Central banks are crucial to the operating economy of a country. It manages the money supply and interest rates, and in a world where your fridge can steal your email password and hackers can cut your brakes, security must be top-notch. Unless, apparently, you’re running the central bank of Bangladesh, in which case, cheaping out on office supplies surely can’t go wrong.
Recently, hackers made off with $80 million from Bangladesh’s central bank, only being stopped thanks to a suspicious typo. They managed to swipe the credentials needed to make large transfers and attempted to route more than a billion dollars to various accounts in the Philippines and Sri Lanka. They still managed to achieve one of the biggest bank heists in human history, so, uh, good for them? But the long question remained as to how these master hackers broke through the central bank’s airtight security.
It turns out that whoever built the bank’s IT infrastructure bought second-hand $10 routers with no firewall or security to link together its internal network. In other words, any idiot could have gotten the credentials to clean out the bank to the vault walls by just walking into the lobby, grabbing a seat, and firing up their laptop. And just to add salt to this wound, the outdated equipment also doesn’t offer forensic technicians many options for tracking unauthorized access to the system, so police have yet to catch the hackers. They have caught a few people involved in the heist, but long-term, these hackers might have gotten away with the heist of the century all thanks to the IT department’s frugality.