The North Korean hackers nearly pulled off a $1 billion heist at Bangladesh bank , On February 5, 2016, at around 8:30 p.m., a printer on the tenth floor of the Bangladesh Bank began malfunctioning. When they found the problem at 8:45 p.m., the staff thought it was another IT snafu. Glitches had occurred previously, and the staff didn’t pay them much attention. When the printer was restarted, though, it began spitting out messages from the Federal Reserve Bank in New York, where Bangladesh maintains a US-dollar account, stating that the Fed has been instructed to drain the entire account – roughly $966 million dollars (close to half a billion dollars).
The North Korean hackers nearly pulled off a $1 billion heist at Bangladesh bank
The first indication of a penetrated system that hackers attempted to rob the Bangladesh Bank of one billion dollars led them to success with 81 million dollars instead. The now-infamous heist is referred to as “The Lazarus Heist” and marks the most ambitious cyber-attack in history. Two years later, the FBI linked North Korean hackers (“The Lazarus Group”) to the crime. Geoff White and Jean H Lee from BBC dive into this story surrounding both the investigation and robbery itself in their recent report .
According to the BBC story, the Bangladesh Bank heist was a project that took years of planning and meticulous preparation by a team of hackers trained under North Korea’s direct supervision and intermediaries throughout Asia.
The Lazarus Group had been present in Bangladesh Bank’s computer systems for an entire year before the heist occurred. In January 2015, numerous workers at Bangladesh Bank received a job application from Rasel Ahlam. The email accompanying the application invited employees to download a CV and cover letter from a website. However, Rasel was merely an identity created by the Lazarus Group meant to deceive people.
An employee inside the bank fell for the scam, downloaded the papers, and spread the virus contained in the email throughout the system. This permitted hackers to break into the bank’s computers, where they began working their way through the vaults with a substantial amount of cash on deposit.
A few months after hackers accessed Bangladesh Bank’s systems, four accomplice accounts were set up in a branch of RCRC- one of the Philippines largest banks. This bank was situated next to an eco-hotel and dental surgery on Jupiter Street; a busy thoroughfare in Manila.
There were several warning signs: the licenses used to establish the accounts were fakes, and the applicants all stated that they had the same job title and pay, despite working for different firms; nevertheless, these went unnoticed. The accounts were dormant for months while hackers completed other parts of the plan since their initial $500 deposit was untouched.
After a phishing email arrived at the bank, the hackers waited for a year to line up their escape routes for the money. By waiting, they risked being discovered inside the bank’s systems.
The hackers began their assault on Thursday, February 4th, 2016. This gave the Fed plenty of time to carry out the tasks while Bangladesh went into its weekend. The bank’s Dhaka headquarters were shut down for two days, and when authorities discovered theft on Saturday, New York was in its own weekend. Consequently, this almost three day delay allowed for a greater window of opportunity for the hackers.
The hackers set up accounts in Manila, the Philippines’ capital, and emptied the Fed’s money into them. They planned their heist to take place over Lunar New Year- a five day national holiday in Asia- which falls on February 8th 2016. By doing this, they hoped to limit any suspicion that might arise from suspicious transactions during such a busy time.
Upon hacking Bangladesh Bank and opening pathways for the money, the next phase of the plan commenced. The only remaining obstacle was the printer on floor 10. With a paper backup system to document all transfers from its accounts, Bangladesh Bank would be able to detect any siphoned funds.
The hackers knew that if they left a record of their transactions, they would be caught immediately. So, they hacked into the software controlling it and took it out of action. With their traces hidden, the hackers began making their transactions at 08:36 PM on Thursday, February 4, 2016 amounting to $951 million- which was almost the entirety of Bangladesh Bank’s New York Fed account.
The officials at Bangladesh Bank struggled to figure out what had happened as the missing money was discovered over the weekend. The bank’s governor approached Rakesh Asthana and World Informatix, a cyber-security consultant based in the United States, for help.
As soon as he smelled something fishy, Asthana was on it. He discovered the criminals had got access to a crucial component of Bangladesh Bank’s infrastructure, known as Swift. It’s the global money transfer system that uses thousands of banks’ systems to handle transactions worth millions of dollars. The hackers didn’t need to exploit any flaws in this technology; according to Swift’s software, they appeared to be genuine bank workers.
Bangladesh Bank discovered that the transactions couldn’t be reversed when some money arrived in the Philippines, where officials informed them they would need a court order to begin the process of retrieving it. When Bangladesh Bank finally filed its case in late February, the information that had been kept private went public.
