May 17, 2024
Random News

NEWSALLNYC

About Editor

Hillan Leo

Find Me On

Trending News

Update News
Arab-Israeli relations: how trade with the Emirates is growing 01
02
Update News
Arab-Israeli relations: how trade with the Emirates is growing
03
Update News
Sri Lanka’s Prime Minister Resigns Amid Protests
04
Update News
French presidential election: Who’s running for president?
05
Update News
“” “We don’t all have government jobs.” “”

Bangladesh Bank Reserve Theft: How North Korean Hackers Were Stealing Nearly a Billion Dollars

Admin046 mins

In 2016, North Korean hackers planned to hack one billion dollars from the central bank of Bangladesh and were about to succeed in this task. But fortunately, the transfer of the remaining money, except for $81 million, was blocked. But how did an isolated and poor country of the world create such a large-scale cyber hacking team? After a long search, Jeff White and Jean H. Lee report for the BBC:

It all started with a faulty printer. This often happens in modern life, so the staff of Bangladesh Bank took it as a common problem like all other days. They didn’t think it was a big deal. But it wasn’t just the printer that was the problem, and the bank wasn’t just any bank.

Bangladesh Bank, the central bank of Bangladesh, manages the country’s foreign exchange reserves.

The printer plays an important role. The printer is located in a highly secured room on the 10th floor of the bank’s head office. Through this printer, information about billions of dollars of transactions going or coming from the bank is printed. 

On Friday, February 5, 2016, at about 9: 45 a.m., when the bank staff noticed that the printer was not working, Zubair Bin Huda, the duty manager of the bank, later told the police: We assumed that it was a common problem like every other day. “This kind of thing has happened before. “

This was the beginning of Bangladesh Bank’s problems. The hackers broke into the bank’s computer network and launched the most audacious cyber attack at that moment. Their goal is to steal $1 billion.

The cyber hacking group used a wide network of fake bank accounts, charities, casinos and associates to siphon off money.

But who are these hackers, and where do they come from?

According to investigators, the digital evidence points only in one direction, the North Korean government.

It may surprise many to see North Korea named as the prime suspect in a major cyber attack. It is one of the poorest countries in the world and is isolated from the rest of the world in terms of technology, economy and almost everything else.

According to FBI investigators, the hacking of the Bangladesh Bank took place with the help of years of planning, preparation of the hacker group, brokers spread across Asia and the North Korean government.

In the online security world, North Korean hackers are known as the Lazarus Group – a name taken from the Bible, meaning those who return from the dead.

Hackers wanted jobs before stealing reserves

Bangladesh money theft: Philippines bank official jailed

Reserve theft: Why aren’t the people involved being identified?

Reserve theft: Bangladesh Bank’s case after three years 

Very little is known about this group. However, the FBI managed to paint a picture of one of the suspects, Park Jin-hyeok, also known as Pak Jin-hye and Park Kwang-jin, as a member of the group.

He is described as a computer programmer who graduated from one of the country’s top universities and worked for a North Korean company called Chosun X. He worked for the company in the Chinese port city of Dalian, creating online games and gambling programming for the rest of the world.

During his stay in Dalian, he created an email address, a CV spelling and a network of contacts using social media.

The FBI found that according to the cyber footprints, his activities were found in Dalian since 2002 and he stayed there until 2013/2014. Then his internet activity was found in Pyongyang, the capital of North Korea.

The FBI obtained the image from an email sent by the manager of the Chosun Expo Company to an outside customer in 2011. It shows a bearded Korean man between the ages of 20 and 30, wearing a black shirt and a chocolate-brown suit.

At first glance, he looks like a normal person.

According to the FBI, he worked as a programmer during the day and as a hacker at night.

In June 2018, U.S. authorities charged Park with conspiracy to commit computer fraud and abuse. He is also accused of conspiring to commit wire fraud using mail or electronic devices between 2014 and 2017.

If convicted, he faces up to 20 years in prison.

He returned to North Korea from China four years ago.

But Park, if that’s his real name, didn’t become a hacker overnight.

