Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:02,000 --> 00:00:07,000 Downloaded from YTS.MX 2 00:00:08,000 --> 00:00:13,000 Official YIFY movies site: YTS.MX 3 00:00:26,190 --> 00:00:29,253 It was one of the world's biggest cyber heists. 4 00:00:30,690 --> 00:00:32,790 A bank robbery of the online age 5 00:00:32,790 --> 00:00:35,850 that no amount of armed guards, armored cars, 6 00:00:35,850 --> 00:00:39,040 and heavily protected vaults could prevent. 7 00:00:39,040 --> 00:00:42,150 It was like a terrorist attack into the central bank. 8 00:00:42,150 --> 00:00:44,490 More than $80 million stolen 9 00:00:44,490 --> 00:00:46,710 from Bangladesh's Central Bank 10 00:00:46,710 --> 00:00:49,920 by hackers who authorities say, tricked one 11 00:00:49,920 --> 00:00:53,070 of the world's most trusted financial institutions. 12 00:00:53,070 --> 00:00:55,650 It would've dropped like a bomb, the New York Fed. 13 00:00:55,650 --> 00:00:58,350 Only one official is facing charges 14 00:00:58,350 --> 00:01:01,020 and most of the money is still missing. 15 00:01:01,020 --> 00:01:04,830 There is no way that this could have been done 16 00:01:04,830 --> 00:01:06,720 by just one or two rogue employees. 17 00:01:06,720 --> 00:01:10,020 She is but a pawn in a high stakes game 18 00:01:10,020 --> 00:01:12,300 made by international bankers. 19 00:01:12,300 --> 00:01:15,000 It's a crime which exposed serious failings 20 00:01:15,000 --> 00:01:17,160 in the international banking system, 21 00:01:17,160 --> 00:01:20,280 and it could have been much, much worse. 22 00:01:20,280 --> 00:01:23,880 How in the world could a staggering 81 million, 23 00:01:23,880 --> 00:01:28,170 almost billion be lost in a transfer system? 24 00:01:28,170 --> 00:01:29,220 I'm Andrew Wilson, 25 00:01:29,220 --> 00:01:30,780 and I'm going to follow the trail 26 00:01:30,780 --> 00:01:35,073 of the stolen funds from Dhaka to Manila, 27 00:01:36,660 --> 00:01:37,653 and New York. 28 00:01:38,820 --> 00:01:40,950 To find out how the hackers did it 29 00:01:40,950 --> 00:01:45,933 and ask who was behind the heist and could it happen again? 30 00:02:12,660 --> 00:02:15,183 Dhaka, the capital of Bangladesh. 31 00:02:17,970 --> 00:02:19,650 A teaming chaotic city 32 00:02:19,650 --> 00:02:21,723 and one of the world's poorest. 33 00:02:23,610 --> 00:02:25,740 17 million people live here, 34 00:02:25,740 --> 00:02:29,193 a third of them surviving on less than $2 a day. 35 00:02:32,910 --> 00:02:36,340 Many eeking out a living on the city's polluted waterways 36 00:02:37,770 --> 00:02:39,393 and crowded streets. 37 00:02:40,770 --> 00:02:44,493 Bangladesh has one of the world's fastest growing economies. 38 00:02:47,520 --> 00:02:49,053 It's a country on the up. 39 00:02:51,510 --> 00:02:55,770 But one that could ill afford to lose more than $80 million 40 00:02:55,770 --> 00:02:57,841 of taxpayers money. 41 00:03:01,170 --> 00:03:03,840 Bangladesh Bank, the countries central bank 42 00:03:03,840 --> 00:03:06,063 is at the heart of its economic system. 43 00:03:08,340 --> 00:03:10,110 It overlooks a busy roundabout 44 00:03:10,110 --> 00:03:12,123 in Dhaka's financial district. 45 00:03:13,020 --> 00:03:17,160 High walls and tight security to stop anyone getting in 46 00:03:17,160 --> 00:03:19,050 who shouldn't be there. 47 00:03:19,050 --> 00:03:23,250 But sometimes physical barriers aren't enough. 48 00:03:23,250 --> 00:03:25,620 For this heist, nobody broke in 49 00:03:25,620 --> 00:03:27,660 and nobody took anything away. 50 00:03:27,660 --> 00:03:31,383 The entire crime was perpetrated electronically. 51 00:03:36,270 --> 00:03:39,870 On the evening of Thursday, February the fourth, 2016, 52 00:03:39,870 --> 00:03:43,110 the start of the weekend in Muslim Bangladesh, 53 00:03:43,110 --> 00:03:46,410 most of the central bank's staff had gone home. 54 00:03:46,410 --> 00:03:50,793 The building was secure, but intruders were already inside. 55 00:03:53,160 --> 00:03:54,360 In an interim report, 56 00:03:54,360 --> 00:03:56,580 experts commissioned by Bangladesh Bank said 57 00:03:56,580 --> 00:03:58,290 a malicious program was installed 58 00:03:58,290 --> 00:04:00,180 on the bank's computer systems. 59 00:04:00,180 --> 00:04:02,430 The malware, possibly delivered 60 00:04:02,430 --> 00:04:07,350 via an infected email, collected passwords and usernames 61 00:04:07,350 --> 00:04:09,453 and covered its own tracks. 62 00:04:10,380 --> 00:04:13,200 Investigators say they found considerable evidence 63 00:04:13,200 --> 00:04:15,600 that the hackers used the bank's credentials 64 00:04:15,600 --> 00:04:17,550 to access SWIFT, 65 00:04:17,550 --> 00:04:19,410 the international messaging system 66 00:04:19,410 --> 00:04:22,110 used to send money around the world. 67 00:04:22,110 --> 00:04:24,990 The hackers then generated 35 requests 68 00:04:24,990 --> 00:04:28,440 to transfer funds from Bangladesh Bank's account 69 00:04:28,440 --> 00:04:31,170 with the Federal Reserve Bank of New York. 70 00:04:31,170 --> 00:04:33,993 The orders came close to a billion dollars. 71 00:04:35,100 --> 00:04:38,880 Most of the requests were blocked, but four did get through, 72 00:04:38,880 --> 00:04:42,630 and as a result, almost $81 million was sent 73 00:04:42,630 --> 00:04:47,507 to accounts at a bank called RCBC, thousands of miles away 74 00:04:47,507 --> 00:04:49,173 in the Philippines. 75 00:04:50,070 --> 00:04:52,170 I couldn't believe it, I tell you, 76 00:04:52,170 --> 00:04:53,790 because nothing like that, 77 00:04:53,790 --> 00:04:56,490 even a smaller thing like that never happened. 78 00:04:56,490 --> 00:05:00,360 So I was dumb and actually for a while, 79 00:05:00,360 --> 00:05:02,070 Atiur Rahman was the governor 80 00:05:02,070 --> 00:05:04,380 of the bank when its systems were compromised 81 00:05:04,380 --> 00:05:06,810 and the money was stolen. 82 00:05:06,810 --> 00:05:10,740 You know, I'm not blaming SWIFT, I'm not blaming Fed, 83 00:05:10,740 --> 00:05:12,690 I'm not blaming Bangladesh Bank, 84 00:05:12,690 --> 00:05:17,690 but the entire system was not strong enough 85 00:05:17,760 --> 00:05:21,507 to really withstand the kind of attack that it got. 86 00:05:23,130 --> 00:05:25,710 All institutions touched by the heist 87 00:05:25,710 --> 00:05:28,380 have denied they were at fault for the losses. 88 00:05:28,380 --> 00:05:32,103 They have, however, taken steps to improve security. 89 00:05:33,150 --> 00:05:36,210 According to one senior Bangladesh police investigator 90 00:05:36,210 --> 00:05:40,080 in late 2016, there were serious security lapses, 91 00:05:40,080 --> 00:05:42,243 which made the central bank vulnerable. 92 00:05:43,710 --> 00:05:46,740 Reuters journalists, Sarajul Quadir has spoken 93 00:05:46,740 --> 00:05:50,493 to police sources and insiders at Bangladesh Bank. 94 00:05:52,260 --> 00:05:57,107 Yeah, cybersecurity was quite, I mean, vulnerable. 95 00:05:57,107 --> 00:06:01,337 It was very weak, and it was not up to the mark, 96 00:06:01,337 --> 00:06:05,754 I mean, with the present, with the modern technology. 97 00:06:08,970 --> 00:06:12,150 Police headquarters in downtown Dhaka. 98 00:06:12,150 --> 00:06:13,530 Detectives here are working 99 00:06:13,530 --> 00:06:15,450 with authorities in other countries 100 00:06:15,450 --> 00:06:18,750 in what has become an international investigation. 101 00:06:18,750 --> 00:06:22,593 They've yet to confirm how the hackers got into the system. 102 00:06:24,300 --> 00:06:29,300 We process all the data and FBI is helping us. 103 00:06:30,270 --> 00:06:32,490 Interpol is helping us, 104 00:06:32,490 --> 00:06:35,230 and we are trying to find out 105 00:06:36,240 --> 00:06:40,440 the conclusive evidence we get maybe some. 106 00:06:40,440 --> 00:06:43,500 Investigators are sifting through 10 terabytes 107 00:06:43,500 --> 00:06:46,410 of data in the hunt for a smoking gun 108 00:06:46,410 --> 00:06:48,753 that might identify the culprits. 109 00:06:49,830 --> 00:06:53,370 Though no bank insiders have been charged over the heist, 110 00:06:53,370 --> 00:06:56,883 police say they must fully investigate the possibility. 111 00:06:57,960 --> 00:06:59,040 We are looking into that. 112 00:06:59,040 --> 00:07:01,380 Maybe a bank employee? 113 00:07:01,380 --> 00:07:02,725 Yes, maybe. 114 00:07:06,630 --> 00:07:08,520 Bangladesh Bank denies that anyone on 115 00:07:08,520 --> 00:07:12,240 the inside was involved and also denies negligence. 116 00:07:12,240 --> 00:07:15,570 The police have not charged anyone from Bangladesh Bank 117 00:07:15,570 --> 00:07:17,073 in relation to the heist. 118 00:07:18,060 --> 00:07:19,800 To find out more, I contacted one 119 00:07:19,800 --> 00:07:22,440 of the private sector cybersecurity companies 120 00:07:22,440 --> 00:07:26,310 that have investigated the methods used by the hackers. 