North Korea May Have Pulled Off a Series of Stunning Cyber Bank Heists

Impact
ByTom McKay

Is a certain dashing, well-dressed dictator the mysterious mastermind of a massive bank heist from earlier this year?

According to CNN Money, North Korea is the prime suspect in a series of high-profile cyber attacks in recent years, with a collective take in the hundreds of millions.

The hackers, dubbed the "Lazarus Group," stole $101 million from the central bank of Bangladesh in February and nearly absconded with over $800 million more; they also hit banks in Ecuador, the Philippines and Vietnam, according to CNN Money. Hackers obtained codes to SWIFT, a worldwide financial transaction-verification network, and sent authenticated orders to drain the banks' accounts of money.

Segments of code from the bank hacks appear to match techniques used previously by unknown hackers who have attacked South Korean banks and media companies in the past, as well as techniques used in the 2014 Sony Pictures leak. Eric Chien, Symantec Security Response technical director, told CNN Money that if the latter attacks were directed by North Korea — as purported by Western governments — there is only one explanation.

"If you believe those government assertions, then the Bangladesh attack was North Korea," he commented.

"I think it was North Korea," added British cybsersecurity expert Matt Tait. "This operation was meticulously planned. And these guys knew how to launder money. That makes me lean strongly toward the notion that this was a nation state."

While there is no hard evidence implicating the government of North Korea, it has been accused of generating illicit revenue in the past. North Korean officials have been implicated in drug, ivory and counterfeit goods and currency smuggling schemes, as well as human trafficking.

"If you presume it's North Korea, $1 billion is almost 10 percent of their GDP," Chien told the New York Times. "This is not small change for them."

According to security firm Kapersky, it remains unknown where the Lazarus Group is based, but the gang works 15-to-16-hour days and "almost two-thirds of cybercriminals' executable files include elements that are typical for Korean-speaking users."