The Multi-Million Dollar Spelling Mistake

Despite masterminding one of the biggest bank thefts in history, one group of hackers narrowly failed in its recent attempt to scam money due to a humble spelling error.

The Bangladesh Central Bank was the chosen target. Hacking and using the Bank’s credentials, requests were made to transfer money from the Bank to various entities in the Philippines and Sri Lanka. Dozens of requests were also made to the Federal Reserve Bank of New York.

Four transactions were processed – but the fifth was stopped when a routing bank noticed the spelling of the word ‘foundation’ as ‘fandation’ in the name of the supposed Sri Lankan Charity Shalika Foundation.

Upon further investigation, no NGO under this name was found on the list of registered Sri-Lankan not-for-profit organisations, and the Bangladesh Bank stopped the further transactions.

The group had already successfully processed about $80 million through to the Philippines, but the total amount stopped was between $850 and $870 million.

Since the hack, the Bangladesh Bank has managed to recover some of its money, and is reportedly working with authorities in the Phillipines to recover the rest.

The original hacking occurred between 4 and 5 February this year, while the Bank’s offices were closed.

Who is responsible?

Evidence points to the hack being an inside job – and it has been reported that the passports of some Bangladesh Bank officials were seized in connection with the investigation.

But some suggest that sophisticated spies had closely watched bank workers before facilitating the hack themselves.

In any case, experts believe the masterminds had detailed knowledge of the Bank’s inner workings.

When the Bangladesh Bank found out that the other unusually high payments had been made, they reportedly blamed the Federal Reserve Bank of New York, saying it should have done more to stop the fraudulent transfers.

“The Fed had the responsibility to keep the money safe,” Shamim Ahamad, press minister at the Bangladesh Embassy in Washington, told VICE News. ”

Bangladesh’s finance minister Abul Maal Abdul Muhith reported that Bangladesh may even resort to suing the Federal Reserve.

Cyber crime

Dealing with cyber crime is a challenge for nations across the globe.

But big corporations like the Bangladesh Central Bank aren’t the only targets – small businesses and individuals can also be victims.

In Australia, there are a number of laws, both at state and federal level, which deal with cyber crime. For example, NSW legislation sets out a number of fraud related offences and their penalties in the NSW Crimes Act 1900.

Fraud is generally defined as using deception, dishonestly to obtain property belonging to another person, or obtaining a financial advantage or causing a financial disadvantage.

Legislation does not use the word ‘hacking’, but Part 6 of the Crimes Act lays out several offences in relation to “unauthorised access, modification or impairment” of electronic communication.

The offences are broad and far-reaching – and, in fact, it was under section 308(H) of the Act that Freya Newman was charged when she leaked details of the scholarship of Tony Abbott’s daughter, Frances.

Similar offences are also contained in the Schedule to the Criminal Code Act 1995, which is Commonwealth legislation and applies across Australia.

According to Justin Harvey, the chief security officer of Fidelis Cybersecurity:

“spelling mistakes and an unusually amount of activity are tell-tale signs that something untoward is going on and begs the question whether these were the first slip-ups of the cyber criminals.”

The moral of this story may be that correct spelling is important for everyone, even those planning a career in crime!

previous post: McLibel: Taking On a Fast Food Giant

next post: The Importance of Seeking Legal Advice Early

Author Image

About Ugur Nedim

Ugur Nedim is an Accredited Specialist Criminal Lawyer and Principal at Sydney Criminal Lawyers, Sydney's leading firm of criminal and traffic defence lawyers.
  • (will not be published)

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>