The Criminal Investigation Department (CID) has pointed out the negligence and carelessness of 12 high-ranking officials, including the then governor, in connection with the infamous reserve heist at Bangladesh Bank. The investigation, still ongoing, has reached its final stages, according to CID sources.
The hackers pilfered a staggering USD 81 million from Bangladesh Bank’s reserve eight years ago, exploiting vulnerabilities in the security of the Society for Worldwide Interbank Financial Telecommunication (SWIFT) system due to the identified negligence.
The liable officials include an executive director (now retired), a general manager (currently deputy governor), four joint directors (two presently deputy general managers, one joint director, and another retired), three deputy general managers (two currently general managers), and two deputy directors.
The negligence occurred in various departments, such as forex reserve and treasury management, accounts and budgeting, IT operation and communication, payment system, and the back office of the dealings room. Their oversight provided hackers with an opportunity, as they left the server room open with an internet connection and were absent.
Despite the sensitivity of Bangladesh Bank’s forex reserve SWIFT server, then-governor Atiur Rahman approved the connection of Real Time Gross Settlement (RTGS) through SWIFT, which investigators deemed a criminal move. RTGS is a specialized fund transfer system allowing instant transfers between banks.
The investigation also revealed that then-deputy governor Abdul Kashem opposed providing RTGS service through SWIFT. However, Atiur Rahman signed the file himself, ultimately allowing the service.
The CID has identified criminal aspects, including keeping the reserve heist secret for 40 days, destroying evidence at the crime scene by a foreign firm, and maintaining the SWIFT server control system by a criminally implicated official.
Former Governor Atiur Rahman, who was contacted earlier regarding the matter, emphasized that decisions at Bangladesh Bank involve a system and not an individual, reiterating that the incident occurred at the Federal Reserve Bank of the US.
Investigation sources indicated that then-executive director Shuvongkor Saha played a role in linking RTGS with the SWIFT server, disrupting the security of the latter.
The investigators estimate that USD 101 million was stolen from Bangladesh Bank’s reserve through these actions. The CID has submitted forensic and interim reports to Bangladesh Bank, revealing negligence and carelessness on the part of the officials.
As the investigation reaches its final stages, the CID chief and additional inspector general of police, Mohammad Helal, stated that information from Malaysia, Egypt, Japan, Philippines, and Hong Kong has been received, but data from India, China, and Sri Lanka is pending. The charge sheet will be submitted soon if the required information is received by the deadline, which has been extended 76 times.
