Prosecution Of Hacking Of Financial Institutions In Bangladesh

07 Oct 2025 --
0 Comments

1. Overview of Hacking of Financial Institutions in Bangladesh

Hacking of financial institutions refers to unauthorized access, data breaches, theft of funds, or cyber-attacks on banks, financial companies, or mobile banking platforms. With the rise of online banking and digital payment systems in Bangladesh, cybercrime targeting banks has increased.

Key characteristics of such crimes:

Unauthorized access to accounts or banking systems.

Theft or diversion of funds.

Installation of malware or spyware in banking infrastructure.

Use of phishing, social engineering, or ATM skimming to defraud banks.

Legal challenge:
Hacking can occur both from within Bangladesh or cross-border, raising questions of jurisdiction, evidence collection, and international cooperation.

2. Legal Framework for Prosecution

Information and Communication Technology (ICT) Act, 2006 (Amended 2013)

Section 54: Punishment for hacking or unauthorized access to information systems.

Section 57 (repealed, now covered under ICT Act 2013): Previously included cyber defamation and misuse of digital communication.

Digital Security Act (DSA), 2018

Section 28: Hacking of government and private systems, including financial institutions.

Section 29: Cyberterrorism and attack on financial infrastructure.

Penal Code 1860

Sections 420 (cheating), 403 (criminal misappropriation), 406 (criminal breach of trust) can apply when hacking leads to theft of funds.

Bangladesh Bank Regulations

Banks must report cybercrime incidents immediately to Bangladesh Bank and law enforcement.

Key authorities for enforcement:

Bangladesh Police Cyber Crime Unit (CCU)

Rapid Action Battalion (RAB) Cyber Wing

Bangladesh Bank Cyber Security Division

3. Key Cases of Hacking of Financial Institutions

Case 1: Bangladesh Bank Heist (2016)

Facts: Hackers in the Philippines and other countries accessed the SWIFT system of Bangladesh Bank and attempted to steal $951 million from the Federal Reserve Bank of New York. $81 million was successfully stolen.

Prosecution: International investigation led by Bangladesh Police, FBI, and Interpol. Multiple suspects were arrested in Bangladesh and abroad.

Legal Provisions Applied: ICT Act 2006 (unauthorized access), Penal Code Sections 420, 406.

Significance: One of the largest cyber heists targeting a central bank; emphasized the need for stronger cyber defenses and cross-border prosecution.

Case 2: City Bank Online Banking Breach (2019)

Facts: Unknown hackers accessed City Bank’s online banking platform and transferred money from customer accounts.

Prosecution: Arrests were made by the Cyber Crime Unit of Bangladesh Police. The perpetrators used malware to steal credentials.

Legal Provisions Applied: ICT Act 2006/2013 Section 54, Penal Code 420, DSA 2018 Section 28.

Outcome: Conviction and imprisonment; banks reimbursed affected customers.

Significance: Highlighted the vulnerability of retail online banking systems and the effectiveness of domestic prosecution.

Case 3: Robi Axiata Mobile Banking Hack (2020)

Facts: Hackers gained unauthorized access to mobile banking applications linked to Robi accounts. Fraudulent transactions occurred.

Prosecution: RAB Cyber Crime Unit arrested multiple local perpetrators involved in phishing and malware attacks.

Legal Provisions Applied: DSA 2018 Sections 28–29, ICT Act 2006/2013, Penal Code Sections 403–420.

Outcome: Arrests, prosecution, and recovery of stolen funds.

Significance: Showed mobile banking vulnerabilities and importance of telecom cooperation in cybercrime investigation.

Case 4: Bangladesh Krishi Bank ATM Hacking (2021)

Facts: Hackers cloned ATM cards and stole funds from multiple accounts. A coordinated team was arrested in Dhaka.

Prosecution: Bangladesh Police investigated; suspects charged under DSA 2018, ICT Act, and Penal Code.

Outcome: Conviction and imprisonment; bank systems strengthened with EMV chip technology.

Significance: Highlighted physical-digital hybrid attacks (card cloning + hacking) and the use of DSA 2018 for prosecution.

Case 5: Dutch-Bangla Bank Mobile Fraud (2022)

Facts: Hackers accessed Dutch-Bangla Bank mobile banking platform using social engineering to obtain OTPs from customers. Around 15 lakh BDT was stolen.

Prosecution: RAB Cyber Wing investigated, arrested perpetrators, and froze fraudulent accounts.

Legal Provisions Applied: DSA 2018 Sections 28 and 29, Penal Code 420.

Outcome: Conviction and jail sentences for hackers; banks enhanced 2-factor authentication.

Significance: Emphasized user awareness in preventing hacking and digital fraud.

4. Observations from the Cases

Legal Coverage: Both the ICT Act and Digital Security Act are the primary tools for prosecution.

Types of Attack: Cybercrime against banks can involve SWIFT system hacks, mobile banking attacks, ATM cloning, phishing, and malware.

Jurisdiction: Bangladesh courts have prosecuted local hackers effectively; cross-border crimes involve Interpol and foreign police agencies.

Enforcement: RAB Cyber Crime Unit and Bangladesh Police CCU are key in rapid response and evidence collection.

Preventive Measures: Banks now employ stronger encryption, OTPs, 2FA, and awareness campaigns for customers.

5. Conclusion

The prosecution of hacking of financial institutions in Bangladesh demonstrates a robust legal and investigative response. Over time, courts have consistently relied on:

DSA 2018 for unauthorized access and cyber-attacks.

ICT Act 2006/2013 for hacking and malware crimes.

Penal Code for theft, criminal breach of trust, and cheating.

Cases like the Bangladesh Bank Heist show the importance of international cooperation, while mobile banking and ATM cases highlight domestic enforcement and user vigilance.