How North Korea Tried To Steal $1 Billion | Investigators

This is, without doubt, the most audacious cybercrime that’s ever been attempted. The idea that you would steal $1 billion from a national bank and try and spirit it away across international time zones, it’s absolutely astonishing. The Lazarus Group is suspected to be hackers supported by North Korean intelligence. They are behind the hacking into major corporations like Sony Pictures Entertainment. Sony Pictures Entertainment is reeling from what may be the biggest and most devastating computer hacking in Hollywood’s history. Taking studios off air, taking down TV studios, taking down banks, attempting to steal $1 billion from Bangladesh. The $81 million money laundering scandal is now considered one of the biggest bank heists in Asia. And then moving into cryptocurrency, spreading a virus around the world. It looked at first like an attack just on hospitals in the UK, but it’s now becoming clear that this malicious software has run riot around the world. Security experts say this is one of the worst and most widespread pieces of malware they’ve ever seen. The risk and threat of cyber, not just from suspected North Korean hackers, but I would say from hackers operating in other countries as well, we’re all vulnerable. I’m Geoff White. I’m an author and investigative journalist. I’m the co-host of the Lazarus Heist podcast. I’m Jean Lee. I’m a journalist. I’m co-host of the Lazarus Heist podcast for the BBC World Service. The Lazarus Group are kind of legendary in cybersecurity circles. And there are many theories about who they report to, how they’re organized, how the orders come down. But what it comes down to is that they are state-sponsored hackers supported by North Korea. Our podcast starts in Hollywood with the Sony hack around the release of their 2014 film The Interview . You want us to kill the leader of North Korea? And at the end of the film, spoiler alert, apologies, Kim Jong-un gets killed, and North Korea got extremely annoyed about this film. They felt it was a deep insult to their pride. They tried to get Sony to pull the film. With that not happening, the North Korean hackers decided to break into Sony and take the company down. The hack shut down the company’s entire computer system, and, according to the L.A. Times , employees were reduced to using old-fashioned pen and paper to complete assignments. Then they start releasing the emails of the Sony Pictures Entertainment executives— deeply personal, deeply confidential stuff. And it was an embarrassment for Sony Pictures because so much gossip was revealed in the emails that they released. And it was so extreme that it compelled then-President Barack Obama to name North Korea as a suspect in a press conference. And we can confirm that North Korea engaged in this attack. What’s absolutely astonishing is the dust had barely settled on the Sony attack. We’re already onto the next target. They’d already moved on. It was an example of using social engineering, so creating profiles in social media and creating identities and sending emails and interacting with the recipient of that email. They used a dodgy CV. They pretended to be a job applicant called Rasel Ahlam, and they sent a CV into Bangladesh Bank and said, “Hey, I’d like to work for the bank. Here’s my CV. Could you take a look at it?” Opening up the CV opened up the attachment, triggered the virus, got the computer infected. They found out that Bangladesh Bank has $1 billion sitting in the New York Federal Reserve Bank. They’re going to transfer the money out. Fine. It’s $1 billion. Where are you going to send it to? Kim Jong-un’s personal bank account? No, obviously not. And the escape route they mainly lined up was through the Philippines. And the timing of this starts to get really interesting because the hack is happening in Bangladesh, the money’s in New York, it’s being sent to the Philippines. Their mission was to steal $1 billion from the Bank of Bangladesh. And they managed to carve out a five-day window when almost no one would notice that all of this hacking was taking place. It was not only the weekend in Bangladesh, but it was also the start of the Lunar New Year here in Asia, which is a big holiday. So even when Bangladesh Bank manages to get through to New York Fed and they piece it all together, they’re phoning up the Philippines, and people aren’t answering the phone because it’s a bank holiday there. It’s a perfectly, almost immaculately planned bank heist taking advantage of three different time zones and several bank holidays across the world. They didn’t manage to make off with the full billion dollars, but they came very close. It was only because of a couple of errors that that money ended up not going through. But in the end, they managed to get $81 million. So they’ve got $81 million. It's not bad, not a bad payday. But the problem the hackers now have is it’s still traceable. So yes, they’ve moved the money from New York into the Philippines and those bank accounts, but you can still trace it. And this is another amazing element of of how you steal a billion dollars. They had to wash that money— it’s dirty money. So then they take the money and they move it into casinos in the Philippines. Why casinos? Well, number one, the casinos weren’t regulated by money laundering regulations