New information concerning Dutch Bangla Bank’s automated teller machines (ATMs) theft emerged as investigators discovered that it was nine ATMs of the bank, instead of two, that had fallen prey to an international hacker group.
In light of the new discovery, the Criminal Investigation Department (CID) of police filed a money laundering case with Badda Police Station.
Earlier, a case was filed by the bank authorities under the digital security act for the cybercrime.
Although the bank had reported thefts in two of their ATM booths, investigators later found that around Tk 16 lakh was stolen from a total of nine of the bank’s ATMs in different areas of the capital.
Investigators suspect that the hackers might have stolen money from ATMs of other private banks as well.
Abul Kashem Md Shirin, managing director of DBBL, could not be reached for comments over phone despite several attempts till the filing of this report at 11:40pm.
Meanwhile, after scrutinising CCTV footages, the investigators now suspect that around 12 to 15 Ukrainians -- who are believed to be members of an international hacker group -- were involved with the heist.
Molla Nazrul Islam, special superintendent of CID’s organised crime unit, said the criminals were members of a North Korean hacker group named “Hidden Cobra”.
He said they had links to the “Lazarus Group”, the infamous gang involved in the 2016 Bangladesh Bank heist.
Nazrul added that they had warned bank authorities recently after getting a tip-off from an international intelligence agency about such a hacker group.
The CID official said three types of crimes happened during the ATM theft: cyber-attack, money heist and money laundering.
According to investigators, the gang chose the Eid period for their heist as bank transactions reach a maximum during this period. After the theft, the gang was supposed to go to India on June 6.
Detective Branch (DB), Cybercrime unit of Counter Terrorism and Transnational Crime (CTTC) and CID of police are now jointly investigating the incident.
DB sources said the hacked ATMs of Dutch Bangla Bank include two in Khilgaon, one in Kakrail, one in Radisson Hotel, one in DIT road in Rampura and two in Nikunja areas.
The investigators are also looking into the involvement of local criminals in this connection.
The investigators have also sought information from the special branch of police on all Ukrainian nationals who had arrived in and left Bangladesh between May 15 and May 30.
Earlier, cloned cards were used to steal money from ATMs, but the suspects used a new method this time which law enforcers had not seen before, said police.
In the new method, a card was inserted in the ATM and the machine’s connection with the bank’s server got severed, after which the suspects just took money out. The method also left no record of the transaction in the bank’s server.
DB sources, quoting an IT expert, said although such kind of heist was new to Bangladesh, it has been seen in other countries where criminals used Tyupkin, a strain of malware, to empty ATMs.
Tyupkin malware was first discovered in 2014.
For it to work, one needed to gain physical access to an ATM and infect it with the Tyupkin malware. Once the machine was infected, it disabled all network connections and even if the administrators detected any suspicious activity, it could not be interrupted.
Police said forensic experts were now working on the latest thefts.
The cybercriminals came to attention after police arrested six Ukrainian nationals on June 2. They were all placed on three-day remands on June 3.
One of their alleged cohorts is still on the run and immigration police at airports have been alerted about the matter, police said.
According to investigators, the seven suspects landed in Dhaka together on May 30 and stole money from an ATM booth in middle Badda the very next day.
In the latest case, it was mentioned that Tk 4.5 lakh was stolen from the Badda ATM booth on May 31.
On June 1, they stole money from the other booths. During the series of thefts, one of the hackers was detained while he was trying to steal money from the bank’s ATM in Taltola of Khilgaon.
During the attempted theft, two of the foreigners went to the booth wearing masks and caps. The security guard became suspicious and called locals for help, who were able to catch one of them and hand him over to police.
Police raided a hotel in Panthapath based on information provided by the detainee and arrested the six alleged hackers. One member of the gang is still on the run, said the official.
Dutch Bangla Bank Ltd authorities filed a case against the seven Ukrainians and other unnamed people with Khilgaon Police Station under the digital security act on June 2.
Shahidur Rahman Ripon, additional deputy commissioner of Dhaka Metropolitan Police’s detective branch (East), said they were yet to interrogate the arrestees as they were now analysing their profiles.
“Hopefully, we will start interrogating them from tomorrow,” he said.