Add to collection(s) Add to saved
  1. No category
Uploaded by Maliha Suhrawardy (183012053)

bus305-case-study

advertisement 
CASE STUDY
GROUP 2
Members:
Maliha Suhrawardy - 183012053
Famiha Suhrawardy – 183012052
Jarin Anan –
Jannatul Ferdous –
Umme Humayara Rahman
Course Title: Management Information System and E
Commerce
Course Code: BUS304
Submitted toShafayat Hossain Chowdhury
Submission Date: May 14th, 2022
1. How did the hackers hack into Bangladesh Bank's System and how did they manage
to steal the money?
Ans: The hackers cleverly did the hacking on Thursday night because when it was Friday,
New York Bank was working but the Bangladesh Bank was off and by the time
Bangladesh Bank comes back on line, Federal Reserve Bank was off and it delayed the
whole discovery by almost three days and as the hackers needed to transfer the money out
of the New York Fed and need to send it somewhere so they wire it to accounts they had
set up in the capital of Philippines and they chose 8th May which was a huge national
holiday across the Asia, including the Philippines so when the Bangladesh Bank tried to
contact the bank in the Philippines asking them to block the transactions at their end but
everyone was off because of the holiday and the transfers went through. The hackers took
the advantages of the different banks schedules which are all odds with one another so
even when they discover the hack they struggle to communicate quickly enough to stop it.
The hackers had broken into Bangladesh Bank’s Swift system and made transfers and
almost all the money went to accounts in the Philippines. The hackers misrepresented
themselves and send a couple of dozen emails to a variety of Bank of Bangladesh
employees with a supposed resume and attached a zip file which contained a document
which contained malicious executable code that began running on those people’s
machines and when the employees opened and downloaded that malicious file then the
hackers got the access and they move from these computers to ultimately their target, the
Swift terminals. They basically dig on that machine for additional credentials and tried to
jump from one machine to another and when they were moving through the organization
they were cleaning up behind themselves. They wipe their viruses from the computers.
They delete the digital records so there we was not any trace of them at Bangladesh Bank.
The hackers needed to bypass all the printed-out copies of the transactions. Every time
the printer tried to send a print-out to the printer, they would simply overwrite those files
that contained content to print with simply zeros so nothing would print and instead there
was all this blank paper in the printer and with the traces covered the heist was set to go.
2. Based on the class discussion on Security of IS, what measures could have possibly
prevented this incident?
In 2016, when the Bangladesh Bank was attacked by some hackers and lost almost 951
million US dollars. During that time, the bank didn’t have even basic security system. The
security system used switches cost only about 10 US dollars, where good quality switches
used t cost more than hundred US dollars.
If there was a basic framework for security of information system, like the following than the
heist could have been prevented.

Information control:
 General Control: If the IT infrastructure was efficiently controlled through the
proper monitoring of the hardware, software, data security, implementation,
and administration. Suppose if the employee knew that the printer was not
working properly than the incident would have been prevented. Also, there
was no particular security for data and there was malware in the software, If
the switches were more efficient then creating separate network would have
been easier. Even during the holiday, the swift room should have been
monitored by experts, , all of this could have been avoided if there was proper
controlling.
 Application Control: The hackers entered into the system without any problem
and processed their intention, if the input and output was monitored than it
would not have happened.

Identity Management:
The hack was planted by an email, if there was a proper process for identifying
unverified emails than the situation would not have arrived. Also, the hackers had
done various transactional process, if there was tight security for those processes, then
the hackers couldn’t have performed the transactions.

Disaster Recovery Planning:
The Bank didn’t have any planning, like what to do in that situation, it took them days
to stop the transactions, as the US was on weekends, the bank could not able to
suspend the transaction to a Philippine account as there was holiday too. So the bank
didn’t have a plan for weekends on US.

Access Control:
When the hacker tried to make the transaction of the money of such huge amount,
then it should have been a highly secured process for an example password or any
biometric authentications, but it wasn’t. So highly effective access control could have
diverted the situation.

Firewalls:
The investigations of the heist claimed that there were no firewalls in the Bangladesh
Bank security system. Firewalls could have protected the system from unauthorized
users. The network of the swift room should have been kept different from the other
networks.

Intrusion Detection System:
This system could have detected the faulty email and it could have warned the
organization about the upcoming hacking.

Antivirus and Antispyware:
If there was strong antivirus and antispyware in the system, then it could have
identified the specific malware and deleted it immediately.
If these basic measures were taken then the Bangladesh bank could have prevented the
situation. Even after the big mishap, the bank didn’t learn it well. As there is no strong three
tier security, the bank sends an email to the FED (New York) and then FED calls Bangladesh
Bank over phone to confirm the transaction, and this system is maintained only for
Bangladesh Bank so the security system is still not strong enough to handle such situation.
Related documents
Application for Support by students from Bangladesh already registered or... or equivalent course in a British University or recognised institution...
Application for Support by students from Bangladesh already registered or... or equivalent course in a British University or recognised institution...
Write up Service Quality (2)
Write up Service Quality (2)
Environmental disclosers by the companies in the Perspective of Bangladesh
Environmental disclosers by the companies in the Perspective of Bangladesh
180202121
180202121
TPR 1ESO INTERNET QUESTIONS INFOGRAPHIC.doc (1)
TPR 1ESO INTERNET QUESTIONS INFOGRAPHIC.doc (1)
Bangladesh
Bangladesh
Malicious Attacks Quinn Male Susan Dou Hanzhang Hu
Malicious Attacks Quinn Male Susan Dou Hanzhang Hu
Download
advertisement