at the time. So you pitch up to a casino with $81 million, and nobody asks many questions. But number two, perhaps most importantly, they changed the money into casino chips. They gamble the chips over the tables, they get their winnings, they cash their winnings into a check. You can’t link that check they walked out with with the money that came in at the beginning. And one of the things that was so remarkable was the casino workers telling us that these groups of men would come in and just, almost like they were working a job, sit down to gamble at Baccarat and didn’t seem to react if they won and didn't seem to react if they lost. Now you may think, “Well, hang on. Aren’t Bangladesh bank on the case Yes, they are. They’ve traced the money to the Philippines. They go to the casinos. They say, “Look, this is our money.” But the casinos, remember, aren’t regulated by money laundering regulations. It’s also a remarkable... revelation in how the suspected hackers plotted out every step of this process, from the hack itself to how they get the money out of the banks and how they clean up that money and then, of course, get it back to North Korea. The US investigators are correct, and this was the work of North Korea, and they were trying to steal $1 billion out of Bangladesh Bank. In a way, it makes perfect sense. North Korea has hit the buffers. North Korea is broke. It was about stealing money the regime desperately wanted and needed to build its nuclear program. The problem is, of course, those nuclear weapons, those tests, and those missile tests were met with sanctions by the international community. And those sanctions cut off North Korea from the international community and cut off its finances. One of the most perplexing things, and one of the reasons I think we underestimated the North Korean hackers is because they are so disconnected from the internet. I mean, this is a country where most of the population doesn’t have electricity for most of the day and much less computers. The only people in North Korea who have access to computers are people working for the government. But what the regime has done is really focus its resources on cultivating an elite core group of computer experts. Kids who show an aptitude for math are plucked from school and put into intensive math training. What's interesting is North Korea often sends its hackers overseas. So defectors who’ve subsequently testified about this and spoken to us for the podcast talk about being dispatched, often to China. If you are chosen as a cyber warrior, even though you receive better rations, the life there is very difficult because it’s a military. For instance, you have to get up at six o’clock to work 10 or 15 or 20 hours without sleeping. Y’know? The whole life would be isolated from the rest of North Korea. One of the fascinating details that we uncovered in the course of our investigation was that the suspected hackers are not just these shadowy figures operating under the veil of cyberspace, but they actually have a face and a name. And that name is Park Jin Hyok. He is back in Pyongyang, as far as we know, which means he’s out of the reach of the FBI. But he remains a suspect, the key suspect in the Bangladesh Bank heist. Park Jin Hyok, according to the US investigators, was a key member of the Lazarus Group and is linked to Sony Pictures Entertainment, the hack of Bangladesh Bank, and the WannaCry ransomware attack of 2017. The global cyberattack, where hackers demanded money and exploited a dangerous security hole, which froze computers at over 100,000 companies in 150 countries. Ransomware attacks can be extremely lucrative. Computer hackers send you a dodgy email, a dodgy attachment, you open it up, your computer gets infected, and the virus scrambles all of your files. The hackers then issue you with a demand and say, “In order to unscramble your files, pay us the ransom.” One strain of ransomware in one month made $350 million for the gang behind it. That’s $10 million a day. The amounts are absolutely astonishing. The WannaCry ransomware was entirely different than the Bangladesh Bank heist because it didn’t require you to click on a link. It just ran rampant through computer systems and unleashed this virus on its own. The spread was astonishing— in 24 hours, something like 200,000 computers in more than 150 different countries. And of course, in the UK, one of the main bodies that was hit was the NHS— a: one of the world’s largest employers, b: massive amount of computers in the NHS. But it wasn’t only that. It was major telecommunications firms, transportation companies, Boeing, Telefonica, Deutsche Bank. I mean, if you think about the extent of it, it's absolutely terrifying. Thankfully for us, there was an off switch, and it brought the whole thing to a sort of shuddering halt. Part of what the North Koreans want to do is not only to make money but also to show us that they can upend our lives, that we shouldn’t forget that they remain a threat. And that makes us all vulnerable. They’ve got into cryptocurrency, and they’ve learned and embraced the cutting edge of financial crime to make more than $1 billion for themselves. And all of this money, certainly according to US investigators, goes back into the pockets of North Korea, a pariah regime which is spending some of that money on nuclear weapons.