He is one of thousands of young North Koreans who have been systematically trained from a young age to become cyber-warriors. Children who are good at mathematics are brought from school to the capital at the age of 12 and are given intensive training from morning to night.

‘The culprits of the reserve theft are inside the Bangladesh Bank’

Bangladesh Bank gang involved in reserve theft: CID

When the staff of Bangladesh Bank restarted the printer, they saw a very worrying message. According to an emergency message, he has been instructed to empty the entire account of Bangladesh Bank kept in the Federal Reserve Bank in New York, which contains one billion dollars or one billion dollars. Bangladesh Bank has a US-dollar account in the bank.

Bangladesh Bank staff tried to contact the Federal Reserve Bank of Bangladesh for more information on the matter, but it did not work.

Because the hacking activity started at 8 pm Bangladesh time on Thursday, when it was morning in New York. As a result, this transaction is going on in the Federal Reserve Bank while Bangladesh is sleeping.

The next morning, a two-day weekly holiday began in Bangladesh on Friday. The head office of Bangladesh Bank has also been closed for two days. When Bangladeshi officials came to know about the theft on Saturday, a two-day weekly holiday began in New York.

“You can see how clever this attack was,” said Rakesh Asthana, a US-based cyber-security expert.

“There is a special purpose in choosing Thursday night. Friday is working in New York, while Bangladesh is on holiday. After this, when Bangladesh will come online again, the holiday has started in the Federal Reserve Bank. It took three days for the theft to be discovered. “

Hackers have used another tactic to gain more time. When they have taken money out of the Federal Reserve Bank, they have to send that money somewhere.

They sent the money via wire transfer to Manila, the capital of the Philippines. On Monday, February 8, 2016, the first day of the lunar year was a national holiday.

In total, the time difference between Bangladesh, New York and the Philippines was five days for the hackers to remove the stolen money.

They got a lot of time to work on ‘Hacking Timing’ because the Lazarus Group had been working on the computer system of Bangladesh Bank for more than a year.

In January 2015, an innocent looking email came to a number of officials and employees of Bangladesh Bank. The email came from a job seeker named Russell Ahlan.

A CV and a cover letter were attached to the email with his sincere request.

Actually, there is no such name. As the FBI found in their investigation, the Lazarus Group made up the name.

A year later, Kim Jong-un’s wife 

Who’s helping North Korea?

Kim Jong-un’s War on Slang, Jeans and Cinema

“North Korea: What is known about the new” “giant” “missile”

At least one employee of Bangladesh Bank fell into this trap and downloaded the CVT and opened it. Through this, the virus hidden inside it spreads first to his computer, then to the bank’s system. The Lazarus group then moved from one computer to another, building a way to access the bank’s digital vault and billions of dollars in funds.

But why did they steal the funds so long after they were in the banking system by sending emails a year ago? Why did they risk being exposed to the virus for a year? Because after stealing the money, they needed time to make a way to remove it.

Jupiter Street in Manila is a busy area. There is a branch of RCBC Bank, one of the largest banks in the country, next to an eco-hotel and a dental surgery office.

In May 2015, a few months after hackers broke into Bangladesh Bank’s systems, associates of the hackers opened four accounts here.

There were several things to suspect, which were caught after the incident. For example, the driver’s license used to open the account was fake, the applicants of the four accounts all had the same position and salary, despite posing as employees of different organizations. But no one noticed this.

Over the next few months, there were no more transactions except for the first $500 deposited into these accounts. At that time, the hackers were going ahead with their other plan.

In February 2016, hackers successfully hacked into Bangladesh Bank’s account and created a way to withdraw money.

But there was one last obstacle in their path. This is the 10th floor of the building.

Bangladesh Bank has a paper-based system to keep records of all kinds of transactions in their accounts. As a result, a printed copy of any transaction is saved.

As a result, this print of dollar transactions can instantly identify the actions of hackers.

As a result, the software that operates this printer also hacks it and makes the printer inoperative.

The hackers started transferring money at 8: 36 pm on Thursday. 35 transactions, a total of $951 million – they started transferring almost all the money from the Bangladesh Bank account in the Federal Reserve Bank of New York.

