72: Bangladesh Bank Heist


I've heard a few stories of people robbing banks just to get a few hundred dollars. I heard this one story of a guy who walked into a bank. He acted like he had a gun under his jacket. He placed a note on the bank teller counter and the no quietly said, this is a robbery. Give me some money. To tell her straight enough handed over some cash and the guy ran out. He risked it all just for a few hundred or thousand dollars. And then there are people who rob banks with bigger goals like they want to score one hundred thousand dollars to do this you might have to hold up the whole bank, not just one Taylor which causes total panic. You need to jump behind the counter and empty all details and maybe bring a real gun this time it's intense and crazy. But for some people that still isn't enough they have even bigger bank robbery ambitions, they want to score a million dollars and that kind of bank robbery is not easy. You have to time it just right like just after someone makes a deposit or maybe you plan to knock over a few of those armored bank trucks all at once but some people have done it and it usually takes a lot more resources and skill to pull off a million dollar bank robbery. But still that's not good enough for everyone. This is a story about how big group of people with some very interesting ties tried to rob a bank for one billion dollars. These are true stories from the dark side of the Internet. I'm Jack reciter. This is dark net diaries. Support for this episode comes from privacy. Dot Com I love privacy dot com I've been using them for a while before they even became a sponsor. So I'm super excited to tell you about it. So here's how it works. You sign up on their site and you connect them to your bank account. With that you can make virtual cards like debit cards instantly and set limits on it if you want like for me, I, hate giving my banking details when I'm doing online shopping, there's privacy theft concerns. Just not for me. So what I do is go to privacy dot com create a new virtual for the exact amount that I'm going to be spending on this website, and then use this new card to make the purchase. Now, on that site, they never knew my real name or bank details or anything like that, and the best part is since a limit on that card, it can't be used anymore or maybe you have kids who want to use your debit card you go on the site creating new cut for them and. Give them like a twenty dollar, a spending limit. You never have to worry about them overspending again it's no problem and it's really easy to use. You've got to give this a try I really do like their service but check this out. If you go to privacy dot slash dark night you get five dollars to spend on your first purchase heck for that you can go buy some new stickers at the dark net dairy shop. This is for a limited time. Go Grab Your Free Money at privacy dot com slash dark net. This is a big story to help tell it. I brought in Jeff White. So Jeff Whites on an investigative journalist and I come technology for. Among. BBC. News. Channel Four News on my Kost. CYBERCRIME INVESTIGATIONS JEFF has had his head in this case for over a year trying to unravel stand and crack this case he knows more about this case than anyone else I could find. So let's get into it. A billion dollar bank robbery. That's the goal here. But that's like impossible. We're woo. Who would have a billion dollars lying around for someone to grab a billion is a lot of money your average consumer bank like your local chase or Wells Fargo Bank branch not going to have this much money anywhere probably not even in their bank headquarters your typical bank is out. So we have to aim higher possibly like a federal. Reserve Bank, or something some bigger place that has a lot of money. Robbers. Knew that national banks would have a large amount of money like this like countries Reserve Bank. So they started looking around for what national banks might be a good target. chose. The Bangladesh Bank? This was an interesting target to choose as far as central banks go Bangladesh has a growing economy and is starting to really flourish, but it's still a developing nation and its central bank. Does it have the best security? No, which might make this an easier target than a more developed nations national bank. Like the US Federal Reserve Bank. So the Bangladesh Bank became the target which is the National Bank of Bangladesh's like the Federal Reserve. Bank the Bank of England it's you know it's like the country's bank billions of dollars of reserve currency is sitting in the. All right. So the target is set. Now this group has a special weapon they're pretty good hackers. So they're planning isn't to bust down the door, draw their weapons and shout everyone on the floor Gimme a billion. Dollars now, that's not an option here. Instead, the plan was to hack into the being Podesta Bank and transfer out as much money as they could before anyone could catch them. It starts a full year before I think it was January twenty fifteen. The first email started popping up inside Bangladesh buying your employees get the classic phishing email. It's a it's a zip file contains the Stevie for somebody who looks like a job applicant opens it file. Has a look at the survey or baps doesn't forget the CV but nonetheless, they get infected three people open the Mellon Bank and at least one of them in fact. Okay. So the hackers or in this case, the bank robbers infiltrate the network. Now when they get in using a phishing email like this, the only get into