• Carolyn Maloney

Congress Launches Inquiry Into N.Y. Fed Handling of Bank of Bangladesh Cyberheist

Source: Wall Street Journal

A congressional panel is seeking more details related to the $101 million cyberheist from the Bangladeshi central bank’s account at the Federal Reserve Bank of New York earlier this year.

The chairman of the House Committee on Science, Space and Technology has asked New York Fed officials to brief the committee on its handling of the security breach. It also requested documents related to the New York Fed’s oversight of the secure interbank messaging system known as Swift, which the hackers used to submit fraudulent payment orders of nearly $1 billion.

The thieves spirited $101 million out of Bangladesh Bank’s account before the requests raised red flags at the New York Fed.

Officials were able to stop payment on one of the fraudulent orders, but the bulk of the remaining $81 million ultimately ended up with at least one casino and two gambling-junket operators in the Philippines, according to the Philippines’s Anti-Money Laundering Council.

“In light of the recent cyberattacks on our global financial systems, the committee believes it is imperative to receive information from the NY Fed about its response, its oversight of SWIFT, the status of the investigation and any remedial steps taken to address vulnerabilities,” Chairman Lamar Smith (R., Texas) said in a May 31 letter to New York Fed President William Dudley.

The committee is requesting the documents be turned over by June 14.

Mr. Smith isn’t the first lawmaker to raise concerns about the breach.

Rep. Carolyn Maloney, a New York Democrat and member of the House Financial Services Committee, sent a letter in March asking for more information.

“What is especially thought-provoking here is that stops and recalls on these transfers weren’t issued for days after initial doubts were raised,” Ms. Maloney said in April.

The New York Fed has defended its procedures for fund transfers, which are intended to prevent dollars from being transferred to individuals or firms that have been placed under sanctions and “are not designed to protect our customers from an unauthorized transfer,” Thomas Baxter, the bank’s head lawyer, said in a letter to Ms. Maloney.

The House Science Committee has jurisdiction over the National Institute of Standards and Technology, which develops cybersecurity standards.

News of Mr. Smith’s letter followed a Reuters report Wednesday on cybersecurity threats at the Federal Reserve in Washington.

Computers used by the central bank were breached more than 50 times from 2011 to 2015, according to cybersecurity reports issued by the Fed.

The security reports, obtained by Reuters through a Freedom of Information Act request and provided to The Wall Street Journal, didn’t reveal who was behind the attacks, if funds were stolen or whether sensitive information was accessed.

The disclosures cover only those security breaches affecting the Fed’s Board of Governors, as the Fed’s regional reserve banks aren’t subject to FOIA. Of the 310 security reports issued by the Fed, 140 disclosed hacking attempts, Reuters reported.

“As with other government agencies, the Federal Reserve is a target for cyberattacks,” a Fed spokesman said in a statement on the Reuters report. “However, our security program and processes for detecting and countering attacks are robust and our critical operations have never been affected.”

©2019