Bangladesh central bank ends FireEye cyber heist contract

Bangladesh's central bank has ended a contract with US cyber security firm FireEye to investigate February's online theft of US$81 million (A$110 million), turning down a proposal to extend the agreement.

More than four months after hackers broke into the systems of Bangladesh Bank and transferred money from its account at the Federal Reserve Bank of New York, investigators in Bangladesh and the United States are still trying to identify them.

FireEye's Mandiant division had asked for 570 hours of additional work to complete its investigation into the biggest cyber heist in history, sources at the bank had said. 

Last week, the board of Bangladesh Bank met and ratified an earlier decision not to extend Mandiant's contract, according to Jamaluddin Ahmed, a director of the central bank.

"It was a unanimous decision," he said, adding the central bank had decided to take steps on its own to improve the security of its computer systems.

Sources at the bank said Mandiant's high pricetag was one of the factors to end the contract with the US security firm.

The sources said Mandiant had been paid about US$280,000 for about 700 hours of work.

A spokesman for Mandiant said it had provided Bangladesh Bank and the global financial community extensive data on the attack.

"[We] will continue to support law enforcement and the industry past the close of our engagement," the spokesman said, adding that the company's pricing and duration of investigation was unique in each case.

The Bangladesh bank sources said the bank may still engage external experts to advise it on cyber security after drawing up new terms of reference. There was no decision on that at Thursday's meeting, Ahmed said.