one person's computer whoever that person was, who opened the e mail not it they just have access to that one computer from there. They have to try to hop around to other computers in the network once they get in, they used three types of malware to set. Up for the next part, an awesome way, one of them created the back door into Bangladesh Bank another of them create the encrypted channels so that you can pull stuff out to that back door without being spotted on the third piece of software is used to scan navigate across the network. So they spend some time mapping out the network of the Bangladesh Bank moving around establishing persistence and learning about how to transfer money around. One of us to do they workout wet Bangladesh banks got his money. So it's not all sitting in Dhaka, the capital buying dash the money that. English buying. A phone incumbency reserve account in. New York at the New York Fed and there's a billion dollars sitting there. So the criminals like that is a billion dollars that would be good if we can get that. In order to transfer money banks system called swift swift is is the international bank transfer system doesn't International Bank. Version of the hot which transfers millions billions of dollars around the world. So swift is a network used to send payment orders between banks. There are over eleven, thousand members, financial institutions in over two hundred countries around the world who used swift to send payment orders to each other. So anyway, these realize okay to transfer. Billion Dollars Out. Of The New York Fed, we're going to have to get to the swift software and do a series of transfers using swift. That's exactly what they're doing when they get into Bangladesh. Bank. They're trying to navigate their way around the network and find the compute saw the skull swift on it. So they can then manipulate that computer and transfer the money out of New York and out of the nuke account this bank. So the thing about swift is that it's pretty secure. It is secure it has to be because it handling this very sensitive financial communications. It's practically impossible to hack. But as with computers, there is a weakness and one of the biggest weaknesses is human error hackers routed around the Bangladesh Bank network looking for the right computer that can authorize being transfers, and of course, they find it. The computer authorized to make swift transfers BINGO. So instead of trying to hack into the swift system, they got to the human users of the computer terminals that ran swift, and they watched how users interacted with it, and they learned how to impersonate those human users and then trick the swift network into thinking that they were authorized users making real transaction requests. But I the swift terminal I mean, I don't know about you. If I was confronted with the Swift Terminal I would have no idea where to start I'd probably make some mistakes. It did not take these guys very long at all. To make the transfers to transfer out the money. This makes me think that these hackers are probably already familiar with the swift bank system. Perhaps this was someone who had done work for swift before or someone who hacked into a bank and did some swift transfers already since they knew how to use it right away without having to sit and watch how a typical bank operator does it. Very interesting. So they got that piece sorted, but now they needed to figure out how to hide their tracks to blend in to do this, they obtained bank transfer record and use them to learn what a typical large transfer would look like studied the banks high dollar value transfers. What kind of transactions were the? When were they made into who they used these insights? To plan their theft, they would use transaction that look like the banks typical large transactions to steal their billion dollars without raising suspicions transactions they lined up not only do they know how to swim, but they knew what to type into swift to make the transfers look legit I and they had this almost in advance it was almost like they knew how swift land. With. The right key strokes on this computer, they can move that one billion dollars to another bank account and account owned by the hackers. Behold up even if they now had access and a plan for making the transfer blend in making one giant transferred to themselves, still might not be the best idea using the strategy might have raised a flag somewhere in the system. Transfer like that might require additional authorization or something, and why put all your eggs in one basket if one billion dollar transfer fails then everything fails. So the hackers decided to break up the theft into many smaller transfers is classic money laundering technique. So in May two, thousand, fifteen, five bank accounts were opened in our CBC Bank on Jupiter, Street in Manila capital of the Philippines. Each of these accounts were opened with an initial five hundred dollar deposit. These accounts sat untouched for nearly a year until the weekend of February fifth, two, thousand, sixteen by that point the. Bank robbers had everything set up the launched a successful spearfishing operation on Bangladesh Bank employees which them to get access to the banks computer network and the swift terminals, and they figured out how to impersonate Bangladesh banks credentials on swift, and now they have bank accounts set up around the world waiting to receive the stolen money, and we know about those five accounts in the Philippines and at least one account setup in Shankar. where