The hackers almost removed this huge amount of money, but they got stuck due to a small mistake like a Hollywood movie.

At the end of the weekend, when the Bangladesh Bank realized that the dollar had been stolen, they could not understand what had happened. The Bangladesh Bank governor knew about Rakesh Asthana and his company, World Informatics. She calls him for help.

At the time, Asthana says, the governor thought he could bring back the stolen money. As a result, he kept the hacking a secret. And it’s not just the government, it’s the people.

But in the meantime, Asthana discovered how deep the hacking had gone. He found that the hackers were able to break into one of the main systems of Bangladesh Bank, called SWIFT. Using this system, thousands of banks all over the world transact electronically with each other or among themselves.

The hackers didn’t take advantage of any flaws in the SWIFT system, nor did they need to – because the hackers presented themselves as bank employees to the SWIFT software.

It soon became clear to Bangladesh Bank officials that the transaction could not be reversed too soon. Some of the money has already gone to the Philippines, where authorities say they need court approval to claim the money. A court order is public information. As a result, when Bangladesh Bank filed the case at the end of February, the whole story became known and spread all over the world.

The consequences for the Bangladesh Bank governor were immediate. “He has been asked to resign. ” “I never saw him again,” she said. “

U.S. Congresswoman Carolyn Maloney can clearly remember the day she first learned of the Bangladesh Bank heist.

“I was walking out of the Congress towards the airport and reading about this theft. It was a shocking, disgusting, horrific event, probably the most frightening thing I’ve ever seen in the financial markets. “

As a member of the Congressional Committee on Economic Services, Maloney has seen the future of events. For example, SWIFT closely monitors billions of dollars of transactions around the world. This type of hacking can destroy trust in the system.

He was particularly concerned about the involvement of the Federal Reserve Bank. “They’re the New York Fed, they’re usually very cautious. How did such a thing happen? “

Maloney contacted the Federal Reserve Bank, and an employee explained to him that most of the money transfer orders had been put on hold due to a coincidence.

RCBC Bank, the bank to which the hackers wanted to transfer $911 million, is located on Jupiter Street in Manila. There are hundreds of banks here, but the hackers chose this bank – and that’s why they lost billions of dollars.

“The Fed blocks transactions…Because the word Jupiter was used in the address of one of the transfer orders, which is also the name of one of the Iranian ships on the sanctions list, “said Carolyn Maloney.

The use of the word Jupiter causes an alert to sound in the automatic system of the Federal Reserve Bank. The resulting transaction order is reviewed and mostly suspended. But it hasn’t stopped everything. Five transactions crossed the barrier, totaling $101 million.

Of this, $20 million or $20 million went to the Sri Lankan charity Shalika Foundation. It was also planned to be used by the hackers’ associates to launder money. (But its founder, Shalika Perera, said she thought it was a legitimate donation.) )

But even here a small thing hinders the hackers’ plan. Forgetting the spelling of Foundation, hackers write Fundation. The mistake was spotted by the eyes of a very alert employee of the bank and the transaction was blocked. 

In total, the hackers were able to steal $81 million. The theft of such a small amount of money was not in the hackers’ plan, but it was a big blow for Bangladesh, where one in five people lives in poverty.

In the meantime, Bangladesh Bank started making efforts to bring back the stolen money. But the hackers have already taken that system, due to which this money has gone out of reach.

On the morning of Friday, February 5, four accounts that had been opened at RCBC Bank’s Jupiter branch in Manila suddenly came to life.

This money is transacted between multiple accounts, sent to a foreign currency transaction institution, converted into local currency and deposited back into the bank account. A lot of the money is in cash.

Experts on money laundering say the meaning of this behavior is clear.

“” “You have to show that all of the proceeds of crime are legitimate, and that they’re derived from legitimate sources, no matter what you do with that money later,” “says Moira Ruehsen, director of the Middlebury Institute of International Studies in Financial Crime Management program in California.”

“You want to keep the money trail as foggy and hazy as possible. “

Still, investigators can find out the prior history of financial transactions. As a result, to completely erase history, it must be taken out of the banking system. 

