How North Korea robbed a Bangladesh Bank of $81 million dollars
Have you heard of the 1 billion dollars Bangladesh Bank Cyber Heist? The security hackers called Lazarus never got caught to this day.
How they did it
First, they sent a phishing email to one of the employers at the bank a few months back, this allowed the group to observe how transfers are done and gained access to the bank’s credentials for SWIFT global payment network. Rather than targeting individual credentials, they were now able to transfer funds as if they were a legitimate bank employee.
On February 4, 35 phoney transfers totalling 951 million dollars to the federal reserve bank of New York as Bangladesh has an account there for international settlements. The group then requested the New York bank to transfer the money to multiple accounts across Asia. Although 30 of the transfers were flagged and stopped by the reserve, 4 of the transfers totalling 81 million were processed. Which is still a significant amount of money.
A perfectly timed attack
During the attack, Lazarus took advantage of the different time zones between three countries; New York, Bangladesh and the Philippines.
How? First Lazarus attacked Bangladesh Bank on a Friday as they knew that bank would not be open.
When the Bank reopened on Sunday, the employees realized that the automated printer which was meant to print out real-time transfer confirmations 24/7 had not been working for two days. Lazarus had intentionally crashed the printer to buy themselves time. When the printer was finally working again, Bangladesh Bank tried to stop the transfers by contacting the reserve but at that time, it was a weekend in New York, so no one was there.
So, 4 of the successful transfers were sent to the 4 dormant accounts at the same branch at RCBC Bank in Manila, Philippines. Bangladesh Bank tried to stop this but the timing was not on their side again as that day was Chinese New Year in the Philippines, a non-working holiday. By the time RCBC Bank reopened the next day, the money had already been withdrawn and laundered through casinos into untraceable hard cash.
Eventually, 2 Chinese men were identified for setting up two of the accounts in RCBC Bank but before the authorities in the Philippines could apprehend them, they had already fled to Macau.
The 81 million dollars would never be seen again. This makes it the single biggest bank heist in history.
Why is North Korea a prime suspect?
When security experts inspected the malware code, they discovered something unexpected. An IP address connected to North Korea. There was also Korean language embedded in the computer code. They were also able to connect the group Lazarus who was responsible for a series of similar global heists.
So the biggest question is, was North Korea framed or did they really do it? It certainly reflected in their global GPD of that year, Macau was a known financial contact point for North Korea and cybersecurity experts say that they are almost certain that it was North Korea.
Of course, North Korea has denied the allegations but what do you think?