the other accounts on spy. Efforts have not measure find out but I told wide operation. And now, the ready to roll on February third two, thousand, sixteen, the hackers entered the Bangladesh Bank network one more time it was Thursday the waited for the bank to close at night and as soon as they did they made the keystroke strokes needed to get into the swift terminal seat. The English bank actually has a lot of money in the US Federal Reserve. Bank. So the access to Bangladesh Bank account in the New York Fed Reserve Bank and started making transfers to thirty. Six of the hackers bank accounts all over the world and the thirty six transactions totaled nine hundred and fifty, one million dollars. Now. The timing of this transaction was perfect Thursday night in Bangladesh in Classic Heist Movie Tradition, you know you try and pick up a weekend to your bank Boykin and what you're looking for the long weekend you know by call they weekend public holiday weekend which he? In an already, really well thought out elaborate plan. The timing was a stroke of genius because it meant that not only are the hackers dealing with a long weekend but they're also taking advantage of sweet time zones e. you've got bungalows bank, which is the bank has been hacked into where the money's going to transfer from the got where the actual money is, which is new. York different time zone and if got where the money is going, which is the Philippines which yet another time zone. So what they did was play these three times as though advantage now, besides the time zones being to their advantage in Bangladesh, the weekend starts Thursday night and because this was Thursday night nobody was going to be in on the weekend to see anything suspicious happening. However it's not the weekend in new. York it's Friday in New York. The funds can be transferred properly there. So by that time, lows might works would have gone home. They know they're good a good long weekend weekend two days to to work with. But of course, it's nine thirty six am in New York where the actual money is. So when they start issuing commands transfer out the money in New York, they've got an entire New York working on it knowing that the people in Bangladesh, she might be on its cold most of all to work over the weekend. There's another detail of timing that also helped him out. The attacks started on Thursday February fourth, and on that following Monday February eighth was the Chinese New Year which is a bank holiday in the Philippines, which is where those are CBC bank accounts were sitting. So you've got all of those day. Friday Saturday Sunday and Monday with these three time zones working on edge. So on Friday morning New, York Federal Reserve receives all these swift transaction requests that look like they're coming from the Bangladesh Bank and the new. York Federal Reserve Bank precedes to process the transactions. Money starts being sent to the hackers bank accounts one by one millions here millions they're. One of the transactions is for twenty million dollars to one of the hackers bank accounts in Sri Lanka twenty million dollars was going to go, which is a huge amount of money for the charity concern going to. So The New York Fed Reserve approved the request and the twenty million dollar starts making its way to the intermediary banks which happens to be in Germany, but it gets stopped there because of a pretty basic human error. The money was trying to be set to the show, LICO? Foundation but the transfer request spelled as Shalita fundation he was missing an O. And when I looked at this transfer, it ring some alarm bells. So the Bank of flagged it back to Germany that transfer they in turn transferred it back in your consent we think something's wrong with this New York you can imagine had some. Pretty heavy moments looking at these transactions and going shit something's wrong care. So this raises the alarm and the Federal Reserve is now scrambling trying to figure out what's going on they tried calling English bank but it's Friday and Friday is a weekend in Bangladesh so they have trouble getting through but at this point the has done they hacked into the bank sent money to the Newark Federal Reserve and then told the new Federal Reserve to send it to thirty six accounts by Friday at three fifty nine am local time in the Philippines hackers log out of the Bangladesh Bank Swift Network Melwood that they had installed machines began deleting evidence of their crime. But hold up you'd think that the bank's security systems would have some kind of fail safe to protect against this kind of robbery right winter an HP laser jet printer in the cool of the office in Bangladesh Bank, and its job is partly to print out records swift transactions when they're made, and so every day including on Bangladeshi weekends that printer is automatically printing out all the transactions that are coming in. Normally that's not that many maybe a dozen. So the people pronounce are one safeguard and another safeguard is that there's employees who are on duty and it's their job to scrutinize the transactions on these records. On the Friday of the hack that employee was named zoo beer and he was a director of the bank the hackers had for this to now the hackers. One of the small things they did when they did the highest was to realize that if the winter going, it would immediately expose don't to deal with this failsafe. The thieves hacked the printer to make it print blank pages of transaction records. Then they installed malware on the computers running