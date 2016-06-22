(Adds comment from FireEye spokesman)
DHAKA, June 22 Bangladesh's central bank is
unlikely to extend the contract of U.S. cyber security firm
FireEye to investigate the electronic theft of $81
million of its money, sources at the bank said on Wednesday,
citing high costs as one of the factors.
The move comes as law enforcement in Bangladesh and the
United States have reported little progress in identifying the
criminals more than four months after one of the biggest cyber
heists to date.
FireEye's Mandiant forensics division was hired by
Bangladesh Bank weeks after the cyber heist in early February.
It said in an interim report that hackers took control of the
bank's network, stole credentials for sending messages on the
SWIFT transactions system and used "sophisticated" malicious
software to attack the computers the bank uses to process and
authorize transactions.
Mandiant has said it needs 570 hours of more work to
complete its investigations, a director on the board of
Bangladesh Bank told Reuters. The bank has already paid about
$280,000 to the company at an hourly rate of $400, he and other
officials said on condition of anonymity.
Another official familiar with the computer security systems
at the bank said it did not want to extend Mandiant's contract
because board members were not sure what tangible results could
come from further investigation.
FireEye said in a statement that it would seek to help with
the investigation even after completing its assignment for
Bangladesh Bank.
"We have uncovered and provided Bangladesh Bank and the
global financial community extensive data about this
unprecedented financial attack and how to prepare for the
future, and will continue to support law enforcement and the
industry past the close of our engagement," the statement said.
The bank director said Bangladesh Bank planned to seek
external help in the investigation, but only after drawing up
new terms of reference on the basis of its own internal
investigation, a police inquiry and a government-appointed
probe.
Cost was a factor in the Mandiant decision, the director
said.
"Its charges are so high," the director said, adding a
formal meeting of the board on Thursday was scheduled to
formally end the contract.
FireEye said that the $400 per hour figure cited by the
Bangladesh Bank officials was not a standard rate for its
services.
"The pricing and duration of our investigative work is
unique to every incident," the statement said.
A third bank official said the initial purpose of hiring
Mandiant had been achieved: identifying and addressing lapses in
the bank's computer security.
At Thursday's board meeting, terms for a possible new
contract for an external investigator will be finalised, the
bank director said. It wasn't clear if FireEye would be invited
to bid.
