Bangladesh banking sector is under the threat of cyber security risks, IT experts warn, as the security policy of Bangladesh Bank, the central bank of the country is inadequate and inefficient to face the growing sophisticated attacks of new generation hackers.
Hackers are more intelligent than many other system installers so to protect sites from the hacking it is imperative to install systems by the genuine and skilled companies. But in baking system, the IT security issues remained the sideline of the agendas of banks and financial institutions", experts say.
The experts' warning has come after suspected Chinese hackers stole the money almost $100 million from the nesto account of Bangladesh Bank with the Federal Reserve Bank of New York last week. The central bank, however, recovered a part of money leaving a question about its IT security measures.
"It's a result of inadequate security measures of the central bank or internal breach as the hackers not only hit the server but has broken the different levels of security to steal money, which is not possible without compromise of security passwords", said an IT security expert on condition on anonymity.
The central bank was hacked by Mr.D3m0n after hacking two universities database i.e Mumbai University and MIT university Mr.D3m0n targeted Central Bank of Bangladesh. Bangladesh's central bank has around $28bn in foreign currency reserve.
"Hacking any website is a common cyber crime, but stealing money from account of a central bank is not a matter of joke. It's a reflection of weakness in security measures of the central bank, which has raised the concerns about the cyber security of the whole banking system", he told The Daily Observer.
"The hackers always like to be a Grey Hat hacker and like to help the admin of site by reporting the vulnerability. But the BB admin failed to respond and patch the security flaw. This proves that the central bank is quite inefficient to address any IT security breach or compromise with the hackers", said another IT security expert working in a private IT company.
The central bank officials were not available to comment on this issue today. A recent study on the IT security issues pointed out that cyber attacks could emerge as a major threat to the digital transformation of Bangladesh given the poor knowledge and lack of government initiatives to counter the growing problem.
The central bank officials said they are in contact with the anti-money laundering authorities of the Philippines to track down and bring back rest of the money. Philippine authorities have frozen the recovered money following court orders.
With the growing use of mobile phones and internet, Bangladesh is ever more vulnerable to cyber attacks, said Burgess Cooper, a partner at Ernst & Young, a global professional services firm headquartered in London.
Cyber criminals can gain access to financial data, compromise intellectual property of companies, tap sensitive national data and steal government records. "These actions could compromise national security and interests," he said at recent a discussion on the future of cyber security held in the city.
IT experts believe that about 90 percent of cyber crimes stay unreported. In case of Bangladesh, the situation is getting worsening day by day.
The banking sector witnessed high-profile security breaches over the last few years. In 2015, bank accounts of a private bank were compromised and money withdrawn from them, while the websites of Bangladesh Police and Rapid Action Battalion were hacked this year.
On December 2, 2015, Hackers broke into the website of Sonali Bank on Tuesday and took control of it for a few hours. The hacker identified himself as a 'Muslim Hacker'. On January 06, 2013, Islami Bank Bangladesh website was hacked by Human Mind Cracker hacked.
Facts of hacking to commercial banks indicates corruption in the government's procurement system where incompetent and unskilled vendors were awarded jobs without assessing the real quality, an information technology expert said.
In 2012, at least 26 government websites were hacked, and in 2013, a private university's website became a victim. There was at least one serious vulnerability at 84 percent of the websites in 2013-14.
The country has struggled to cope with the implementation of its cyber-crime laws despite setting up a fast-track court for speedy trials in 2013 and allowing law-enforcers to arrest individuals without a warrant.
While such legal mechanisms are being developed, It experts say companies in Bangladesh will need to increase investments to safeguard themselves against cyber attacks, as the damage caused could be heavy, Ernst & Young said in a report.
The Ernst & Young report recommended enactment of appropriate cyber laws, which are indispensable to legalise and regulate the internet in the country. It also called for raising awareness among the users, realigning local regulations and practices with foreign countries and ensuring telecommunications and IT equipment procured is free from potential threats or bugs.
Experts say a good number of local firms have installed systems to private commercial banks and some other financial institutions though a transparent process and they are working well with strong protecting shield. If the government's procurement systems deploy the real local IT entrepreneurs without corruptions, it would provide the world standard services at competitive costs.