121 00:07:26,310 --> 00:07:27,750 What were your thoughts when you heard 122 00:07:27,750 --> 00:07:30,400 that this central bank had been hacked? 123 00:07:30,400 --> 00:07:32,940 Yeah, the early indicators show that this, 124 00:07:32,940 --> 00:07:34,200 they likely got in through 125 00:07:34,200 --> 00:07:35,790 some sort of spearfishing message. 126 00:07:35,790 --> 00:07:38,130 So basically they sent an email to someone, 127 00:07:38,130 --> 00:07:40,830 and then that person basically clicked on that email 128 00:07:40,830 --> 00:07:43,020 and had their computer system infected. 129 00:07:43,020 --> 00:07:44,190 Now, they were going 130 00:07:44,190 --> 00:07:45,900 after what's called the SWIFT terminals. 131 00:07:45,900 --> 00:07:46,920 These are the terminals 132 00:07:46,920 --> 00:07:48,810 or computers that are responsible 133 00:07:48,810 --> 00:07:51,510 for conducting large bank transfers 134 00:07:51,510 --> 00:07:54,210 between organizations or even countries. 135 00:07:54,210 --> 00:07:56,820 It's basically they're modifying the applications 136 00:07:56,820 --> 00:07:59,070 on the computer that has sort of been hijacked. 137 00:07:59,070 --> 00:08:01,290 And remember, those computers are actually inside the bank. 138 00:08:01,290 --> 00:08:03,240 This is a case where this institution 139 00:08:03,240 --> 00:08:06,333 was compromised more so than anything SWIFT specific. 140 00:08:08,430 --> 00:08:09,510 Within weeks, 141 00:08:09,510 --> 00:08:11,700 the central bank governor, Atiur Rahman, 142 00:08:11,700 --> 00:08:13,383 felt he had to resign. 143 00:08:14,730 --> 00:08:16,650 They were blaming the institution, 144 00:08:16,650 --> 00:08:18,510 they're blaming the governor. 145 00:08:18,510 --> 00:08:23,510 And I thought, the central bank is a very sacred place. 146 00:08:23,730 --> 00:08:27,330 It's a very, very, very, I would say, highly esteemed place. 147 00:08:27,330 --> 00:08:32,330 You cannot just put a mud on it the way you are liking. 148 00:08:32,790 --> 00:08:36,360 So I took myself, not only myself away, 149 00:08:36,360 --> 00:08:38,400 I tried to protect the central bank, 150 00:08:38,400 --> 00:08:40,533 the integrity of the central bank. 151 00:08:45,390 --> 00:08:47,250 In Bangladesh, the investigation into 152 00:08:47,250 --> 00:08:50,340 who stole the $81 million continues, 153 00:08:50,340 --> 00:08:51,720 but it's quite possible 154 00:08:51,720 --> 00:08:53,070 that the hackers may actually 155 00:08:53,070 --> 00:08:55,113 have never set foot in the country. 156 00:08:56,040 --> 00:08:58,680 The missing millions were sent overseas, 157 00:08:58,680 --> 00:09:01,680 and I'm following the money trail to the Philippines 158 00:09:01,680 --> 00:09:05,725 where electronic wire transfers became hard cash. 159 00:09:34,920 --> 00:09:36,210 This is the story of one 160 00:09:36,210 --> 00:09:38,583 of the world's biggest cyber heists. 161 00:09:39,954 --> 00:09:42,600 How hackers stole 10s of millions 162 00:09:42,600 --> 00:09:45,090 of dollars from Bangladesh's Central Bank 163 00:09:45,090 --> 00:09:47,253 and appear to have got away with it. 164 00:09:48,120 --> 00:09:51,930 To try to find out how, I've come to Manila. 165 00:09:51,930 --> 00:09:54,120 It's the sprawling capital of the Philippines 166 00:09:54,120 --> 00:09:56,823 and one of the fastest growing cities in Asia. 167 00:09:58,950 --> 00:10:00,810 This is a society that thrives 168 00:10:00,810 --> 00:10:02,883 on its links to the outside world. 169 00:10:04,140 --> 00:10:07,200 One of its biggest exports is workers. 170 00:10:07,200 --> 00:10:09,990 More than 2 million Filipinos work overseas 171 00:10:09,990 --> 00:10:14,430 and send more than $25 billion a year in remittances 172 00:10:14,430 --> 00:10:16,053 to their loved ones back home. 173 00:10:17,340 --> 00:10:18,480 It's a flow of revenue 174 00:10:18,480 --> 00:10:21,210 that helps drive the country's economy. 175 00:10:21,210 --> 00:10:24,270 Manila's business district has expanded substantially 176 00:10:24,270 --> 00:10:27,840 over the last decade, but its banking sector operates under 177 00:10:27,840 --> 00:10:31,020 unusually strict secrecy laws, 178 00:10:31,020 --> 00:10:32,910 and that includes the institution, 179 00:10:32,910 --> 00:10:36,030 which helped turn the transfers from Bangladesh 180 00:10:36,030 --> 00:10:38,070 into hard cash. 181 00:10:38,070 --> 00:10:40,590 It was by sending money here 182 00:10:40,590 --> 00:10:43,267 that the thieves effectively made their getaway. 183 00:10:43,267 --> 00:10:46,680 $81 million of Bangladesh Bank's funds 184 00:10:46,680 --> 00:10:51,680 ended up in this local branch of a bank called RCBC. 185 00:10:51,960 --> 00:10:53,490 And they did it using bank accounts 186 00:10:53,490 --> 00:10:56,970 that had been opened months earlier using fake IDs 187 00:10:56,970 --> 00:10:59,790 and had since lane inactive. 188 00:10:59,790 --> 00:11:02,700 The hackers had sent payment requests from Bangladesh Bank 189 00:11:02,700 --> 00:11:04,860 to the New York Fed on Thursday, 190 00:11:04,860 --> 00:11:09,360 and by Friday, the money had hit accounts at RCBC in Manila. 191 00:11:09,360 --> 00:11:11,340 It was then moved between an array 192 00:11:11,340 --> 00:11:13,110 of other accounts controlled 193 00:11:13,110 --> 00:11:15,630 by a remittance company called PhilRem 194 00:11:15,630 --> 00:11:18,960 and some of it was converted into Philippine pesos. 195 00:11:18,960 --> 00:11:20,790 Over a period of 10 days, 196 00:11:20,790 --> 00:11:23,940 the money was transferred electronically and in cash 197 00:11:23,940 --> 00:11:27,330 and channeled into Manila's casino industry. 198 00:11:27,330 --> 00:11:29,520 The accounts here on Jupiter Street 199 00:11:29,520 --> 00:11:32,100 were a vital clue for investigators. 200 00:11:32,100 --> 00:11:34,440 They were crucial for laundering the money, 201 00:11:34,440 --> 00:11:37,080 and someone had set them up using false names 202 00:11:37,080 --> 00:11:38,790 and fake credentials. 203 00:11:38,790 --> 00:11:39,790 The question is who? 204 00:11:47,981 --> 00:11:50,730 The Philippines Senate held an inquiry into the laundering 205 00:11:50,730 --> 00:11:52,323 of the proceeds of the heist. 206 00:11:53,430 --> 00:11:55,410 It heard that the accounts were opened 207 00:11:55,410 --> 00:11:59,460 by the manager of the RCBC Jupiter Street branch, 208 00:11:59,460 --> 00:12:02,330 a woman called Maia Deguito. 209 00:12:02,330 --> 00:12:03,630 You tell the truth here? 210 00:12:04,470 --> 00:12:06,810 Your honor, I will tell the truth. 211 00:12:06,810 --> 00:12:09,810 She says she opened the accounts for this man, 212 00:12:09,810 --> 00:12:11,100 a Manila casino owner 213 00:12:11,100 --> 00:12:15,120 and agent she'd known for several years, called Kim Wong, 214 00:12:15,120 --> 00:12:17,793 who also gave evidence at the inquiry. 215 00:12:19,498 --> 00:12:22,230 Maia Deguito declined to be interviewed for this program, 216 00:12:22,230 --> 00:12:24,300 but she testified to the inquiry 217 00:12:24,300 --> 00:12:27,030 that she had actually met four people 218 00:12:27,030 --> 00:12:29,133 whose names were on the accounts. 219 00:12:32,400 --> 00:12:34,380 She's been represented by a lawyer 220 00:12:34,380 --> 00:12:36,840 who has an unusual taste in art. 221 00:12:36,840 --> 00:12:40,420 Mr. Wong vouch for their identities, presented documents 222 00:12:42,480 --> 00:12:44,400 which showed their identities 223 00:12:44,400 --> 00:12:47,400 and requested her to open accounts 224 00:12:47,400 --> 00:12:51,690 in her branch on behalf of these five individuals, 225 00:12:51,690 --> 00:12:56,690 and with the promise that a substantial 226 00:12:57,150 --> 00:13:01,050 amount would come into these accounts. 227 00:13:01,050 --> 00:13:03,690 Wong hasn't been formally charged over the heist, 228 00:13:03,690 --> 00:13:05,760 but is subject to civil action. 229 00:13:05,760 --> 00:13:08,400 He denied Deguito's version of events 230 00:13:08,400 --> 00:13:11,538 and denied knowing that the money was stolen. 231 00:13:47,580 --> 00:13:51,240 RCBC bank was fined close to $20 million for failing 232 00:13:51,240 --> 00:13:53,550 to comply with banking regulations 233 00:13:53,550 --> 00:13:57,330 and its chief executive and president resigned. 234 00:13:57,330 --> 00:14:00,330 The bank said it accepted the findings of the regulator 235 00:14:00,330 --> 00:14:02,460 and wants to move on. 236 00:14:02,460 --> 00:14:06,480 The company's lawyer says Maia Deguito was a rogue employee. 237 00:14:06,480 --> 00:14:09,840 The branch manager says that she was naive, 238 00:14:09,840 --> 00:14:12,600 that she was a pawn in a much larger plan, 239 00:14:12,600 --> 00:14:16,050 which she didn't clearly understand at the time. 240 00:14:16,050 --> 00:14:17,610 I disagree with that. 241 00:14:17,610 --> 00:14:19,530 She knows the banking system. 