Bank or big money heists make for great action movies, but it’s more scary than entertaining when real hackers raid a central bank and actually make off with a fortune.

“Billion Dollar Heist,” a documentary feature that premiered this week, tells the story of one of the world’s biggest cyber heists: the 2016 raid on the central bank of Bangladesh, a populous nation in the Indian subcontinent. The new film holds lessons about lasting cyber risks for businesses and the world’s financial system.

THE BANGLADESH BANK HEIST

The film tells the story of when a shadowy group of hackers, believed to have been associated with North Korea, tried to steal nearly a billion U.S. dollars from the Bangladesh Bank, and managed to transfer over US$80 million before being detected, almost by a fluke.

Investigations revealed that the hackers sent fraudulent instructions via the SWIFT network – an international messaging and financial transactions system – to Bangladesh Bank’s account at the Federal Reserve Bank of New York.

Initial orders involving tens of millions of dollars went through, but the bulk of the theft was only held up because of a coincidence. An account involved in the heist was flagged because it shared a name with another unrelated account blacklisted in the U.S. due to sanctions against Iran. New York Fed officials then took a closer look at the unusually large transfer instructions and alerted officials at Bangladesh’s central bank.

Eventually, Bangladeshi authorities recovered about a fifth of the stolen money, and the central bank’s governor resigned. According to media reports, only a Filipino bank official was charged in connection with the crime. 

CYBER THREATS

The daring theft exposed weaknesses in the SWIFT system used by entities worldwide to move money electronically.

Matthew Metcalfe, the New Zealand-based producer of “Billion Dollar Heist,” says he was incredulous when he first heard of the story. He consulted with cybersecurity expert and author Misha Glenny who said it was potentially only the tip of the cybercrime iceberg.

The documentary, directed by Daniel Gordon, uses stylized animated graphic illustrations to reconstruct the cyber heist and features interviews with several cybersecurity experts including Glenny, Symantec’s Eric Chien and EY’s Keith Mularski.

A regional bank in India and Russia’s central bank have also reported cyber heists similar to the Bangladesh Bank theft, although on a smaller scale.

Big Canadian companies Suncor, Indigo and Sobeys have also had their operations hit by cyber attacks over the past year, highlighting the potential losses businesses can take from cyber crimes. 

In an increasingly connected world where a growing number of data and transactions are online, the documentary drives home the message of taking cyber security seriously.

“Two factor authentication!” says producer Metcalfe. “I was talking to someone for background on this, and they said that if Sony Pictures had two factor authentication, it would never have been (…) famously hacked in 2014. This person said when people have two factor authentication, even the FBI can't get in.”

Catch an interview with Eric Chien, fellow of Symantec’s security technology and response division, about the case featured in the film and essential cyber security precautions on BNN Bloomberg’s The Close at 4.50 p.m. ET on Thursday.