NEW DELHI -- Atiur Rahman, Bangladesh's central bank governor who resigned in disgrace on Tuesday, reputedly never took a holiday and once dreamed of completely digitizing his country's banking system.
Rahman stepped down after failing to reveal that $81 million had been electronically siphoned to a bank in the Philippines in early February from Bangladesh Bank funds deposited at the Federal Reserve Bank of New York.
The government has sacked Rahman's two deputies, Mohammad Abul Quasem and Nazneen Sultana, and appointed Fazle Kabir, a former finance secretary, as his replacement.
Rahman, who tirelessly promoted e-banking and e-commerce to realize his Digital Bangladesh vision, was once widely praised for his initiatives. Those plaudits are all history. Finance Minister A.M.A. Muhith is "very unhappy" with the way the theft episode was handled by the central bank -- he was not informed of the crime for a month -- and has promised action against those responsible for the concealment.
The cyber heist was first reported in late February by a Philippine newspaper, and went global last week. Between Feb. 4 and 6, hackers evidently attempted to steal $951 million from a Bangladesh Bank account in New York, and channel the funds to accounts in the Philippines and Sri Lanka.
The U.S. bank halted a transfer of $850 million when the criminal activity was flagged. A receiving bank in Sri Lanka also rejected a $20-million transfer because the beneficiary's name was misspelled.
The remaining $81 million was transferred to four accounts at a Rizal Commercial Banking Corporation branch in the Philippines, and quickly transferred onward to a fraudulent account at the same branch. Funds were then converted to pesos for laundering in Philippine casinos.
Bangladesh Bank initially blamed the crime on foreign parties, but inside involvement is also a possibility. Both the Federal Reserve Bank of New York and the SWIFT financial messaging company have stated robustly that their systems were not compromised, and that the transfers were carried out using standard authentication protocols
Malware may have been used, according to Sanchit Gogia, chief executive at Greyhound Research, an information technology and telecom consultancy in New Delhi. He said the breach could have occurred at device or network level.
"It's a classic cyber security threat case," said Gogia, noting that the bank in New York, the communication networks involved, and devices at Bangladesh Bank must all be reviewed. "Security could have been breached at any of these levels," he said.
Uttam Kumar Paul, secretary general of Bangladesh Association of Software & Information Services, said a security breach must have been involved for the hacking to occur, but declined to speculate if it was inside Bangladesh Bank.
"Investigation is in process, with both national and international experts involved," said Paul.
The government has formed an ad hoc investigation committee as Bangladesh's criminal investigators set about probing one of the biggest bank robberies in history.
Zaid Bakht, chairman of state-owned Agrani Bank, believes the stolen money can be recovered providing Philippine authorities cooperate with Bangladesh. "The money can be traced if Manila is sincere," he said.
Mohammad Helal Uddin, a former vice president of the Federation of Bangladesh Chambers of Commerce and Industry (FBCCI), described the incident as "a wakeup call" for cyber security in business and finance.
When Rahman was appointed governor in 2009, Bangladesh's foreign reserves stood at $6.5 billion. They had reached $28 billion by the time he bowed out in disgrace.
"I'll not take all the credit for it, but it happened during my tenure," Rahman told the Nikkei last year.
Adnan Akib, a student at the United International University in Dhaka, credited Rahman with taking "a rare step" by resigning in corruption-plagued Bangladesh.
With reporting from Nikkei staff writers Mikhail Flores and Cliff Venzon in Manila, Yuji Kuronuma in New Delhi, and contributing writer Syed Tashfin Chowdhury in Dhaka.