the printer that would delete. Of the messages? So the beer was in the office on Friday but the printer was just printing out blank pages. He assumed it was just some technical glitch and he could deal with it on Saturday. But then on Saturday, there was an even bigger problem when the bank employees tried to log into the swift terminal, they were seeing errors and couldn't log in when they finally were able to log into the system. They saw three messages from the New York Fed Reserve. Asking about the large quantity of payment instructions that they had received over the Bangladeshi weekend, which altogether totaled almost one billion dollars. So at this point on Saturday is a beer was pretty panicked. He tried to call the New York, Federal Reserve, Bank. But of course, it's now Saturday where the banks are closed in the US starts emailing and faxing in requests to the Federal Reserve to stop all transactions and payments for this at some point, the Bangladesh Bank. Also shut down their server in an attempt to stop even more fraudulent transactions from executing, they don't making a series of appeals over contacting. The new Federal Reserve to try and get the money back I never realized this about the in central banking system, but there's a lot of intermediary. So it's not just from the New York Fed that the money goes stripe the Philippines Australia shrank it goes to a number of intermediary banks. So get a sense we kind of sense of panic one bank contacting another and saying, well, hang on what's happened here will we transfer the money to you as the money goal now see multiple different banks to go. So I'm GonNa Pause for quick break here will add up how much money successfully got through stay with us. Support for this episode comes from bleakest. This is a mobile APP has thousands of nonfiction books that you can read but here's the interesting part. They condense these books down to just the essentials which makes it. So you can finish a book and just fifteen minutes. You can read it on your tablet phone or inner browser. They've got some really great books to the ones. I. Recommend are the robots are coming? Zach. Who can you trust and influence? These are all really great, and if you still don't have time to sit down and read for fifteen minutes, check this out. You can also listen to the shortened audiobook version I'm telling you blink is really slick and saves you a lot of time with blinks you get unlimited access to read or listen to a massive library of condensed nonfiction books, all the books you want for. One low price right now for a limited time, blink has a special offer just for you go to bleakest dot com slash dark net and try it free for seven days and then save twenty five percent off your new subscription. That's bleakest spelled B.. L. I. N. K. I S. T. blinking dot com slash dark net to start your free trial and get twenty five percent off but only when you sign up blink. Dot Com slash fan. So. While thirty six transactions were tempted, which totaled almost a billion dollars only four transactions actually went through the bank robbers successfully transferred eighty one million dollars to their five are CBC bank accounts in the Philippines which they had set up nearly a year before using fake ID's one reason the money made it to their accounts in the Philippines was that the transfers occurred during the Chinese New Year. So our CBC Bank was closed when the British bank tried to call up and stop the transfer. But that's not the only reason. There's some allegations that there might have been an insider at the are CBC Bank to. The timeline is pretty suspicious on February ninth are CBC logs into the Swift system and sees the stop payment messages that Bangladesh has now sent them and yet even after seeing those stop payments that same day the hackers were able to completely empty their bank accounts huge sums of money and once they're withdrawn, that money was programmed disappear. There was a whole system in place to take that money and speed it system so that no one could ever find again. A, large percentage of the eighty, one million dollars went to a single person. From the investigation in the Philippines that thirty million was given to a blow Chinese national. Disappeared and he's never been heard Oregon perhaps his Chinese man was in on it somehow middleman or something, and he required a cut of the money to do his job. Yeah. We don't know what happened to him or as money he just vanished. But that's still fifty million dollars for the rest. So the next part of the plan was for the hackers to make it so that this money couldn't be traced back to the bank heist they needed to come up with a plan to launder fifty million dollars and to do that, they send it directly to casino. Once called the MIDAS casino once called the select senior figures thirty million. And Twenty minutes from. Now. It's not clear how the money got to the casino. But from what I understand when high rollers come into town, they don't stroll in to the front door with a million dollars in a briefcase no link up their bank account the casinos bank account and initiate transfers to the casino that way. So my guess is that on Friday the funds. Were transferred into these bank accounts in the Philippines and then on Monday, those funds were cleared. However, Monday was a Chinese. New Year. So those banks were closed, but my theory was that the hackers had prearranged with the casino to make these huge transfers on Monday. So they were done online or through the casino somehow without