Money Heist Goes Digital

By: Al Restar, Zero Day

Technology has always been a double-edged sword. We improve our lives through new developments and innovations, but threat actors and people with malicious intent also leverage the power of technology to forward their criminal activities. As the Internet progresses, crime has become digital. And it is imperative to respond to these threats as fast as we can.

Back in the days, when someone needs money, they rob a bank. We grew up in news reports that a crime ring or a group of individuals have breached into a bank and declared a hold-up. With the age of technology, crimes like this become almost rare because criminals have stepped their games up to use technology in committing their acts. Instead of going physically into a bank, a hacker can simply breach into their internal server and illegally process the transfer of millions of pesos to their own account – and only a few have been caught.

This is exactly what happened to the biggest bank heist involving the Central Bank of Bangladesh. Hackers used different techniques to try to funnel almost a billion dollars to different offshore bank accounts around the world. The hackers have used a multitude of different hacking and phishing techniques in order to implement the plan that they have developed for months.

The Philippines has become a central figure in the investigation of the hacking of the Bangladeshi central bank as one of the offshore accounts was opened in a Philippine bank. The notoriety of this specific bank was amplified because they are the only bank that allowed the transfer of around $81 million dollars into an account opened with them within the last four months. It is the only bank where the money transfer and the withdrawal of the money have become successful.

This event tells us how our banking system has yet to improve their technological infrastructure to prevent such things from happening. Regardless of whether it was an inside job, our banking system is not well equipped to prevent this kind of attack. If only there is a centralized system that would flag questionable deposits and automatically track them to its source, the Bangladesh bank heist wouldn’t have been successful.

But the Philippine Senate, back in June, had made a stand against bank hackers and ATM skimmers when they passed – with no negative votes and no abstention – an amendment to the Republic Act 8484 or the “Access Devices Regulation Act of 1998” which penalizes ATM hackers and skimmers.

Under the new amendment, the mere possession of skimming devices and attempts to access online banking accounts will be potentially punishable with imprisonment. Not only that, but the new version of the law also considers hacking of banks and skimming of ATM as acts of economic sabotage – which is a non-bailable crime – and imposes harsher punishments on those who commit tries to hack into banking systems.

Most importantly, the amended version of the law grants additional powers to the National Bureau of Investigation and the Anti-Cybercrime Group of the Philippine National Police to pursue their investigations against online bank robbers and those who process fraudulent bank transactions.

Amending the law that punishes online bank heists is nonetheless not enough to prevent attacks like that in the Central Bank of Bangladesh from taking place. These kinds of attacks need specific anti-hacking infrastructure and global cooperation within the banking system to be stopped. However, the move of the Philippine Senate to legislate harsher punishments against people who commit these frauds is one step forward, and we should celebrate it.

Together with celebrating this milestone against bank frauds, we, as consumers and bank account holders, should also take our part in protecting our own accounts. We should be vigilant and knowledgeable about recent modus operandi, but more importantly, we should always report once we notice unusual behaviors with our accounts. ALWAYS.

In the end, as we increase our awareness of these attacks as well as our vigilance – together with the improvement of the laws that protect us from it – we all can fight against bank hackers and ATM skimmers because we are now more powerful.