The simple typo that stopped bank robbers from stealing $1 billion
| Last updated
A group of cyber criminals who were behind the mind-blowing Bangladesh Bank heist were thwarted from stealing $1 billion because of a simple typo.
Since the dawn of time, teachers have taught us all to proofread everything we write to avoid silly mistakes, but little did the hackers know that the wrong spelling of a word would cost them millions - not that we’re siding with them, of course.
In 2016, a cadre of anonymous hackers were able to steal millions from Bangladesh's central bank.
Watch the trailer below:
The cyber criminals - who are believed to be the North Korea-based Lazarus group who also hacked Sony in 2014 - sent 35 fraudulent instructions via the SWIFT network to transfer close to $1bn from the Federal Reserve Bank of New York account belonging to Bangladesh Bank.
The SWIFT network provides services to execute financial transactions and payments between banks around the world. The hackers bombarded the Federal Reserve Bank of New York with 35 requests to transfer money from Bangladesh to accounts in the Philippines and Sri Lanka.
Five of the 35 orders were successful and the hackers were able to snag and transfer $101m to four accounts in the Philippines and one in Sri Lanka.
The cyber criminals - whose identities are still unknown to this day - were within an inch of ultimate success however a glaring spelling mistake in an online bank transfer instruction ruined months, if not years, of planning.
They had misspelled the name of a Sri Lankan non-profit organisation (NGO) account, named Shalika Foundation.
The hackers misspelt ‘foundation’ as ‘fandation’, prompting a red flag to be raised which stopped the transaction to Sri Lanka.
And because of this very pricey faux pas, the remaining 30 requests - amounting to $850 million, were also blocked, leaving the hackers with the $81 million that was traced to the Philippines.
Cybersecurity expert Misha Glenny, one of the contributors in the doc, said the typo is a moment of ‘real irony’.
In an interview with LADbible, he reflected on how cybercrime ‘started to become more sophisticated’ around a decade ago. Members of hacker groups would have their own role, sort of like Oceans 11. There would be a money launderer, someone to write malware and a person to send out phishing emails. Well that’s George Clooney, Brad Pitt and Matt Damon’s roles sorted.
Investigators soon noticed that cyber attacks would happen in shift patterns of 8:30 to 12:30 and 13:30 to 17:30 with an hours break in-between from different time zones around the world, showing how attacks were becoming ‘professionalised’ and office-based.
Noting all the work and organisation that would have gone in to hacking the Bangladesh bank, Glenny told LADbible: “The real irony of the film is is that they didn't get away with the billion dollars because despite all the work they put in, all the effort to make sure that those four days where the attack would took place there would be a holiday somewhere in a critical place, whether in Bangladesh, or in the United States or in the Philippines.
"There were four days when some critical territory was on holiday. All of that work and then it just takes that one little mistake of misspelling a word and the red flag goes up on the automated defence systems.
“Typos stop them from getting away with a billion.”
Billion Dollar Heist shows our personal data can be compromised and the devastating effect it can have.
The synopsis calls the feature-length doc ‘an incredible story that offers disturbing, eye-opening truths for everyone who uses the internet, Billion Dollar Heist will change how you view your online life. And make you believe in the power of multi factor authentication’.
Billion Dollar Heist is available to rent and own on digital platforms now.