242 00:14:19,530 --> 00:14:22,560 She's trained of all the policies of the bank, 243 00:14:22,560 --> 00:14:25,263 so I don't agree with that one. 244 00:14:26,460 --> 00:14:28,590 Just because she's trained in the policies of the bank, 245 00:14:28,590 --> 00:14:32,190 is that enough for RCBC to conclude that she is a single 246 00:14:32,190 --> 00:14:35,550 or a rogue employee within one branch? 247 00:14:35,550 --> 00:14:40,170 It was actually the, all the circumstances taken together. 248 00:14:40,170 --> 00:14:43,320 Number one is that she knew about these accounts. 249 00:14:43,320 --> 00:14:45,030 She set it up. 250 00:14:45,030 --> 00:14:48,450 Second is when she was obviously waiting for the funds 251 00:14:48,450 --> 00:14:51,420 to be credited, and when it was she credited 252 00:14:51,420 --> 00:14:56,100 she acted with lighting speed in getting these accounts out 253 00:14:56,100 --> 00:14:59,043 of the beneficiary accounts into other accounts. 254 00:15:00,570 --> 00:15:04,080 The Senate report documented the timing of the payments. 255 00:15:04,080 --> 00:15:07,260 Many were made within minutes of each other. 256 00:15:07,260 --> 00:15:08,730 Maia Deguito's lawyers say 257 00:15:08,730 --> 00:15:12,000 that when funds were received on February the fifth, 258 00:15:12,000 --> 00:15:14,430 she confirmed the legitimacy of the remittances 259 00:15:14,430 --> 00:15:16,530 with RCBC head office 260 00:15:16,530 --> 00:15:21,090 and received emails confirming they were from valid sources. 261 00:15:21,090 --> 00:15:23,880 Her legal team say she didn't have authority 262 00:15:23,880 --> 00:15:26,400 to unilaterally prevent transfers, 263 00:15:26,400 --> 00:15:28,770 and their client was told there was no reason 264 00:15:28,770 --> 00:15:30,720 to hold the funds. 265 00:15:30,720 --> 00:15:31,950 Following an investigation 266 00:15:31,950 --> 00:15:34,350 by anti-money laundering authorities, 267 00:15:34,350 --> 00:15:36,870 the Philippine Department of Justice has recommended 268 00:15:36,870 --> 00:15:38,790 that Maia Deguito be charged 269 00:15:38,790 --> 00:15:41,043 with eight counts of money laundering. 270 00:15:41,910 --> 00:15:45,120 Her legal team is trying to quash the charges against her, 271 00:15:45,120 --> 00:15:48,813 but if the case goes ahead, she will plead not guilty. 272 00:15:49,770 --> 00:15:52,710 Sergio Osmena, a former Philippines senator 273 00:15:52,710 --> 00:15:55,170 who sat on the committee looking into the heist, 274 00:15:55,170 --> 00:15:56,970 says he doesn't believe seven days 275 00:15:56,970 --> 00:16:00,300 of testimony uncovered the whole story. 276 00:16:00,300 --> 00:16:04,440 We couldn't quite get her to explain everything 277 00:16:04,440 --> 00:16:07,983 because we did not give her witness protection program. 278 00:16:08,970 --> 00:16:10,890 So I left it up to the AMLA. 279 00:16:10,890 --> 00:16:14,010 I said, okay, AMLA you take care of Maia Deguito. 280 00:16:14,010 --> 00:16:16,110 They filed a case against her already, 281 00:16:16,110 --> 00:16:19,560 so she had to stop talking in the senate 282 00:16:19,560 --> 00:16:22,980 because anything she'd said would be used against her 283 00:16:22,980 --> 00:16:23,823 in the case. 284 00:16:24,780 --> 00:16:26,070 At the Senate inquiry, 285 00:16:26,070 --> 00:16:27,750 one of Deguito's former colleagues 286 00:16:27,750 --> 00:16:29,400 said that at the time of the heist, 287 00:16:29,400 --> 00:16:31,829 she talked about being threatened. 288 00:16:35,550 --> 00:16:37,950 I would rather do this than me being killed, 289 00:16:37,950 --> 00:16:38,793 or my family. 290 00:16:40,980 --> 00:16:43,650 Deguito's lawyer denies the threat was made. 291 00:16:43,650 --> 00:16:45,930 He says she's determined to prove her innocence 292 00:16:45,930 --> 00:16:47,760 and didn't know she was being used 293 00:16:47,760 --> 00:16:49,950 to bring fraudulent money into the country. 294 00:16:49,950 --> 00:16:54,360 He also says she's been offered a deal to speak to the FBI, 295 00:16:54,360 --> 00:16:55,980 which has been leading an international 296 00:16:55,980 --> 00:16:57,840 investigation into the heist. 297 00:16:57,840 --> 00:17:00,540 The FBI has declined to comment. 298 00:17:00,540 --> 00:17:04,983 Yes, there was an offer, it was a standard offer for her. 299 00:17:06,180 --> 00:17:09,630 It came under nomenclature of "Queen for a Day" 300 00:17:09,630 --> 00:17:13,080 for a day, wherein as she would say everything 301 00:17:13,080 --> 00:17:15,723 and she would be given limited impunity. 302 00:17:16,650 --> 00:17:18,990 We came to the conclusion 303 00:17:18,990 --> 00:17:23,910 that it would not offer enough protection for my client. 304 00:17:23,910 --> 00:17:28,345 So we had to politely decline the offer of the FBI. 305 00:17:31,260 --> 00:17:33,690 When the money left RCBC, it was paid 306 00:17:33,690 --> 00:17:36,333 to accounts at the PhilRem Remittance company. 307 00:17:37,200 --> 00:17:40,770 PhilRim was run by Michael and Salud Bautista. 308 00:17:40,770 --> 00:17:42,270 They, along with Kim Wong, 309 00:17:42,270 --> 00:17:45,240 and the company that owns a casino called Solaire, 310 00:17:45,240 --> 00:17:47,580 are the subject of pending legal action 311 00:17:47,580 --> 00:17:49,140 by money laundering authorities 312 00:17:49,140 --> 00:17:52,143 to try to recover some of the stolen money. 313 00:17:53,010 --> 00:17:55,530 Kim Wong and Solaire say they are complying 314 00:17:55,530 --> 00:17:56,700 with the authorities. 315 00:17:56,700 --> 00:18:00,483 The Bautistas have not responded to our request for comment. 316 00:18:02,310 --> 00:18:04,140 We account the $81 million 317 00:18:04,140 --> 00:18:09,140 and we filed several civil for future cases against Solaire, 318 00:18:09,480 --> 00:18:12,720 against the company of Kim Wong, 319 00:18:12,720 --> 00:18:16,689 against Kim Wong himself and PhilRem. 320 00:18:16,689 --> 00:18:20,310 And the total of our claim is around more 321 00:18:20,310 --> 00:18:21,483 or less $81 million. 322 00:18:22,680 --> 00:18:25,530 The ALMC also filed criminal complaints 323 00:18:25,530 --> 00:18:27,930 against Maia Deguito, Kim Wong, 324 00:18:27,930 --> 00:18:30,600 and PhilRem executives, including Salud 325 00:18:30,600 --> 00:18:32,370 and Michael Bautista. 326 00:18:32,370 --> 00:18:34,440 They were considered by the Philippines Department 327 00:18:34,440 --> 00:18:37,560 of Justice, but the only case the Justice Department 328 00:18:37,560 --> 00:18:40,893 is pursuing is that against Maia Deguito. 329 00:18:42,033 --> 00:18:43,380 The AMLC has asked them 330 00:18:43,380 --> 00:18:46,980 to reconsider the complaint against Wong and the Bautistas, 331 00:18:46,980 --> 00:18:48,900 and is waiting for a decision. 332 00:18:48,900 --> 00:18:51,120 Wong has declined to comment 333 00:18:51,120 --> 00:18:54,090 and the Bautistas have not responded to our inquiries. 334 00:18:54,090 --> 00:18:56,040 We ask the Department of Justice 335 00:18:56,040 --> 00:18:58,770 why it wasn't taking the other cases forward, 336 00:18:58,770 --> 00:19:00,363 but it declined to comment. 337 00:19:04,900 --> 00:19:07,230 One stumbling block for the Senate's inquiry was 338 00:19:07,230 --> 00:19:10,020 the unusually high level of privacy afforded 339 00:19:10,020 --> 00:19:11,700 to bank accounts. 340 00:19:11,700 --> 00:19:13,650 The Philippines, along with Switzerland 341 00:19:13,650 --> 00:19:15,060 and Lebanon has one 342 00:19:15,060 --> 00:19:18,333 of the most secretive banking sectors in the world. 343 00:19:20,370 --> 00:19:22,800 These secrecy laws are almost unique 344 00:19:22,800 --> 00:19:24,300 to the Philippines banking system, 345 00:19:24,300 --> 00:19:27,480 although it has to be said widely supported by the majority 346 00:19:27,480 --> 00:19:29,190 of lawmakers here. 347 00:19:29,190 --> 00:19:32,520 But that privacy for all accounts held in this country made 348 00:19:32,520 --> 00:19:35,790 life extremely difficult for the Senate investigators trying 349 00:19:35,790 --> 00:19:39,930 to trace the missing millions, keeping doors firmly closed 350 00:19:39,930 --> 00:19:42,660 that many of them would gladly have seen opened. 351 00:19:42,660 --> 00:19:47,580 Kim Wong's bank account. We couldn't get it. 352 00:19:47,580 --> 00:19:50,310 PhlRem's bank account. We couldn't get it. 353 00:19:50,310 --> 00:19:52,653 Why? 354 00:19:53,670 --> 00:19:55,710 Bank Secrecy Act. 355 00:19:55,710 --> 00:19:58,170 It stopped us from getting the whole picture. 356 00:19:58,170 --> 00:20:00,090 It stopped us from tracing the money 357 00:20:00,090 --> 00:20:05,090 because we couldn't get the bank accounts of anybody. 358 00:20:06,750 --> 00:20:09,660 Almost $15 million has been recovered according 359 00:20:09,660 --> 00:20:11,850 to the official Philippine Senate report. 