having to go into the bank. But. Now that the money was in the casino, they couldn't just grab their money. Go the needed to gamble for a while to not look suspicious the way. Work for you and is we'd go and we'd say, okay, I, want to bet a million dollars this weekend and say, okay, pay million dollars into you know all account number acts and that way when you go, there's there's a record transaction you turn them and say, Hey, I've got a million dollars. In your bank account, I'd like to bet my money now a few Chinese men who working with he's hackers took the money from the highest when into the Casino and requested a junket. junket is a private room for high rollers who can gamble without being bothered. Physically you the Casino I wanNA room for a certain number of gamblers, and we're going to spend ten million dollars here. Most important about this money will point of view is the chips that have issued the casino chips of issues only work in that like blended casino chips you know. They only work in that room. So what that means is if your money law. Page. Fifty million, these casinos you highway up to room. You've got your guys in there to gamble. You know that those chips are only going to be spent and gambled in that room. So you could controllable situation. These guys can't wanted to off somewhere with chips and spend mills where they got to spend him in that room and you can keep an eye on what they're spending. The other important detail about these junk rooms is that they were playing Baca. Rod. Is Interesting because there's only two things to bet on him backyard you better than the blind or the player, and they see that if you keep playing back over a long period of time, odds are pretty good that you'll get about ninety percent of your money back. So the Casino will end up with ten percent of your money after you play for a long. Period of time, which is sort of a safe way to gamble without losing too much. This will allow the hackers to gamble without causing suspicion like they're just cashing out and monitoring money to the hackers sat there in a private junket in the two casinos in the Philippines gambling loop that they just stole just trying to buy enough time to cash out without raising suspicion. Because at this point, everyone involved English bank in New York Federal Reserve are CBC and the law enforcement agencies. They know that eighty one million has been stolen authorities were able to follow the money to the casino which raises the question if we know all this money passed through to casinos to be laundered further casinos responsible at all well as it turns out just days after the bank heist. Asked the Philippines authorities for help and the authorities shut down this fake benefit counts and they knew where the men went with the money and they knew what casinos were in but the country's law enforcement let them play without making any arrests? Casinos. And some possible deniability just sounds crazy in a bunch Chinese guys Ted pet. Tens of billions of dollars. If Your Casino in the Philippines fat happens a lot. So it isn't unfeasible could look this insolvable. Hey. Here's some high rollers in town big spenders. It's worth pointing out that in the Philippines at that time, casinos didn't have good money laundering regulations. So it's possible. That's why these casinos were targeted for this. The rubbers finish their gambling, which was actually money laundering quietly cashed out their chips walked out of the casino and promptly left the country flying to China. In total, the hackers were able to successfully steal eighty one million dollars from the Bangladesh Bank. So, who exactly were these hackers? Well, it turns out he was the North Korean government. North Korea's getting into computer hacking from what the experts in about two thousand nine. There's the creation of the Reconnaissance General Bureau, which he'll pools together all the hacking kind of people into one unit. Security researchers dubbed this North Korean hacking group. The Lazarus Group, which also is known as the Reconnaissance General Bureau or AP Thirty Eight and researchers found traces of Lazarus Group on other attacks to, and it's really interesting to see a nation state getting into the game of bank robberies because nation state hackers don't Rob Banks they never hacked for financial gains by seriously can't. Find any other story of a nation state hack where their goal was to steal money north. Korea seems to be the only one hacking for financial gains, which is so weird but according to Jeff this, actually kind of makes sense from geopolitical standpoint twenty thirteen, the sanctions of passed restricting North Korea from bulk transfers of money, which is a response to. North. Korea launching. Missile tests. The world does not want it to do. That's twenty thirteen. It stopped from getting access to international money two years. Later, Twenty fifteen, they start hacking into English by to the FBI. So you can see if progression was not we can't get any money how we going through that. Let's just Ron Hacker way around that. So that's where Lazarus Group and these bank robberies come in. It wasn't just bangladesh-banked that they targeted Lazarus group has been tied to almost all of the world swift attacks to defeat binks in Ecuador Vietnam Poland India Taiwan, and Russia, have all been hacked and had attempted bank robberies, which can be attributed to hackers within the North Korean government being the main culprits. Hitting Bank after bank attempting to steal millions of