Nationals from five countries were involved in the Bangladesh Bank reserve heist that occurred in February of 2016, according to a senior official at the Criminal Investigation Department, the investigating agency of the cyber heist.    Â
The foreign nationals involved in the crime are from Sri Lanka, the Philippines, China and the USA, said the official with in-depth knowledge of the investigation, seeking anonymity.
The investigation that has been going on for almost a decade now also found the involvement of several Bangladesh Bank officials and employees, particularly from the central bank’s information and communication technology department.
Some top officials of the central bank were also involved in the heist, the CID official said, adding that the investigation was at the final stage.      Â
A sophisticated malware was used to hack into the BB system, the CID official said.
The malware-linked file was knowingly opened from the ICT department, enabling the illegal transfer of $101 million from the central bank’s account with the Federal Reserve Bank of New York.
The ongoing investigation would soon end with the submission of a charge-sheet before the court, said the CID official.
The charge-sheet will include the detailed report from the US Federal Bureau of Investigation into the heist, which conclusively proves the involvement of foreign nationals.
The investigating agency has requested the FBI to send a copy of this report formally.
The central bank’s reserve heist was one of the largest cyber robberies in history.
It occurred in the early hours of February 5. Hackers attempted to transfer about $1 billion from the BB’s account at the New York Fed, of which $101 million was successfully moved.
The majority of the funds were laundered using the Philippines’ casino industry’s secrecy law and limited oversight. Of the stolen foreign currency, $81 million went to the Philippines and about $20 million to Sri Lanka.
The Sri Lankan funds were recovered in time, but retrieving the amount sent to the Philippines proved more complicated. So far, the Bangladesh government has recovered about $18 million from the Philippines.
The investigation was jointly conducted by the CID, the FBI, the Philippines’ National Bureau of Investigation, and the Central Bank of Sri Lanka.
Zubair Bin Huda, the then deputy director of Bangladesh Bank’s accounts and budgeting department, filed a case with Motijheel police station under the Money Laundering Prevention Act on March 15 in 2016 against unidentified individuals.
The case was later handed over to the CID.
In nearly nine years of the investigation, over a hundred witnesses and extensive technical evidence, including IP addresses, network logs, banking transaction trails and Dridex malware code, have been examined.
The investigation exposes how such an international financial crime was committed, how Bangladeshis collaborated in the crime, and the vulnerabilities of our cyber system, another senior CID official told UNB.
‘We want the charge-sheet to be prepared in a way that ensures the perpetrators face justice at the international level as well,’ the official said.