360 00:20:11,850 --> 00:20:13,800 Some of it handed over by Kim Wong 361 00:20:13,800 --> 00:20:16,077 who denied knowing it was stolen. 362 00:20:16,077 --> 00:20:20,490 The AMLC says, PhilRem still holds $17 million 363 00:20:20,490 --> 00:20:23,910 of the stolen money and is suing for its return. 364 00:20:23,910 --> 00:20:25,923 The company denies it has the money. 365 00:20:26,940 --> 00:20:30,120 Almost $50 million has been traced to casinos 366 00:20:30,120 --> 00:20:32,520 and gambling junket operators according 367 00:20:32,520 --> 00:20:34,800 to the AMLC investigation, 368 00:20:34,800 --> 00:20:38,223 but none of that 67 million has been recovered. 369 00:20:42,060 --> 00:20:44,100 Gambling junkets are paid for trips 370 00:20:44,100 --> 00:20:46,320 that attract high spending visitors, 371 00:20:46,320 --> 00:20:48,360 many from China. 372 00:20:48,360 --> 00:20:49,680 According to the Senate report, 373 00:20:49,680 --> 00:20:52,500 most of the $81 million was channeled to casinos 374 00:20:52,500 --> 00:20:55,080 and junkets, which were effectively being used 375 00:20:55,080 --> 00:20:57,543 by the criminals to complete the getaway. 376 00:20:58,440 --> 00:21:01,950 It said 10s of millions of dollars from the heist were used 377 00:21:01,950 --> 00:21:03,600 to buy chips that were gambled 378 00:21:03,600 --> 00:21:06,213 by junket groups on Manila's tables. 379 00:21:07,590 --> 00:21:10,710 According to the inquiry, one group had known winnings 380 00:21:10,710 --> 00:21:12,840 of more than $5 million, 381 00:21:12,840 --> 00:21:14,760 but the junket operators could have made 382 00:21:14,760 --> 00:21:17,100 much more than that. 383 00:21:17,100 --> 00:21:19,980 The casinos denied knowing where the money came from, 384 00:21:19,980 --> 00:21:22,440 and it's not known whether the gamblers knew the money 385 00:21:22,440 --> 00:21:24,903 they'd borrowed to play was stolen. 386 00:21:36,870 --> 00:21:38,700 Wong who had years of experience 387 00:21:38,700 --> 00:21:41,760 with junkets in Manila told the Senate inquiry, 388 00:21:41,760 --> 00:21:44,103 the men who got the funds into the casinos 389 00:21:44,103 --> 00:21:46,650 were Chinese nationals. 390 00:21:46,650 --> 00:21:49,830 Gao Shuhua, who he'd known for eight years, 391 00:21:49,830 --> 00:21:52,980 and Ding Zhize, who was based in Macau. 392 00:21:52,980 --> 00:21:55,470 The inquiry said much of the money was transferred 393 00:21:55,470 --> 00:21:58,650 to casino accounts in Ding's name. 394 00:21:58,650 --> 00:22:01,263 The men are of high interest to investigators. 395 00:22:02,520 --> 00:22:03,370 They were gone. 396 00:22:04,740 --> 00:22:05,850 They left the country. 397 00:22:05,850 --> 00:22:07,950 Well, I don't know because there's no record 398 00:22:07,950 --> 00:22:10,620 of their having left the country, but they were gone. 399 00:22:10,620 --> 00:22:12,990 We couldn't get hold of them. 400 00:22:12,990 --> 00:22:16,440 How do you think it was so easy for them to disappear? 401 00:22:16,440 --> 00:22:18,390 Oh, it's easy in this country. 402 00:22:18,390 --> 00:22:20,140 We have a very porous border 403 00:22:21,960 --> 00:22:25,353 and you bribe anybody and you'll get out. 404 00:22:26,880 --> 00:22:27,990 The casinos were used 405 00:22:27,990 --> 00:22:31,440 for turning the electronic money transfers into hard cash. 406 00:22:31,440 --> 00:22:33,180 Though there's been no inference, 407 00:22:33,180 --> 00:22:35,133 they knew the funds were stolen. 408 00:22:35,970 --> 00:22:39,090 They weren't covered by money laundering laws at the time 409 00:22:39,090 --> 00:22:42,423 and weren't required to record large transactions. 410 00:22:43,560 --> 00:22:45,630 For Sergio Osmena's committee, 411 00:22:45,630 --> 00:22:48,420 the heist exposed serious flaws 412 00:22:48,420 --> 00:22:51,390 and they were flaws that were predictable. 413 00:22:51,390 --> 00:22:54,179 I was concerned, especially in 2010 414 00:22:54,179 --> 00:22:58,620 when they were going to develop the four big casinos here. 415 00:22:58,620 --> 00:23:03,620 When they did that, I said it's time that we 416 00:23:03,810 --> 00:23:06,360 updated our money laundering law 417 00:23:06,360 --> 00:23:09,930 because this is gonna be very bad for us. 418 00:23:09,930 --> 00:23:12,030 The senators knew, 419 00:23:12,030 --> 00:23:14,040 and the congressmen knew 420 00:23:14,040 --> 00:23:16,773 that money laundering would happen, 421 00:23:18,000 --> 00:23:21,570 except that they're probably gonna wait for the first big, 422 00:23:21,570 --> 00:23:22,890 big thing to explode. 423 00:23:22,890 --> 00:23:27,450 And so it so happened that in 2016 this thing exploded, 424 00:23:27,450 --> 00:23:31,390 so we were able to get them to plug the loophole 425 00:23:32,340 --> 00:23:34,140 on the money laundering and casinos. 426 00:23:35,130 --> 00:23:36,090 The Senate's inquiry 427 00:23:36,090 --> 00:23:37,860 made more than a dozen recommendations, 428 00:23:37,860 --> 00:23:41,070 which included extending money laundering laws to casinos 429 00:23:41,070 --> 00:23:43,290 and making it easier to access information 430 00:23:43,290 --> 00:23:44,523 about bank accounts. 431 00:23:45,390 --> 00:23:49,230 New laws covering the casinos were passed in July, 2017 432 00:23:49,230 --> 00:23:50,700 and earlier that year, 433 00:23:50,700 --> 00:23:53,640 the Philippines appointed a new central bank governor 434 00:23:53,640 --> 00:23:56,310 who vowed to make it harder for dirty money 435 00:23:56,310 --> 00:23:58,023 to enter the financial system. 436 00:23:58,890 --> 00:24:03,720 But Osmena says he found it hard to get politicians to act. 437 00:24:03,720 --> 00:24:07,830 We have the strictest bank secrecy law in the world, 438 00:24:07,830 --> 00:24:10,410 and I can't get any of my congressmen 439 00:24:10,410 --> 00:24:13,170 or senators to amend that law. 440 00:24:13,170 --> 00:24:16,680 That's another reason why it still would be tempting 441 00:24:16,680 --> 00:24:21,290 for somebody to come and launder money in the country. 442 00:24:33,000 --> 00:24:35,280 There are strong links between the casino industry 443 00:24:35,280 --> 00:24:36,570 in the Philippines 444 00:24:36,570 --> 00:24:40,320 and the Chinese gambling haven of Macau. 445 00:24:40,320 --> 00:24:43,030 And it's there I'm heading next. 446 00:25:20,250 --> 00:25:23,640 I've come to Macau, a former Portuguese colony now part 447 00:25:23,640 --> 00:25:27,943 of China that many called the Las Vegas of the East. 448 00:25:33,090 --> 00:25:35,580 Macau was the home of the junket, 449 00:25:35,580 --> 00:25:38,610 organized gambling holidays where Chinese high rollers 450 00:25:38,610 --> 00:25:41,370 could get round domestic currency restrictions 451 00:25:41,370 --> 00:25:44,400 by borrowing millions of dollars from the operators 452 00:25:44,400 --> 00:25:46,740 to pour onto the Baccarat tables, 453 00:25:46,740 --> 00:25:48,903 and pay it back when they got home. 454 00:25:50,340 --> 00:25:54,810 According to Kim Wong, it was in Macau that Ding Zhize, 455 00:25:54,810 --> 00:25:56,100 one of the Chinese men 456 00:25:56,100 --> 00:25:59,640 who operated the junkets in the Philippines was based. 457 00:25:59,640 --> 00:26:01,110 And a crackdown in Macau 458 00:26:01,110 --> 00:26:03,750 and weak money laundering laws in the Philippines 459 00:26:03,750 --> 00:26:06,960 made Manila's gambling tables increasingly attractive 460 00:26:06,960 --> 00:26:08,703 to Chinese high rollers. 461 00:26:10,260 --> 00:26:13,080 Restrictions on cash moving from the Chinese mainland 462 00:26:13,080 --> 00:26:14,850 to Macau had been introduced 463 00:26:14,850 --> 00:26:17,790 because of concern that corrupt officials were betting 464 00:26:17,790 --> 00:26:19,110 embezzled money there, 465 00:26:19,110 --> 00:26:20,700 in casinos where according 466 00:26:20,700 --> 00:26:24,330 to one supervisor, "Few questions were asked." 467 00:26:24,330 --> 00:26:26,880 Tell us about how people enjoy the gambling. 468 00:26:26,880 --> 00:26:28,083 Why is it addictive? 469 00:26:53,609 --> 00:26:55,140 And according to Benny Sio, 470 00:26:55,140 --> 00:26:58,713 no one pays too much attention to the source of the money. 471 00:27:25,980 --> 00:27:28,020 This whole junket model in Macau 472 00:27:28,020 --> 00:27:30,030 is now under serious pressure. 