Bank forgoes a firewall, has $80 million stolen by hackers

By Chris Scott Barr/Updated: April 22, 2016 4:25 pm EST

We've heard plenty about banks and other institutions losing money to ransomware, which essentially holds a company's data hostage, in exchange for money. These kinds of attacks can be hard to combat and protect against, given the number of people using computers inside of a company. But one bank has learned the hard way that you need to at least take the most basic precautions.

You may have heard about about the central bank of Bangladesh earlier this year. Thanks to a typo made by hackers, an attempt to steal more than $1 billion was foiled. However, the group still managed to get away with $80 million before they were caught. So how did they manage to get in and swipe all of that money? As it turns out, it really wasn't that hard.

You're probably familiar with the term 'firewall.' You've got one on your computer, which can help stop malicious files from doing nasty things. However, there is another type of firewall that sits between an internet connection and the computers running on a private network. This helps keep out nefarious traffic, such as a group of hackers that wants to steal all of your money. They're commonplace in most businesses, for obvious reasons.

As it turns out, the bank in our story didn't have a firewall. Now still might not strike you as absurd. So let me put it this way: Not having a firewall is roughly the same as choosing to not install locks on the bank doors. The idea that there is probably a lock will keep intruders away. But once someone does try to test the door, they'll have access to absolutely everything until someone comes along and catches them.

Instead of up-to-date networking hardware, the bank was found to be using $10 second-hand switches to keep everything connected. As someone who's worked in the IT industry for more than a decade, this is the sort of thing you'll hear about a mom-and-pop operation. Not something you should ever see in a bank that handles billions of dollars.

Due to the fact that there were quite literally no real security measures, investigators are having an understandably hard time tracking down those responsible for the virtual break-in.

Source: Reuters