There are 12 Pinoys in heist –Dhaka
DHAKA—Bangladeshi investigators have identified 20 foreigners—12 Filipinos and eight Sri Lankans—suspected to have been involved in the cyberheist of tens of millions of dollars from its central bank, a police officer said on Monday.
The officer gave no other details, but the suspects appear to be those who received some of the payments, and not the hackers.
In Manila, Sen. Sergio Osmeña III, who is part of a committee investigating the heist, said senators were about 30 percent closer to unmasking the brains behind the scam.
Osmeña told reporters the Filipinos were part of the third group that did the actual laundering in the Philippines of the funds stolen from Bangladesh.
“[We’re] maybe only 30 percent closer [to unmasking the masterminds]. Why? Because there are three groups involved here,” Osmeña said after the Senate blue ribbon committee held its sixth hearing on the laundering of the $81 million into banks and casinos in the Philippines.
The hackers breached Bangladesh Bank’s systems between Feb. 4 and Feb. 5 and tried to steal nearly $1 billion from its account at the Federal Reserve Bank of New York.
Routed to Philippines
Most of the payments were blocked, but $81 million was routed to accounts in the Philippines and diverted to casinos there.
Another $20 million was sent to a company in Sri Lanka but the transfer was reversed because the hackers misspelled the name of the firm, raising a red flag at the routing bank.
Mohammad Shah Alam, a senior officer at the criminal investigation department of the Bangladesh police, said the Interpol had helped identify the foreigners suspected to be involved in one of the largest cyberheists in history.
“We have identified at least 20 foreigners with names and full particulars who we believe were involved,” Alam told reporters.
Another official on Alam’s team said the results of the investigation had been submitted to Philippine and Sri Lankan authorities.
Both Alam and the other official who declined to be named said they could not provide more details about the foreign suspects because investigations were not complete.
The Senate blue ribbon committee in the Philippines is holding hearings into how the money stolen from the Bangladesh central bank wound up with two casinos and a junket operator in the country.
Sri Lanka’s criminal police department is also investigating the cybertheft, but has declined to provide any information.
Alam, the Bangladesh police officer, said there was no evidence yet of anyone inside Bangladesh Bank being involved in the hacking of its computer systems.
Police were investigating if service providers to the central bank had been negligent in setting up secure computer systems, he said.
List of suspects
Bangladesh Ambassador John Gomes, who attended the Senate hearing Tuesday, told reporters that the Bangladeshi
investigators who were in Manila recently must have gotten the names of the people on their list from the Senate hearings and after meeting with officials from different agencies.
“But we have to confirm from Bangladesh the exact names. We don’t have a list,” Gomes said.
He said he wanted to give the list to senators “because it will be useful to them.”
After the hearing, Osmeña identified three groups likely involved in the scam, apparently based on information gathered so far by the committee.
He said the first group was made up of those who stole “the code and information” at the Bangladesh central bank.
“This kind of group, they sell the information and then another group comes in to do the actual hacking (of the money in the bank),” Osmeña said.
The second group was responsible for hacking the computer of the New York bank and had made arrangements first in Manila on who would receive the transferred money and who would launder the money, according to Osmeña.
“And the actual laundering is in the third group … the Philippine group,” the senator said.
At the hearing, Osmeña asked Bangko Sentral ng Pilipinas officer in charge (OIC) Nestor Espenilla Jr. to make an informal inquiry into why the Federal Reserve Bank of New York did not ask Philippine authorities about the $81 million stolen from it.
“We’re not trying to find fault but trying to trace the process,” the senator said.
Lawyer Ma. Celia Estavillo, head of Rizal Commercial Banking Corp. (RCBC) legal and regulatory affairs group, said the bank did not receive any request from the New York bank to stop payment of the money.
Espenilla said he was not sure why the New York bank did not take action, adding the latter could have used this “procedure” as the “sending bank.”
“In this case, they didn’t and only until after five transactions later,” he said.
Espenilla said he read news reports that the New York bank had inquired only with the Bangladesh central bank.
“It would seem strange to me that almost $1 billion would have been taken out of the account of the Federal Reserve Bank of New York and they wouldn’t move on it,” Osmeña said. Reports from the wires and Christine O. Avendaño