473 00:27:30,030 --> 00:27:33,780 The Chinese government has tightened outgoing capital flows 474 00:27:33,780 --> 00:27:36,510 and beefed up its anti-corruption operations 475 00:27:36,510 --> 00:27:39,750 and the authorities here are cooperating with that. 476 00:27:39,750 --> 00:27:41,940 The downside of such crackdowns 477 00:27:41,940 --> 00:27:44,280 for countries like the Philippines is 478 00:27:44,280 --> 00:27:46,957 that the money launderers simply move on. 479 00:27:58,154 --> 00:28:01,740 New York City, one of the world's biggest financial centers 480 00:28:01,740 --> 00:28:02,573 and home to one of 481 00:28:02,573 --> 00:28:05,313 its most important financial institutions, 482 00:28:06,180 --> 00:28:09,900 the Federal Reserve Bank of New York or the Fed. 483 00:28:09,900 --> 00:28:14,900 Its Manhattan headquarters, sit on top of 508,000 gold bars 484 00:28:15,450 --> 00:28:20,313 and it handles around $800 billion of payments every day. 485 00:28:21,420 --> 00:28:24,030 Jonathan Spicer reports on its activity 486 00:28:24,030 --> 00:28:26,970 which moves markets around the world. 487 00:28:26,970 --> 00:28:29,220 Well, no one thinks as the Federal Reserve in terms 488 00:28:29,220 --> 00:28:32,790 of cyber heist, usually you think of, you know, economics, 489 00:28:32,790 --> 00:28:34,380 you think of labor markets, you think 490 00:28:34,380 --> 00:28:36,750 of macro models at the US Central Bank 491 00:28:36,750 --> 00:28:39,450 and its economists are pouring over to try to decide what 492 00:28:39,450 --> 00:28:40,740 to do about interest rates. 493 00:28:40,740 --> 00:28:43,410 It turns out, of course, that there's about three 494 00:28:43,410 --> 00:28:45,120 and a half trillion dollars 495 00:28:45,120 --> 00:28:48,783 of foreign funds being held at the New York Fed, 496 00:28:49,746 --> 00:28:53,250 and the Fed is basically account custodian 497 00:28:53,250 --> 00:28:56,643 for 250 foreign entities around the world. 498 00:28:57,600 --> 00:29:00,390 And its customers included Bangladesh's Central Bank, 499 00:29:00,390 --> 00:29:02,100 and it was to the New York Fed 500 00:29:02,100 --> 00:29:05,880 that the hackers sent 35 messages requesting payments 501 00:29:05,880 --> 00:29:07,713 from the Bangladesh Bank account. 502 00:29:09,090 --> 00:29:10,440 Things could have been a lot worse, 503 00:29:10,440 --> 00:29:12,900 but for an extraordinary coincidence. 504 00:29:12,900 --> 00:29:15,060 Millions of dollars, hundreds of millions 505 00:29:15,060 --> 00:29:16,140 were never transferred 506 00:29:16,140 --> 00:29:18,420 because the name Jupiter in the address 507 00:29:18,420 --> 00:29:21,990 for the bank happened to match that of an oil tanker. 508 00:29:21,990 --> 00:29:23,580 Nothing to do with the heist, 509 00:29:23,580 --> 00:29:26,520 but on the list of US sanctions against Iran. 510 00:29:26,520 --> 00:29:29,280 As a result, most of the transfer orders were flagged 511 00:29:29,280 --> 00:29:32,733 as suspicious and blocked by the Fed. 512 00:29:33,570 --> 00:29:36,030 And there were other reasons the transfer requests could 513 00:29:36,030 --> 00:29:37,590 have aroused suspicion. 514 00:29:37,590 --> 00:29:39,390 They were different to most payments made 515 00:29:39,390 --> 00:29:40,740 by Bangladesh Bank. 516 00:29:40,740 --> 00:29:42,630 They weren't formatted properly 517 00:29:42,630 --> 00:29:44,100 and these were large payments 518 00:29:44,100 --> 00:29:47,046 to individuals rather than organizations. 519 00:29:53,160 --> 00:29:55,020 But largely because the requests appear 520 00:29:55,020 --> 00:29:59,324 to be authenticated by SWIFT, $81 million was sent. 521 00:30:05,370 --> 00:30:08,070 When I use my card in a foreign country, for example, 522 00:30:08,070 --> 00:30:10,470 or for a sudden large purchase, 523 00:30:10,470 --> 00:30:14,130 it can trigger a simple fraud inquiry from my bank. 524 00:30:14,130 --> 00:30:15,480 Real-time monitoring, 525 00:30:15,480 --> 00:30:17,610 the technology is quite straightforward, 526 00:30:17,610 --> 00:30:19,230 but in the case of the heist, 527 00:30:19,230 --> 00:30:21,570 nothing like that happened at the Fed. 528 00:30:21,570 --> 00:30:25,080 The vast majority of these payment requests 529 00:30:25,080 --> 00:30:26,580 that arrive on the doorstep 530 00:30:26,580 --> 00:30:30,900 of the New York Fed are automatically executed. 531 00:30:30,900 --> 00:30:33,690 You know, they come to the SWIFT network, 532 00:30:33,690 --> 00:30:37,440 they have all the boxes ticked, they're SWIFT authenticated, 533 00:30:37,440 --> 00:30:39,840 and so they automatically go out the door. 534 00:30:39,840 --> 00:30:42,090 But Fed staff were concerned enough about some 535 00:30:42,090 --> 00:30:45,540 of the payments to try to contact Bangladesh Bank. 536 00:30:45,540 --> 00:30:47,190 At the end of Thursday, 537 00:30:47,190 --> 00:30:51,210 they sent a message using SWIFT and two more on Friday, 538 00:30:51,210 --> 00:30:55,320 but hackers had compromised Bangladesh Bank's SWIFT system 539 00:30:55,320 --> 00:30:59,100 and sabotaged a crucial printer in the Dhaka office. 540 00:30:59,100 --> 00:31:03,030 It wasn't until Saturday that Bangladesh Bank staff realized 541 00:31:03,030 --> 00:31:06,930 what had happened and tried to contact the Fed urgently, 542 00:31:06,930 --> 00:31:09,480 but could only use numbers they found on the internet, 543 00:31:09,480 --> 00:31:12,720 lines that weren't answered at the weekend. 544 00:31:12,720 --> 00:31:16,080 On Monday, Bangladesh Bank finally got messages through 545 00:31:16,080 --> 00:31:18,033 to New York saying they'd been hacked. 546 00:31:20,040 --> 00:31:22,020 They would've been seen as staff arrived 547 00:31:22,020 --> 00:31:25,113 for work in New York at 7:30 in the morning. 548 00:31:26,280 --> 00:31:27,930 Former fed employees familiar 549 00:31:27,930 --> 00:31:29,700 with the bank's workings told Reuters 550 00:31:29,700 --> 00:31:32,670 that the news would have been devastating. 551 00:31:32,670 --> 00:31:34,860 People said it would've dropped like a bomb. 552 00:31:34,860 --> 00:31:37,710 Someone said everyone would've freaked out. 553 00:31:37,710 --> 00:31:39,540 Every lawyer within the US Central Bank 554 00:31:39,540 --> 00:31:41,040 would've been contacted. 555 00:31:41,040 --> 00:31:44,820 And this explains in part why when this, when the gravity 556 00:31:44,820 --> 00:31:47,250 of the situation did occur to the New York Fed, 557 00:31:47,250 --> 00:31:48,690 there was a very odd 558 00:31:48,690 --> 00:31:52,800 and very troubling from Bangladesh's perspective, a period 559 00:31:52,800 --> 00:31:55,440 of silence that lasted almost a day. 560 00:31:55,440 --> 00:31:57,780 One former insider at the Fed said 561 00:31:57,780 --> 00:32:00,030 they would've been concerned that its payment system 562 00:32:00,030 --> 00:32:02,073 had been exploited by the hackers. 563 00:32:03,030 --> 00:32:04,710 It was definitely a surprise 564 00:32:04,710 --> 00:32:06,060 because I know that they take security 565 00:32:06,060 --> 00:32:07,200 so seriously there at the Fed 566 00:32:07,200 --> 00:32:09,210 and they put so much energy towards making sure 567 00:32:09,210 --> 00:32:11,580 that only the right people have the right access 568 00:32:11,580 --> 00:32:12,663 to the right information at the right time. 569 00:32:12,663 --> 00:32:15,030 Were you surprised when you found that the, 570 00:32:15,030 --> 00:32:18,460 that such a large amount of money had passed 571 00:32:18,460 --> 00:32:20,910 through the Fed and out the other side as it were? 572 00:32:20,910 --> 00:32:22,320 Well, the Fed certainly manages a lot 573 00:32:22,320 --> 00:32:23,370 of money every single day, 574 00:32:23,370 --> 00:32:25,470 and I think the people that work there are aware 575 00:32:25,470 --> 00:32:27,390 that it's a very high stakes game, 576 00:32:27,390 --> 00:32:29,070 whatever work that they're doing there. 577 00:32:29,070 --> 00:32:31,590 So the dollar amounts didn't phase me. 578 00:32:31,590 --> 00:32:36,120 It was more about the idea of that there was any kind 579 00:32:36,120 --> 00:32:38,370 of security breach and that anything had gone wrong 580 00:32:38,370 --> 00:32:39,840 in the procedures or the communication 581 00:32:39,840 --> 00:32:41,840 between different central banks. 582 00:32:43,620 --> 00:32:45,690 And the implications of what had happened 583 00:32:45,690 --> 00:32:48,750 were sinking in beyond the banks. 584 00:32:48,750 --> 00:32:51,600 Once it became clear that an internationally recognized 585 00:32:51,600 --> 00:32:54,480 and respected institution like the Federal Reserve 586 00:32:54,480 --> 00:32:56,310 had been caught up in the heist, 587 00:32:56,310 --> 00:32:59,250 questions started being asked here in Washington. 588 00:32:59,250 --> 00:33:03,150 Alarm bells were ringing about security and reputation 589 00:33:03,150 --> 00:33:05,313 and US lawmakers wanted answers. 590 00:33:06,780 --> 00:33:09,510 US congresswoman Carolyn Maloney was one 591 00:33:09,510 --> 00:33:13,500 of the first public officials in America to ask questions. 592 00:33:13,500 --> 00:33:14,580 How could this happen? 593 00:33:14,580 --> 00:33:17,730 This is the Fed, the Federal Reserve. 594 00:33:17,730 --> 00:33:19,110 This isn't any bank. 595 00:33:19,110 --> 00:33:22,140 This is the backbone of the financial system, 596 00:33:22,140 --> 00:33:24,810 not only in America but in the world. 