The hackers attempted to move USD 951 million from the RCBC bank branch in Manila to a Jupiter Street address. Hundreds of banks exist in Manila, and the hackers might have utilized any number of them; nevertheless, they picked this one – and it cost them hundreds of millions of dollars as a result.
The Fed’s automated computer systems were alarmed when they saw the word “Jupiter” in regards to payments. After a review, most of the payments were stopped; however, there were five transactions totaling 101 million dollars that went through. 20 million of those dollars transferred to a Sri Lankan charity known as Shalika Foundation- which had been set up by hackers’ accomplices as one way to funnel the stolen money.
The hackers’ plans were derailed by a tiny detail that came to light, which allowed the bank to reverse the transfer. The founder, Shalika Perera, said that she believed the money was a legitimate donation made to her “Shalika Foundation”. However, an eagle-eyed bank employee spotted a spelling mistake in the foundation’s name and became suspicious of the transaction. Nevertheless, USD 81 million still got through before Bangladesh Bank could take action. By this time, the hackers had already taken steps to ensure thatthe money would be beyond reach.
On Friday, February 5, the four accounts that were established in 2017 at the RCBC branch on Jupiter Street in Quezon City suddenly became active. Funds were transferred between accounts, sent to a currency exchange firm for conversion into local currency, and re-deposited at the bank. Some of it was withdrawn in cash.
The next stage of the burglars’ money-laundering operation was set in motion on the casino floor of Solaire, one of Asia’s most beautiful casinos which is also a main attraction for mainland Chinese gamblers. Out of the $81 million that went through RCBC bank, $50 million was deposited into accounts at Solaire and another casino called Midas.
The rest of the $31 million was given to Xu Weikang, a Chinese man who is suspected of leaving on a private plane and has not been seen since, as stated by a Philippines Senate Committee assembled to investigate. The casinos were used so that there would be more difficultly in following the money.
Authorities would have a difficult time tracing the stolen money if it were turned into casino chips, bet on tables, and then cashed out again. The team was also cautious in other aspects of the robbery; for example, instead of gambling in public areas of the casino, they rented private rooms so that they could more easily control how the money was spent.
The gamblers inside Manila’s casinos soon became regulars, coming back week after week to launder their money through Baccarat–a game that is popular in Asia and has a 90% return rate for experienced players. This makes it an ideal outlet for launderers, who often only recoup a fraction of what they put in.
Bangladeshi authorities played catch up as they scrambled to track the money’s whereabouts. Things became more complicated when they arrived in Manila and reached the casinos. At that time, Philippines gaming laws didn’t include any measures to obstruct money laundering in establishments like these. The people who had deposited the “laundered” money were completely legitimate gamblers with every right to spend it as they pleased at casino tables- making it nearly impossible for law enforcement officials to follow the paper trail back to its source.
Several ties to Macau, a Chinese enclave similar to Hong Kong that is known for gambling and home to some of the world’s most famous casinos, began to emerge following the laundering of money stolen from Bangladesh Bank through the Philippines. Several of the people behind Solaire gaming excursions were discovered in Macau.
Officials from the Bangladesh Bank were able to retrieve $16 million of the stolen funds from Kim Wong–one of the organizers of gambling trips at Midas casino. He was arrested but charges were dropped afterwards. The remaining $34 million, however, was quickly disappearing. According to investigators, its next destination would bring it closer to North Korea.
Since the crime in 2016, there have been numerous similar hacks. In May 2017, the WannaCry ransomware assault scrambled files and charged victims a ransom of several hundred dollars to restore them, which was paid using the virtual currency Bitcoin. The National Health Service in the United Kingdom was severely impacted; emergency rooms were affected, and crucial cancer appointments had to be postponed.
As detectives from the UK’s National Crime Agency began working with the FBI on the investigation, they discovered remarkable parallels between the viruses used to breach Bangladesh Bank. The FBI subsequently added this attack to Park Jin-hyok’s accusations and North Korea was now being accused of cryptocurrency usage which largely bypasses traditional banking systems.
Currently, Bangladesh Bank is working to regain the remaining stolen money; which is said to be around $65 million. The bank has pressed charges against many individuals and organizations- one being RCBC bank. Although RCBC denies any wrongdoing, Bangladesh Bank continues its crusade for what it rightfully deserves.
Know more:
- Nearly 9,000 Ukrainian troops killed so far, says Kyiv
- BNP created contexts of all the crises after Bangabandhu killing: Quader
- Steps taken to start HC hearing of Aug 21 grenade attack cases soon
- Recollection of uncertain moments of Sheikh Hasina’s rescue
- Govt. mulls further measures for essentials’ price control: PM