Bangladesh Bank Governor Atiur Rahman, center, addresses a press conference in Dhaka, Bangladesh, Tuesday, March 15, 2016.
Bangladesh Bank Governor Atiur Rahman, center, addresses a press conference in Dhaka, Bangladesh, Tuesday, March 15, 2016.

BANGKOK - Finger-pointing, firings, a mysterious disappearance and threats of lawsuits are swirling around one of history’s largest cyber heists, with authorities apparently no closer to nabbing the mastermind.

What investigators know for certain is that early last month, after nearly a year of careful planning, someone orchestrated 35 fraudulent transfer instructions to the Federal Reserve Bank of New York in an attempt to steal $1 billion dollars from the Bangladesh central bank.

The hackers were able to successfully direct transfers of $81 million to accounts in the Philippines, which has some of the world’s strictest bank secrecy laws.

Long time planning

The hackers had been remotely monitoring the Bangladesh central bank’s activities for several weeks and may have breached nearly three dozen of its computers, private investigators said.

The group introduced malicious code, known as malware, into the bank’s server in Dhaka, according to an interim report from FireEye, a U.S. cybersecurity company hired by the Bangladesh Bank to investigate the theft.

The malware was specifically designed to hijack access to the Swift network, used by financial institutions to authorize transactions through secure messaging.

FILE - Commuters pass by the front of the Banglade
FILE - Commuters pass by the front of the Bangladesh central bank building in Dhaka.

The security breach of the Brussels-based Swift system used by 3,000 financial institutions globally, the report reveals, “is part of a much larger breach that is currently under investigation.”

Banking malware such as Tinbapore and Gootkit have been used in the recent attacks on other banks in Asia, according to cyber defense specialists.

“Malware continues to evolve and cybercriminals are devising more creative methods to carry out their attacks,” warned Lim Chin Keng, a regional director for security solutions at F5 Networks. “Elsewhere in the region, we are already witnessing evidence of cyberattacks on banks.”

More entry points

An increasingly digitized banking sector is giving more vulnerable entry points to hackers.

“The creativity of the attacks and the process by which cybercriminals are planning and carrying out their attacks definitely show how cybercriminals have stepped up their game,” Lim told VOA from Singapore. “We are taken aback with the gumption and sophistication of the recent cyber heist… to pull off what could have been one of the largest fraud attacks.”

Cybersecurity consultants say the banks must share in the blame.

“It should not have to take an incident like this to spur banks into action,” said Lim. “The current security solutions some banks are using do not adequately offer the level of visibility they need.”

The Bangladesh Bank is consulting with lawyers to weigh its legal options against the American reserve bank, according to media reports in Dhaka.

Atiur Rahman, the central bank’s governor, resigned last week to take “moral responsibility” for the breach of the bank’s operations.

Bangladesh Finance Minister A.M.A Muhith told the Prothom Alo newspaper that Bangladesh Bank officials were "100 percent" involved in the scandal.

"Of course! One hundred percent they are [involved]. This cannot be possible without complicity of the locals," the newspaper quoted Muhith as saying, noting the U.S. bank requires hand prints and other biometric information from central bank officials for transactions.

Bangladesh's central bank Governor Atiur Rahman sm
FILE - Recently resigned Bangladesh central bank Governor Atiur Rahman smiles during an interview inside his office in Dhaka, October 2, 2013.

Missing expert

A Bangladeshi information technology expert, who went missing for six days after accusing central bank officials of negligence, just as mysteriously reappeared on Wednesday.

Tanveer Hassan Zoha was taken home by detectives who said they found him wandering around the Dhaka airport railway station, according to local media reports.

His family alleged that Zoha, who had worked as a security specialist for the Ministry of Posts, Telecommunications and Information Technology, had been abducted March 17 by a group of men not wearing any uniforms.

The U.S. Federal Bureau of Investigation has joined the probe of the cyber-heist and its agents have been seen in Dhaka conferring with government officials there.

Tangled Philippine probe

The head of a bank in the Philippines has gone on indefinite leave after strongly denying allegations he did anything wrong in connection with the Bangladesh money transfers.

Rizal Commercial Banking Corporation (RCBC) President and CEO Lorenzo Tan “insisted on taking a leave to allow him to focus on clearing his name in the money laundering issue a board committee is investigating,” the bank said in a statement.

A branch manager has accused Tan of ordering her to move the money.

“I did not do anything wrong. If this is a nightmare, I want to wake up now,” Rizal Commercial Banking Corp. (RCBC) manager Maia Deguito told ABS-CBN television after authorities stopped her at Manila airport as she tried to leave the Philippines. “I live everyday in fear.”

Maia S. Deguito, Rizal Commercial Banking Corporat
Maia S. Deguito, Rizal Commercial Banking Corporation (RCBC) branch manager, takes her oath prior to the start of the Philippine Senate Blue Ribbon Committee probe.

Several criminal complaints have been filed against Deguito and another RCBC employee for allegedly falsifying documents to open four accounts at the branch nearly nine months before the Bangladesh cyber heist.

The bulk of the money withdrawn from the Bangladesh bank's account on February 4 was transferred into a local Philippine businessman's newly-opened dollar account.

William Go, the sole owner of DBA Centurytex Trading, which services imports for international garment labels, has said his signature was forged to set up the account and has since sued Deguito and former RCBC officer Angela Ruth Torres.

Deguito has alleged that Go is a good friend of Tan.

Casino chips

From the businessman's account the money was then briefly transferred to Philrem, a foreign exchange brokerage. Its president, Salud Bautista, told a Philippines Senate inquiry that $30 million went to casino junket operator Weikang Xu.

Another $29 million was changed into gambling chips at the Solaire casino in Manila and $21 million went to the Eastern Hawaii Leisure Resort and Casino, in a special economic zone 600 miles north of Manila.

Casino chips are commonly used to launder money because the exchanges quickly become anonymous.

FILE - Casino models pose at the slot machines dur
FILE - Casino models pose at the slot machines during the media tour of Solaire Casino in the Philippines. Casino chips are commonly used to launder money because the exchanges quickly become anonymous.

Philippines Senator Sergio Osmeña has pointed a finger at a man previously linked to illegal drug operations, Kim Wong, as the mastermind.

Wong was not present at the Senate hearings as he was reportedly undergoing medical treatment in Singapore.

The Senate committee has scheduled a third hearing for next Tuesday (March 29).

“We want to be good citizens of the world. We want to cooperate with the whole world in combating crime problems of this nature,” Philippines foreign minister Jose Almendras has told reporters, noting that Bangladesh’s ambassador “was one of the very few allowed to sit in on the closed Senate executive session” with those accused of facilitating the transfers.

Sri Lanka investigation

Meanwhile in Sri Lanka, a court has imposed travel restrictions on six directors of the Shalika Foundation suspected of being involved in the theft from the Bangladesh central bank’s account.

The suspects in Colombo allegedly tried to transfer $20 million to an account at Sri Lanka’s Pan Asia Bank.

The bank became suspicious and alerted the intermediary, Deutsche Bank, because the word “foundation” was wrongly spelled as “fandation.”

A query by the German bank to the central bank in Dhaka led to that transaction being halted.

Additional reporting by Simone Orendain in Manila.