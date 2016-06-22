DHAKA, June 22 Bangladesh's central bank is
unlikely to extend the contract of U.S. cyber security firm
FireEye to investigate the electronic theft of $81
million of its money, sources at the bank said on Wednesday,
citing high costs as one of the factors.
The move comes as a nearly four-month broader investigation
into one of the world's biggest cyber heists makes slow
progress.
FireEye's Mandiant forensics division was hired by
Bangladesh Bank weeks after the cyber heist in early February.
It said in an interim report that hackers took control of the
bank's network, stole credentials for sending messages on the
SWIFT transactions system and used "sophisticated" malicious
software to attack the computers the bank uses to process and
authorize transactions.
Mandiant has said it needs 570 hours of more work to
complete its investigations, a director on the board of
Bangladesh Bank told Reuters. The bank has already paid about
$280,000 to the company at an hourly rate of $400, he and other
officials said.
All of them spoke on condition of anonymity.
Another official familiar with the computer security systems
at the bank said it did not want to extend Mandiant's contract
because board members were not sure what tangible results could
come from further investigation.
However, the bank director said Bangladesh Bank still
planned to seek external help in the investigation, but only
after drawing up new terms of reference on the basis of its own
internal investigation, a police inquiry and a
government-appointed separate probe.
Cost was a factor in the Mandiant decision, the director
said.
"Its charges are so highthe board has discussed it and
decided not to extend," the director said, adding a formal
meeting of the board on Thursday was scheduled to formally
approve ending the contract with Mandiant.
A FireEye spokesman in Singapore declined comment.
The U.S. firm has already done around 700 hours of work
trying to find out how the hackers got into Bangladesh Bank's
SWIFT payment system and issued instructions to the New York Fed
to transfer money to accounts in the Philippines and Sri Lanka.
A third bank official said the initial purpose of hiring
Mandiant had been achieved as some lapses in the bank's computer
security were identified and addressed.
"We had engaged them for a certain task. That has been
completed. We don't plan to engage them anymore," the official
said.
At Thursday's board meeting, new terms for any possible new
contract for an external investigator will be finalised, the
bank director said. It wasn't clear if FireEye would be invited
to bid under the new terms.
The cyber heist is also being investigated by the U.S.
Federal Bureau of Investigation and the Bangladesh police.
There is no word on who is responsible.
(Additional reporting by Ruma Paul; Editing by Raju
Gopalakrishnan)