597 00:33:24,810 --> 00:33:28,770 And how in the world could a staggering 81 million, 598 00:33:28,770 --> 00:33:32,850 almost billion be lost in a transfer system? 599 00:33:32,850 --> 00:33:36,150 And if the transfer system doesn't work 600 00:33:36,150 --> 00:33:38,310 and it's not accurate, 601 00:33:38,310 --> 00:33:40,650 then it puts the whole banking system, 602 00:33:40,650 --> 00:33:43,080 the international banking system at risk. 603 00:33:43,080 --> 00:33:45,000 I was like, horrified. 604 00:33:45,000 --> 00:33:49,260 If this transfer wasn't secure, then no transfer is secure. 605 00:33:49,260 --> 00:33:53,640 So it's a very, very serious issue and cybersecurity, 606 00:33:53,640 --> 00:33:58,590 I would say is one of the most pressing issues of our time. 607 00:33:58,590 --> 00:34:00,420 The Fed declined our invitation 608 00:34:00,420 --> 00:34:03,123 to provide someone for interview, but said this, 609 00:34:03,997 --> 00:34:06,240 "While the event in February, 2016 610 00:34:06,240 --> 00:34:07,680 did not result in a breach 611 00:34:07,680 --> 00:34:10,680 or compromise of the New York Fed systems, 612 00:34:10,680 --> 00:34:13,260 we did view this as an opportunity to further strengthen 613 00:34:13,260 --> 00:34:15,600 the safety of global payments. 614 00:34:15,600 --> 00:34:18,270 The New York Fed performs certain screening of 615 00:34:18,270 --> 00:34:21,570 and diligence on funds transfers sent both to 616 00:34:21,570 --> 00:34:25,710 and from the accounts of foreign central banks on our books. 617 00:34:25,710 --> 00:34:27,720 The robustness of cybersecurity 618 00:34:27,720 --> 00:34:30,480 around the global payment system must continue 619 00:34:30,480 --> 00:34:34,590 to be a priority for each participant in the chain." 620 00:34:34,590 --> 00:34:38,340 Finger pointing was happening both privately and publicly 621 00:34:38,340 --> 00:34:39,570 as it turned out between 622 00:34:39,570 --> 00:34:42,840 the Federal Reserve, Bangladesh, SWIFT, 623 00:34:42,840 --> 00:34:45,990 and then increasingly officials in the Philippines, 624 00:34:45,990 --> 00:34:48,060 where much of the money ended up disappearing 625 00:34:48,060 --> 00:34:50,130 into the casino system there. 626 00:34:50,130 --> 00:34:53,220 So you had the squabble that became louder and louder 627 00:34:53,220 --> 00:34:55,050 and more and more public. 628 00:34:55,050 --> 00:34:58,858 And then also the New York Fed took some steps 629 00:34:58,858 --> 00:35:03,810 as we reported, based on conversations with those familiar 630 00:35:03,810 --> 00:35:08,220 with the moves to bring in a 24-hour hotline 631 00:35:08,220 --> 00:35:10,020 for all clients. 632 00:35:10,020 --> 00:35:13,530 Something that for your everyday observer 633 00:35:13,530 --> 00:35:15,930 seems like kind of an obvious move, 634 00:35:15,930 --> 00:35:18,060 especially when you're sitting atop nearly three 635 00:35:18,060 --> 00:35:19,230 and a half trillion dollars. 636 00:35:19,230 --> 00:35:22,650 You want to allow for your clients to quickly get in touch 637 00:35:22,650 --> 00:35:26,340 with you and not just rely on this SWIFT system 638 00:35:26,340 --> 00:35:27,750 and an archaic, 639 00:35:27,750 --> 00:35:31,113 an archaic convention of communicating that way. 640 00:35:33,120 --> 00:35:35,250 Brussels, Belgian capital 641 00:35:35,250 --> 00:35:37,350 and home to European institutions 642 00:35:37,350 --> 00:35:39,870 as well as the headquarters of SWIFT, 643 00:35:39,870 --> 00:35:44,220 a cooperative organization owned by the banks that use it. 644 00:35:44,220 --> 00:35:48,090 Well in 1973 you have to go back to then, 645 00:35:48,090 --> 00:35:53,090 banks were sending messages to each other using the telex. 646 00:35:53,190 --> 00:35:57,000 Imagine getting 10,000 faxes a day. 647 00:35:57,000 --> 00:35:59,940 Not very secure, not very automated. 648 00:35:59,940 --> 00:36:03,510 So 239 banks from 15 countries said, 649 00:36:03,510 --> 00:36:06,450 hey, let's use computers 1973, 650 00:36:06,450 --> 00:36:08,370 let's use global telecommunications 651 00:36:08,370 --> 00:36:09,510 and try to get it to work. 652 00:36:09,510 --> 00:36:11,400 And they formed the Society 653 00:36:11,400 --> 00:36:16,140 for Worldwide Interbank Financial Telecommunication, SWIFT. 654 00:36:16,140 --> 00:36:20,430 And today, fast forward it's thousands of banks, 655 00:36:20,430 --> 00:36:22,710 hundreds of, 200 countries, 656 00:36:22,710 --> 00:36:25,050 and trillions of dollars a day flow 657 00:36:25,050 --> 00:36:28,620 through the SWIFT network, over 10 trillion a day now. 658 00:36:28,620 --> 00:36:30,780 And it was SWIFT's messaging system 659 00:36:30,780 --> 00:36:33,873 that the hackers access to send messages to the Fed. 660 00:36:35,340 --> 00:36:36,480 We always realized 661 00:36:36,480 --> 00:36:40,837 that SWIFT's weak spot were at the user's terminal, 662 00:36:40,837 --> 00:36:42,660 at the end points. 663 00:36:42,660 --> 00:36:45,870 'Cause we're not responsible for the physical security 664 00:36:45,870 --> 00:36:49,410 and for them keeping their own passwords safe and secure 665 00:36:49,410 --> 00:36:50,820 and other credentials. 666 00:36:50,820 --> 00:36:55,820 And over time you can imagine as cyber crime 667 00:36:55,860 --> 00:36:57,513 became much more sophisticated, 668 00:36:58,650 --> 00:37:00,330 SWIFT should have been doing more 669 00:37:00,330 --> 00:37:03,273 or could have been doing more as we all know today. 670 00:37:04,140 --> 00:37:06,397 SWIFT declined to be interviewed but said, 671 00:37:06,397 --> 00:37:09,300 "There is no indication that SWIFT's network 672 00:37:09,300 --> 00:37:12,030 or core messaging services have been compromised 673 00:37:12,030 --> 00:37:14,010 in the recent attacks on banks. 674 00:37:14,010 --> 00:37:16,500 While our customers are individually responsible 675 00:37:16,500 --> 00:37:19,290 for the security of their own environments, 676 00:37:19,290 --> 00:37:22,020 we fully recognize that the security of the industry 677 00:37:22,020 --> 00:37:25,170 as a whole is a shared responsibility. 678 00:37:25,170 --> 00:37:29,130 In mid 2016, we launched a Customer Security program 679 00:37:29,130 --> 00:37:31,260 to reinforce the local security 680 00:37:31,260 --> 00:37:34,260 of their SWIFT-related infrastructure." 681 00:37:34,260 --> 00:37:37,020 And the organization has introduced changes. 682 00:37:37,020 --> 00:37:39,570 Users like Bangladesh Bank now require 683 00:37:39,570 --> 00:37:43,680 more than just a username and a password to log in. 684 00:37:43,680 --> 00:37:45,240 SWIFT has done tremendous things 685 00:37:45,240 --> 00:37:49,080 to strengthen its interfaces with two-factor authentication, 686 00:37:49,080 --> 00:37:50,640 you know what that is, 687 00:37:50,640 --> 00:37:53,250 and other things to strengthen the software. 688 00:37:53,250 --> 00:37:55,770 They've had audit requirements for controls, 689 00:37:55,770 --> 00:37:57,780 they're certifying third-party providers. 690 00:37:57,780 --> 00:37:59,790 They have daily reconciliation reports. 691 00:37:59,790 --> 00:38:01,950 So you see what SWIFT has sent, 692 00:38:01,950 --> 00:38:03,960 whether or not you've sent it. 693 00:38:03,960 --> 00:38:05,610 If it's fraudulent you'll see it. 694 00:38:06,630 --> 00:38:10,020 And anomaly detection. 695 00:38:10,020 --> 00:38:11,220 You know you've never sent a message 696 00:38:11,220 --> 00:38:13,290 on Friday night to a casino. 697 00:38:13,290 --> 00:38:15,993 Maybe we should hold that until we talk about it. 698 00:38:17,580 --> 00:38:18,603 They've done a lot. 699 00:38:19,560 --> 00:38:20,850 But back in Washington, 700 00:38:20,850 --> 00:38:24,213 there are still doubts about depending on a single system. 701 00:38:25,170 --> 00:38:28,980 My question is why in the world were you relying 702 00:38:28,980 --> 00:38:30,750 so much on one system 703 00:38:30,750 --> 00:38:33,990 when you're moving billions and billions of dollars 704 00:38:33,990 --> 00:38:36,750 and you're relying on the SWIFT system? 705 00:38:36,750 --> 00:38:40,237 Now if the SWIFT system doesn't work right 706 00:38:40,237 --> 00:38:44,190 then the whole thing falls. 707 00:38:44,190 --> 00:38:46,050 Under pressure over the heist, 708 00:38:46,050 --> 00:38:49,800 changes have been made at some of the big institutions, 709 00:38:49,800 --> 00:38:53,700 but will they be enough to stay ahead of the hackers? 710 00:38:53,700 --> 00:38:58,137 And who was behind this audacious theft? 711 00:39:24,240 --> 00:39:25,500 This is the story of one 712 00:39:25,500 --> 00:39:27,690 of the world's biggest cyber heists. 