Bangladesh C. Bank Ends FireEye Contract After Cyberheist

Bangladesh’s central bank has ended a contract with U.S. cybersecurity firm FireEye to investigate February’s online theft of $81 million, turning down a proposal to extend the agreement, a senior official said on Monday.

More than four months after hackers broke into the computer systems of Bangladesh Bank and transferred money from its account at the Federal Reserve Bank of New York, investigators in Bangladesh and the United States are still trying to identify them.

FireEye’s Mandiant division had asked for 570 hours of additional work to complete its investigation into the biggest cyberheist in history, sources at the bank had said earlier.

Last week, the board of Bangladesh Bank met and ratified an earlier decision not to extend Mandiant’s contract, Jamaluddin Ahmed, a director of the central bank, told Reuters on Monday.

“It was a unanimous decision,” he said, adding that the central bank had decided to take steps on its own to improve the security of its computer systems.

Sources at the bank told Reuters last week that Mandiant’s high price tag was one of the factors inducing them to end the contract with the U.S. security firm. The sources said Mandiant had been paid about $280,000 for about 700 hours of work.

A spokesman for Mandiant said it had provided Bangladesh Bank and the global financial community extensive data on the attack.

“[We] will continue to support law enforcement and the industry past the close of our engagement,” the spokesman said, adding that the company’s pricing and duration of investigation was unique in each case.

The Bangladesh Bank sources said the bank may still engage external experts to advise it on cybersecurity after drawing up new terms of reference. There was no decision on that at Thursday’s meeting, Ahmed said.