DHAKA (Reuters) - Bangladesh’s central bank has ended a contract with U.S. cyber security firm FireEye to investigate February’s online theft of $81 million, turning down a proposal to extend the agreement, a senior official said on Monday.
More than four months after hackers broke into the computer systems of Bangladesh Bank and transferred money from its account at the Federal Reserve Bank of New York, investigators in Bangladesh and the United States are still trying to identify them.
FireEye’s Mandiant division had asked for 570 hours of additional work to complete its investigation into the biggest cyber heist in history, sources at the bank had said earlier.
Last week, the board of Bangladesh Bank met and ratified an earlier decision not to extend Mandiant’s contract, Jamaluddin Ahmed, a director of the central bank, told Reuters on Monday.
“It was a unanimous decision,” he said, adding the central bank had decided to take steps on its own to improve the security of its computer systems.
Sources at the bank told Reuters last week that Mandiant’s high price-tag was one of the factors to end the contract with the U.S. security firm.
The sources said Mandiant had been paid about $280,000 for about 700 hours of work.
A spokesman for Mandiant said it had provided Bangladesh Bank and the global financial community extensive data on the attack.
“(We) will continue to support law enforcement and the industry past the close of our engagement,” the spokesman said, adding that the company’s pricing and duration of investigation was unique in each case.
The Bangladesh bank sources said the bank may still engage external experts to advise it on cyber security after drawing up new terms of reference. There was no decision on that at Thursday’s meeting, Ahmed said.
Reporting by Serajul Quadir, additional reporting by Jeremy Wagstaff in SINGAPORE; Editing by Sanjeev Miglani and Raju Gopalakrishnan