713 00:39:27,690 --> 00:39:31,950 How hackers stole $81 million from Bangladesh Central Bank 714 00:39:31,950 --> 00:39:35,373 and appear to have got away with it, or have they? 715 00:39:36,300 --> 00:39:37,800 The FBI is on the case 716 00:39:37,800 --> 00:39:40,590 and inquiries are continuing around the world. 717 00:39:40,590 --> 00:39:43,260 Efforts are being made to trace the missing money. 718 00:39:43,260 --> 00:39:45,810 But will a bank ever get it back? 719 00:39:45,810 --> 00:39:49,173 Could it happen again and who was behind it? 720 00:39:50,220 --> 00:39:52,410 I've come to London to talk to the lawyer who, 721 00:39:52,410 --> 00:39:54,330 on behalf of Bangladesh Bank, 722 00:39:54,330 --> 00:39:57,120 is working with authorities in the Philippines 723 00:39:57,120 --> 00:39:59,430 to recover the stolen funds. 724 00:39:59,430 --> 00:40:01,500 Obviously they're doing everything 725 00:40:01,500 --> 00:40:05,220 that they can to freeze the assets, 726 00:40:05,220 --> 00:40:09,000 and I'm happy to say that they have taken effective steps 727 00:40:09,000 --> 00:40:12,570 to freeze all the money. 728 00:40:12,570 --> 00:40:15,273 The sad part is like in many parts of the world, 729 00:40:16,290 --> 00:40:18,960 the system is slow 730 00:40:18,960 --> 00:40:20,250 because it's very formal, 731 00:40:20,250 --> 00:40:23,340 has to go through the steps that need to be taken. 732 00:40:23,340 --> 00:40:25,540 And it may be a very long time 733 00:40:26,760 --> 00:40:28,470 before we know what the results going 734 00:40:28,470 --> 00:40:31,890 to be from the justice delivery system in the Philippines. 735 00:40:31,890 --> 00:40:33,900 And if the stolen money can't be recovered, 736 00:40:33,900 --> 00:40:35,130 he says Bangladesh Bank 737 00:40:35,130 --> 00:40:38,790 will then consider seeking recompense in other ways. 738 00:40:38,790 --> 00:40:41,310 We are doing everything possible to recover the funds. 739 00:40:41,310 --> 00:40:44,130 If we are not able to do it within a particular time limit, 740 00:40:44,130 --> 00:40:47,730 then we will look at other options, litigation and so on. 741 00:40:47,730 --> 00:40:50,190 You've mentioned RCBC in the Philippines, 742 00:40:50,190 --> 00:40:51,570 but you haven't mentioned the casinos. 743 00:40:51,570 --> 00:40:55,413 Are they of concern to your inquiry at all? 744 00:40:56,730 --> 00:40:59,610 For my purposes, from a strictly legal point of view, 745 00:40:59,610 --> 00:41:02,791 I'm just following the money up to the banks 746 00:41:02,791 --> 00:41:06,930 because I think using the phrase, 747 00:41:06,930 --> 00:41:11,130 the buck stops with RCBC as far as we are concerned. 748 00:41:11,130 --> 00:41:12,750 Bangladesh Bank says it's planning 749 00:41:12,750 --> 00:41:16,170 to file a civil lawsuit against RCBC, 750 00:41:16,170 --> 00:41:18,630 but RCBC says it has been a victim 751 00:41:18,630 --> 00:41:22,650 of Bangladesh Bank's negligence and denies liability. 752 00:41:22,650 --> 00:41:26,730 Liability would probably attach if number one, RCBC 753 00:41:26,730 --> 00:41:30,420 was the one who stole from Bangladesh, which we did not. 754 00:41:30,420 --> 00:41:32,880 We had nothing to do with the exiting 755 00:41:32,880 --> 00:41:35,130 of funds from Bangladesh Bank. 756 00:41:35,130 --> 00:41:39,330 And second is if RCBC has possession of those funds, 757 00:41:39,330 --> 00:41:40,860 which we do not have. 758 00:41:40,860 --> 00:41:45,330 So on the basis of those, yes we cannot subscribe 759 00:41:45,330 --> 00:41:49,170 to any hypothesis that the bank is liable. 760 00:41:49,170 --> 00:41:51,600 The RCBC bank manager, Maia Deguito, 761 00:41:51,600 --> 00:41:54,513 is likely to be tried for money laundering offenses. 762 00:41:56,700 --> 00:41:59,430 Bangladesh police have requested information from Chinese 763 00:41:59,430 --> 00:42:03,630 authorities about the junket operators, GAO and Ding, 764 00:42:03,630 --> 00:42:05,760 and say they want to know if the men are under arrest 765 00:42:05,760 --> 00:42:09,183 in China and if they've been interviewed about the heist. 766 00:42:10,260 --> 00:42:12,720 So a prosecution is now being prepared thousands 767 00:42:12,720 --> 00:42:14,430 of miles away in Manila, 768 00:42:14,430 --> 00:42:17,310 but it's broadly accepted that it's the FBI 769 00:42:17,310 --> 00:42:20,880 that's best placed to move the investigation forward. 770 00:42:20,880 --> 00:42:24,060 How much progress it's making is less clear. 771 00:42:24,060 --> 00:42:27,240 And of course there's still the question of who was actually 772 00:42:27,240 --> 00:42:28,713 behind the heist. 773 00:42:29,610 --> 00:42:31,050 What happened to much of the money 774 00:42:31,050 --> 00:42:32,640 that was played at casino tables 775 00:42:32,640 --> 00:42:35,040 in the Philippines isn't known, 776 00:42:35,040 --> 00:42:36,960 but analysis by US authorities 777 00:42:36,960 --> 00:42:40,631 and cybersecurity experts contacted by Reuters 778 00:42:40,631 --> 00:42:43,320 says the digital fingerprint found at the scene 779 00:42:43,320 --> 00:42:47,790 of the crime, Bangladesh Bank's computer systems, points 780 00:42:47,790 --> 00:42:49,143 to North Korea. 781 00:42:53,940 --> 00:42:56,700 In the UK The defense company BAE systems 782 00:42:56,700 --> 00:42:59,250 is subject to frequent attacks by hackers 783 00:42:59,250 --> 00:43:02,100 and helps other organizations defend themselves 784 00:43:02,100 --> 00:43:03,900 from cyber crime. 785 00:43:03,900 --> 00:43:05,520 According to its experts, 786 00:43:05,520 --> 00:43:07,140 the Bangladesh Bank heist bears 787 00:43:07,140 --> 00:43:09,060 the hallmark of other attacks. 788 00:43:09,060 --> 00:43:12,780 A distinctive code used to erase the tracks of hackers 789 00:43:12,780 --> 00:43:17,670 that also featured in an attack on Sony pictures in 2014. 790 00:43:17,670 --> 00:43:20,580 The US government has blamed that on North Korea, 791 00:43:20,580 --> 00:43:23,610 a claim that North Korea denies. 792 00:43:23,610 --> 00:43:25,830 So we got a few clues from the tools 793 00:43:25,830 --> 00:43:28,170 that these attackers used in Bangladesh Bank 794 00:43:28,170 --> 00:43:30,330 and other attacks that we've seen. 795 00:43:30,330 --> 00:43:33,090 And the tools are very specific to a group called Lazarus. 796 00:43:33,090 --> 00:43:34,830 And this is a name that's been given 797 00:43:34,830 --> 00:43:36,390 by the security community, 798 00:43:36,390 --> 00:43:38,670 and it's a group that has been involved 799 00:43:38,670 --> 00:43:39,870 in attacks from South Korea. 800 00:43:39,870 --> 00:43:41,850 They've been involved in attacks in the US. 801 00:43:41,850 --> 00:43:44,160 We've seen them in attacks in Europe as well. 802 00:43:44,160 --> 00:43:45,480 And they're almost certainly behind 803 00:43:45,480 --> 00:43:47,580 this Bangladesh Bank heist as well. 804 00:43:47,580 --> 00:43:48,750 A lot of people said North Korea 805 00:43:48,750 --> 00:43:49,583 is involved in this. 806 00:43:49,583 --> 00:43:51,510 I mean do you think that's a possibility? 807 00:43:51,510 --> 00:43:52,740 We can't say for certain. 808 00:43:52,740 --> 00:43:55,380 What we can say is that there are links back 809 00:43:55,380 --> 00:43:56,820 in terms of infrastructure. 810 00:43:56,820 --> 00:43:59,130 So we see hops from the IP addresses 811 00:43:59,130 --> 00:44:01,140 that go all the way back to Pyongyang. 812 00:44:01,140 --> 00:44:03,180 Ultimately, we don't know who's behind it though. 813 00:44:03,180 --> 00:44:04,710 The Russian cybersecurity firm, 814 00:44:04,710 --> 00:44:08,520 Kaspersky Lab has also said it found digital evidence 815 00:44:08,520 --> 00:44:11,400 that Lazarus hackers made a direct connection from 816 00:44:11,400 --> 00:44:14,820 an IP address in North Korea to a server in Europe 817 00:44:14,820 --> 00:44:18,000 used to control systems infected by the group. 818 00:44:18,000 --> 00:44:20,820 Kaspersky said that was the first time they've seen 819 00:44:20,820 --> 00:44:24,630 a direct connection between Lazarus and North Korea. 820 00:44:24,630 --> 00:44:26,820 And while it's possible the Bangladesh hackers 821 00:44:26,820 --> 00:44:29,580 were trying to frame Pyongyang, 822 00:44:29,580 --> 00:44:33,240 North Korean involvement was the likely explanation. 823 00:44:33,240 --> 00:44:35,640 The FBI declined to comment for this program, 824 00:44:35,640 --> 00:44:38,790 but a US official briefed on its investigation 825 00:44:38,790 --> 00:44:41,250 has told Reuters the FBI believes 826 00:44:41,250 --> 00:44:43,743 that North Korea was responsible. 827 00:44:46,380 --> 00:44:48,930 And in 2017, the then deputy director 828 00:44:48,930 --> 00:44:52,380 of the National Security Agency said private sector research 829 00:44:52,380 --> 00:44:55,650 linking North Korea to the heist was strong. 830 00:44:55,650 --> 00:44:58,050 With that linkage from Sony actors 831 00:44:58,050 --> 00:45:02,160 to the Bangladeshi Bank actors is accurate. 