaging system used to make international bank transfers, made the bank vulnerable to hackers. HACKED The Bangladesh central bank headquarters in Dhaka. Cyber criminals broke into its computer systems and sent fake payment orders for nearly 1 billion. REUTERSAshikur Rahman. Bangladesh Bank spokesman Subhankar Saha said the institutions were working together to try to recover the missing money. He declined to comment further. The New York Fed has denied making missteps and repeatedly said its systems were not compromised. In response to a series of questions from Reuters about its actions during the heist and in the days that followed, it declined to comment, citing a criminal investigation by the U. S. Department of Justice and the Federal Bureau of Investigation. SWIFT the Society for Worldwide Interbank Financial Telecommunication, a cooperative used by over 1. Bank Bangladesh operated and installed the SWIFT system. A spokesman said We continue to support the bank and cooperate with the investigations. We look forward to receiving a full account of the security incident. Officials are still investigating the heist. But the Reuters examination has uncovered new details about how the New York Fed was slow to react to warning signs and how communications broke down between it and Bangladesh Bank. The Fed relied almost entirely on the SWIFT messaging system with, in this case, little backup for emergencies. Miscommunications and clunky payment processes meant that most of the stolen money disappeared without trace before it could be recovered. I couldnt believe that that much money could be lost in the SWIFT system, and in the whole federal system for central banks, Carolyn Maloney, a Democratic congresswoman from New York, told Reuters. Maloney, who was the first U. S. lawmaker to publicly raise questions about the incident, added Its a wake up call and it has to be corrected. To me, I see it as a threat to the confidence people could have in the central banking system. Last month, the New York Fed said it took steps to help strengthen the safety of global payments in light of the potential vulnerabilities. It did not give specifics. But the source familiar with the Feds handling of the Bangladesh affair told Reuters that the Fed has now set up a 2. THE HACKUnlike the Fed, the worlds most influential central bank whose New York headquarters sits atop 5. Bangladesh Bank is not a large and powerful operation with a global footprint. It had not protected its computer system with a firewall, and it had used second hand 1. SWIFT global payment system, according to Mohammad Shah Alam, head of the Forensic Training Institute of the Bangladesh polices criminal investigation department. Hackers may have exploited such weaknesses after Bangladesh Bank connected a new electronic payment system, known as real time gross settlement RTGS, in November last year. However, it remains unknown exactly who broke into its systems or how they did it. What is evident, according to investigative reports by cyber security company Fire. Eye seen by Reuters, is that someone obtained the computer credentials of a SWIFT operator at Bangladesh Bank, installed six types of malware on the banks systems and began probing them in January. The hackers did a series of test runs, logging into the system briefly several times between Jan. Feb. 2. One day they left monitoring software running on the banks SWIFT system on another they deleted files from a database. On Thursday, Feb. SWIFT. It was late evening in Bangladesh and most of the staff had gone home. The hackers appear to have timed the heist to coincide with the weekend that in Bangladesh began the following day. The first SWIFT message arrived at the New York Fed just after 9 5. Bangladesh to an account in Sri Lanka. Over the next four hours, 3. U. S. central bank to move a total of nearly 1 billion from the account it holds for Bangladesh Bank. Compared to the great maelstrom of global finance, the sums were unremarkable The New York Fed handles about 8. Nevertheless, the Bangladesh orders were odd, surprisingly odd.