dollars. All, in Jeff estimates that the Lazarus Group has tried to steal roughly one point two, billion dollars. But has only ended up with a hundred and twenty, two million. And some say that this eighty one, million dollar bank heist from the Bangladesh Bank was the largest bank robbery in history, and if it is North Korea, that's one point two billion dollars going to a country that's under international financial sanctions. So I've just got enough the ones I've added up they've tried to get one point two, billion they ended up with one hundred and twenty million. So awfully a tenth of what they tried to get is what actually managed to pull out so if Lazarus group has stolen. And Twenty, two million that would be a significant portion of north. Korea's GDP and since it's been so successful I see no reason why they can't continue to do this for years into the future and typically what we've seen is the money is taken to Macau and China, which is where the money went after they cashed out on this casino and from Macau it can then be wired directly into North Korea because North Korea does business with companies in China and so this transaction could easily be hidden. So yeah. In twenty two, million dollars stolen. Looks like North Korea got away with it. But don't just take my word for it. The US Department of Justice investigated this a lot. The FBI wanted to more and spent two years tracking down who hacked the Bangladesh Bank and came to a conclusion in late two, thousand eighteen. The US Department of Justice gave this announcement we have unsealed criminal charges against the North Korean computer programmer. For participating in a conspiracy that conducted sophisticated cyber attacks around the world on behalf of the North Korean government members of conspiracy are responsible for some of the most damaging and most well known cyber intrusions in history including the cyber attack targeting Sony Pictures, and the Cyber Heist of Bangladesh Bank. The criminal complaint unsealed today specifically charges. Park Jin Hook. But the complaint alleges a wide ranging conspiracy and describes in minute detail how we were able to link the North Korean government to these crimes despite the attempts to cover their tracks and despite the North Korean government claims that it was not involved in these crimes. The one, hundred and seventy, two page affidavit. Details evidence. That clearly demonstrates that the North Korean subjects backed by their government were responsible for these crimes. Oh whoa. The same group did the Sony Hack to I'm sure you've heard of this. There was this movie that Sony pictures was producing called the interview a comedy with Seth Rogan and James Franco where they were traveled to North Korea to interview Kim Jong Un this. Would love it if you could take him out. Take out for drinks like. The town. No. Take him out you want us to kill the leader of North Korea. Well, as it turns out, North Korea did not find this funny and hacked into Sony pictures getting access to emails, personal information, unreleased movies, scripts, and salaries. They published all this to wiki leaks, and at the same time demanded that Sony not released the interview, and if that wasn't enough, they were destroying computers inside Sony using a wiper virus, of course this. Sparked a major debate over in Washington DC as President Obama was trying to figure out what to do an enemy nation just attacked an American company. If this had been a connecticut attack like with a bomb or fire, this would certainly be an act of war and some people were urging a bomb to consider this to be the same but someone else said. Go to war every time a company gets hacked. President Obama had this to say we cannot have a society. In which some dictator someplace can start imposing censorship here in the United States, because if somebody is able to intimidate folks out of releasing a satirical movie, imagine what they start doing when they see a documentary that they don't like or news reports, they don't like strangely enough trump who was not president at the time was interviewed on the Wendy Williams show and was asked about this. Here's what he said Look I hear the movie is terrible. If somebody did that to our president whether you love your president or don't love your president if they start talking about assassination and I heard, they did some really vile things. It wasn't just like assassination. The movie was yeah. Really terrible terrible things You know that's pretty bad stuff right? So I can see both sides of it. That's not. I'm not even GonNa comment on that Sony backed out releasing the film, but Washington DC urged them to publish it anyway to send a message that Kim Jong UN cannot suppress free speech whenever he wants. So Sony did a limited release and made the film available directly for download. But yeah, it's fascinating to see the US has enough evidence to blame the same North Korean hacker for the hack. On Sony and the Bangladesh Bank. Heist. The DOJ has an indictment for the hackers arrests, but they'll likely never be caught because there's no way to go into North Korean arrest him in the apparently traveling anywhere anytime soon. But if the guy listed in the indictment were to travel to a country which has an extradition treaty with the US Yuppie I would probably find out and try to arrest them. Jeff being the curious person he is and good journalist decided to go to the North Korean embassy in. England. To get some answers, the embassy is in is in west London. Suburb of west London Cold