832 00:45:02,160 --> 00:45:04,890 That means a nation state is robbing banks. 833 00:45:04,890 --> 00:45:07,593 That's a big deal in my view. That's different. 834 00:45:09,030 --> 00:45:10,710 And do you believe 835 00:45:10,710 --> 00:45:14,640 that there are nation states now robbing banks? 836 00:45:14,640 --> 00:45:15,930 Is that your assessment? 837 00:45:15,930 --> 00:45:16,763 I do. 838 00:45:20,430 --> 00:45:23,130 Allegations of hacking, whether from security firms 839 00:45:23,130 --> 00:45:25,050 or officials in the United States 840 00:45:25,050 --> 00:45:27,240 and South Korea are all denied 841 00:45:27,240 --> 00:45:29,220 by the North Korean government. 842 00:45:29,220 --> 00:45:31,980 But no matter who is behind the Bangladesh Bank job, 843 00:45:31,980 --> 00:45:34,590 North Korea or an unknown crime syndicate, 844 00:45:34,590 --> 00:45:37,140 could there be another cyber heist? 845 00:45:37,140 --> 00:45:40,200 Well, there have already been more attempts. 846 00:45:40,200 --> 00:45:44,100 In 2017 Taiwan's Far Eastern International Bank 847 00:45:44,100 --> 00:45:46,560 was attacked by hackers trying to steal millions 848 00:45:46,560 --> 00:45:49,320 of dollars using the SWIFT payment system. 849 00:45:49,320 --> 00:45:50,880 The banks declined to comment. 850 00:45:50,880 --> 00:45:53,310 Russia's Central Bank has said hackers took control 851 00:45:53,310 --> 00:45:57,090 of computers at an unnamed Russian bank in 2017 852 00:45:57,090 --> 00:46:00,690 and used the SWIFT system to steal $6 million. 853 00:46:00,690 --> 00:46:03,420 And in February, 2018, hackers tried 854 00:46:03,420 --> 00:46:07,800 to steal nearly $2 million from India's City Union Bank. 855 00:46:07,800 --> 00:46:09,420 The bank said there were similarities 856 00:46:09,420 --> 00:46:10,950 with the Bangladesh case. 857 00:46:10,950 --> 00:46:13,650 SWIFT won't comment on individual cases, 858 00:46:13,650 --> 00:46:16,680 but the head of its customer security program has confirmed 859 00:46:16,680 --> 00:46:19,200 that there have been more attacks. 860 00:46:19,200 --> 00:46:22,230 I spoke to the security executive at SWIFT 861 00:46:22,230 --> 00:46:24,660 and he told me that these attacks, 862 00:46:24,660 --> 00:46:26,280 the attempts keep happening. 863 00:46:26,280 --> 00:46:29,760 He wouldn't say how often or how successful they were, 864 00:46:29,760 --> 00:46:32,250 but he said that these attackers are relentless 865 00:46:32,250 --> 00:46:34,590 and one of the reasons that they're relentless 866 00:46:34,590 --> 00:46:36,715 and they haven't stopped is because, 867 00:46:36,715 --> 00:46:39,690 I'm pretty sure it must still be working. 868 00:46:39,690 --> 00:46:40,740 If they weren't making money, 869 00:46:40,740 --> 00:46:42,600 they would move on to something else. 870 00:46:42,600 --> 00:46:45,660 James Lewis is a cybersecurity expert who's advised 871 00:46:45,660 --> 00:46:50,310 the UN and American government on information security. 872 00:46:50,310 --> 00:46:53,160 I think the issue is the people who connect to SWIFT, 873 00:46:53,160 --> 00:46:56,250 and this is a larger pattern we've seen in cybersecurity 874 00:46:56,250 --> 00:47:00,720 as the primary target becomes harder, 875 00:47:00,720 --> 00:47:02,970 takes measures to defend itself, 876 00:47:02,970 --> 00:47:04,980 the attackers move upstream. 877 00:47:04,980 --> 00:47:07,087 In a statement, SWIFT told us, 878 00:47:07,087 --> 00:47:09,870 "Attacks will continue to focus on the entry points 879 00:47:09,870 --> 00:47:12,900 to payment systems at financial institutions, 880 00:47:12,900 --> 00:47:16,230 which is why SWIFT is dedicating significant efforts 881 00:47:16,230 --> 00:47:19,710 and resources to our Customer Security Program. 882 00:47:19,710 --> 00:47:21,270 This is an ongoing challenge 883 00:47:21,270 --> 00:47:23,550 and it is important that both SWIFT 884 00:47:23,550 --> 00:47:27,120 and our customers adapt our approaches over time 885 00:47:27,120 --> 00:47:28,647 as the threat evolves." 886 00:47:33,750 --> 00:47:36,453 It's certainly improved a lot since Bangladesh Bank. 887 00:47:37,680 --> 00:47:40,890 They've accelerated some of the previous plans that they had 888 00:47:40,890 --> 00:47:43,050 to make security improvements. 889 00:47:43,050 --> 00:47:44,790 They're now rolling out a program 890 00:47:44,790 --> 00:47:47,074 of what's called "27 Controls" 891 00:47:47,074 --> 00:47:50,400 to make sure that all banks using SWIFT 892 00:47:50,400 --> 00:47:54,060 are actually following out good best practice security. 893 00:47:54,060 --> 00:47:57,030 SWIFT has to take the bull by the horns 894 00:47:57,030 --> 00:47:59,220 and raise a level of competence. 895 00:47:59,220 --> 00:48:01,050 Anybody using the SWIFT system 896 00:48:01,050 --> 00:48:04,050 has to be good enough and alert enough. 897 00:48:04,050 --> 00:48:07,080 So I'd say it's SWIFT's problem. 898 00:48:07,080 --> 00:48:08,940 I'm not saying it's SWIFT's responsibility. 899 00:48:08,940 --> 00:48:11,690 The user-end is still the responsibility 900 00:48:11,690 --> 00:48:14,640 of the financial institution, but SWIFT has to do more. 901 00:48:14,640 --> 00:48:18,300 I mean, personally it's SWIFT's problem 902 00:48:18,300 --> 00:48:22,822 and I think SWIFT is rising to the challenge. 903 00:48:30,810 --> 00:48:32,580 On the trail of the missing millions 904 00:48:32,580 --> 00:48:34,290 I've visited many places. 905 00:48:34,290 --> 00:48:36,660 From the heart of the global financial system 906 00:48:36,660 --> 00:48:37,920 to developing countries, 907 00:48:37,920 --> 00:48:41,313 all with different levels of technological sophistication. 908 00:48:43,530 --> 00:48:45,840 But their banks all share one thing, 909 00:48:45,840 --> 00:48:48,420 the messaging system SWIFT. 910 00:48:48,420 --> 00:48:50,424 And hackers have realized its users 911 00:48:50,424 --> 00:48:52,773 can make themselves vulnerable. 912 00:48:53,670 --> 00:48:56,040 Maybe Bangladesh is a victim, 913 00:48:56,040 --> 00:48:58,470 but it is at the cost of Bangladesh 914 00:48:58,470 --> 00:49:01,230 that the global payment system is improving. 915 00:49:01,230 --> 00:49:02,880 From the biggest central banks 916 00:49:02,880 --> 00:49:05,490 and from SWIFT, the largest global banks 917 00:49:05,490 --> 00:49:08,400 to the smaller banks, we're all part of the same problem. 918 00:49:08,400 --> 00:49:10,080 And trust in international 919 00:49:10,080 --> 00:49:12,360 financial institutions is vital. 920 00:49:12,360 --> 00:49:16,020 If you can't trust the Fed or the SWIFT system 921 00:49:16,020 --> 00:49:17,130 or the transfer system, 922 00:49:17,130 --> 00:49:19,200 then you don't even have a banking system. 923 00:49:19,200 --> 00:49:21,780 Because what happens when people don't trust 924 00:49:21,780 --> 00:49:25,110 financial institutions, they pull their money out of them. 925 00:49:25,110 --> 00:49:27,737 They don't hire people, 926 00:49:27,737 --> 00:49:31,470 they don't invest in businesses. They don't go forward. 927 00:49:31,470 --> 00:49:33,750 They all know this is a wake up call 928 00:49:33,750 --> 00:49:35,670 and they're not gonna get a second chance. 929 00:49:35,670 --> 00:49:37,890 But enforcing the highest standards 930 00:49:37,890 --> 00:49:40,680 internationally is a challenge. 931 00:49:40,680 --> 00:49:42,750 Where I think the vulnerability is, 932 00:49:42,750 --> 00:49:44,550 is that there isn't a global, 933 00:49:44,550 --> 00:49:49,410 a more global coordinated response to these threats. 934 00:49:49,410 --> 00:49:51,783 And the hackers have not gone away. 935 00:49:52,710 --> 00:49:55,320 It may not be the same exact same type of hack 936 00:49:55,320 --> 00:49:57,780 'cause they have cleaned up some of those vulnerabilities, 937 00:49:57,780 --> 00:50:00,900 but there's gonna be other places where they can get in 938 00:50:00,900 --> 00:50:03,210 and potentially steal large amounts of money. 939 00:50:03,210 --> 00:50:06,540 Defenders come up with a little better defense 940 00:50:06,540 --> 00:50:09,240 and the attackers figure out a way around it. 941 00:50:09,240 --> 00:50:13,290 So until the day comes when countries agree 942 00:50:13,290 --> 00:50:15,870 to prosecute cyber criminals, 943 00:50:15,870 --> 00:50:18,840 we'll just continue to see this kind of back and forth. 944 00:50:18,840 --> 00:50:19,833 This will continue. 945 00:50:20,820 --> 00:50:23,070 The Bangladesh heist was a wake up call 946 00:50:23,070 --> 00:50:25,770 for the international banking system. 947 00:50:25,770 --> 00:50:27,870 Changes have been made, 948 00:50:27,870 --> 00:50:31,560 but the threat from hackers is constantly evolving 949 00:50:31,560 --> 00:50:34,737 and many institutions regard cybersecurity 950 00:50:34,737 --> 00:50:38,174 as the biggest risk they face today. 72110