Ailing and. All the embassies that there's certain areas London where the embassies of based like big posh houses security outside. The Canadian flag waves outside the Canadian embassy and so on North Korea really does look like a like a semi detached house in in Sopa any was actually converted family hounds and so I went on I thought looked I tried to email them I tried to call them. I got no response I I went the embassy to knock on the door. So it's really disappointing. There's a simple electric gate that sits across the driveway two very expensive Mercedes by the way partners driveway. and. So the electric gate is also the remote control of inside the place and the front door of the actual embassy itself is behind that electric gate and it was I won't I'll be honest with you. It wasn't unfeasible could have jumped the gate to get to the front door but I just thought at that point you know you're kind of trespassing on the North Korean embassy I didn't want to end up in the evening standard is Technology Journalists Tasers. Each. I duNNo. I felt down, there was no bail or anything to push. There is no bell there is no bowel accessible on the outside. The Bella would have had to jump the gate and jumping the gate just felt. Steps to. Yeah. So so I sent them a letter by recorded delivery and I got little confirmation back from the post office saying my letter had been received. by Mr Kim. At a particular time, Mr Kim's doesn't go back to me to answer my questions I suspect here back but. I WANNA take a minute to emphasize that this eighty one million dollars was stolen because someone clicked a link on a fishing email. This goes to show that humans are still the weakest link in the network, but the other nine hundred million dollars transfers was stopped because of a human somebody spotted these transactions and was able to take action which protected most of the one billion dollars payload from the hackers. So yeah while humans are the weakest link there also distress link at the same time and a well trained educated employees can do wonders for accompanied by protecting their systems from hackers. In two thousand, eighteen, the Bangladesh Bank brought a lawsuit against our CBC, the Bank in the Philippines where the money was sent to for failing to quickly put a freeze on the fraudulent accounts the alleged there was corruption collusion which allowed the hackers to get away with it, but our CBC responded with. Lawsuit they were saying it was an inside job from the Bangladesh Bank but check this out in January two, thousand, nineteen, the bank manager at RCB was arrested and found guilty of money on ring. She was sentenced to four to seven years in prison, and as it turns out, she was the one who opened the bank accounts that the stolen money was sent you. Now. She handles things related to customer care and I don't know enough about the RCB see policies to know if it's normal for a bank manager to open accounts for customers. So I'm not sure how suspicious this is but so far she's the only one to have been arrested in connection with this bank robbery in the meantime the Lazarus. Group continues to attack the swift banking system in October two thousand. Seventeen hit the Taiwanese Far Eastern International Bank between January and May two, thousand, eighteen they targeted Mexico's Bancomex in May two, thousand, eighteen it was the bank of Chile. You know it used to be going until the governments secret Sullivan Komo groups hats into banks money. You know an activist groups caused chaos. You know to get profile and it's just so strange to me to see a government conducting cyber crime. And just out there stealing wads of money. But there it is plain his day and that just scares me when kind of time and money that governments have suddenly you and a whole different ballgame with those guys getting involved in salvage operations you know we are in a whole different ballgame. That's not to say this suddenly going to be a common thing that governments are going to be turning to international crime sprees to fund their activities North Korea of course, does not follow the norm on many levels but still it's pretty concerning that three years later, even though we know exactly who was behind the Bangladesh Bank Heist, the hackers are still at large and are continuing to attack banks all over the world in developing new attacks. In fact, North Korea is responsible for another huge cyber attack and attack that was so big that cost the world four, billion dollars. But that story is going to have to wait until the next episode. So join me in two weeks. Will you? A big. Thank you to journalist Jeff White for sharing his research and insights with US Jeff has just published a new book. It's called crime. Dot. com from viruses to vote rigging hacking went global and I highly recommend it. Jeff is a great investigator and writer and trust me. This book is right up your alley. There's an affiliate link to crime com in the show notes. So check it out. Jeff also has a pretty good podcast called cybercrime investigations where. He goes super in depth on stories. He investigated I also highly recommend that podcast. This show was made by meet the Gold Coder Jack reciter and this episode was produced by the Sandy Surfer Eileen Guo original score for this episode was done by demand and our theme music is by the bobbling brake master cylinder in even though Cyber Actors are working on new cyber pathogens to wage cyber attacks on cyber bullies who have too much cybersex. This is darkness Diet.

Coming up next