Located in the very heart of Manila is a huge white stone palace – ‘Solaire’, which has hotels, a huge theater, expensive shops, and the biggest attraction here is a huge casino. “Mohamed Cohen, the editor-in-chief of Inside Asian Gaming magazine, says gambling is banned in China and many gamblers from there come to Manila to gamble, and Solaire is” “one of the most elite casinos in Asia.” “”

“The design is really unique compared to anything else in Southeast Asia. There are 400 gaming tables and 2000 machine slots. “

This is where the next phase of the transaction of the money stolen by the hackers of Bangladesh Bank took place.

Of the $81 million they brought to RCBC Bank, $50 million was transferred to the accounts of Solaire and another casino called Mydas.

What happened to the other $3 million? According to the Philippine Senate committee investigating the matter, the money was given to a Chinese man named Xu Weikang, who left the city on a private jet and has not been heard from since. )

The reason for using the casino is that it will draw a line in the pre-history of money. Once the stolen money was converted into casino chips, gambled on the table, and then converted back into cash – it’s impossible for investigators to trace its history.

But are there any risks? Were the thieves in danger of losing all the money on the casino’s gambling table?

Not at all.

First, instead of playing in public at the casino, these thieves book private rooms. They were sitting at the table playing with their friends. They have complete control over everything.

Secondly, with the stolen money, they play a simple card game called bakarah, which is very There are only two outcomes in this game. As a result, an experienced player can win 90 percent or more of the bet money. This is a great thing for money launderers, who are often forced to take even less than that.

As a result, criminals can use the stolen money here to bring in a good amount of return in return – although doing so has taken a lot of time and very careful management of players and bets. For weeks, gamblers have laundered their money inside the casino.

At this time, Bangladesh Bank was trying to catch the thieves. Its officials visited Manila and traced the history of money transactions. But when it points to the casino, they should stand in front of a solid wall.

At the time, casinos in the Philippines were not subject to money laundering laws. As far as the casino owners knew, the legitimate owners deposited money in the casino and had the right to spend it as they wished at the gambling table. (Solaire Casino said it had no idea the money was stolen and was assisting authorities.) )

Modi declined to comment on the matter.

Bank officials were able to recover $16 million from the owner of Mydas Casino, Kim Wong. A complaint was filed against him but was later withdrawn. The remaining $34 million was withdrawn. According to investigators, its next destination took it closer to North Korea.

Macau, like Hong Kong, is an autonomous region of China. Like the Philippines, it’s also a gambling paradise and has some of the most reputable casinos in the world. It has a long-standing relationship with North Korea.

This is where North Korean officials were caught in the early 2000s handing out counterfeit $100 notes of highly advanced quality, the so-called Super Dollar – which U.S. officials believe was printed in North Korea.

The local bank through which the money was laundered has been added to the US sanctions list because of its links to

 Pyongyang. 

popular in Asia. 

The spy who killed 115 passengers in 1987 to get a bomb on a Korean plane was trained in this Macau. Kim Jong-un’s half-brother Kim Jong-nam, who lived in exile in Macau and later died in Malaysia after being poisoned by an assassin, is believed by many to have been ordered directly by the North Korean leader.

The stolen dollars of Bangladesh Bank have been smuggled through the Philippines, along with many information about Macao’s contacts there. Several of those who whitewashed the stolen money while sitting at the gambling table at Solaire Casino were from Macau. Among the companies whose private rooms were booked in the casino, there are at least two Macau-based companies.

Investigators believe that most of the stolen money was brought to this small territory in China, then taken to North Korea.

North Korea looks like a black hole in the image taken by NASA’s space camera at night, because most of the country does not have electricity, which is exactly the opposite of South Korea. South Korea lights up all day and all night.

According to the CIA, North Korea is among the 12 poorest countries in the world, with a per capita income of $1,700 a year, lower than that of Sierra Leone and Afghanistan.

But it turns out that North Korea has given birth to the world’s most courageous and brilliant hacker.

Looking at the ruling Kim family of North Korea in 1948, one can understand why they began to build elite cyber-warfare units.

Although its founder, Kim Il-sung, officially called the Democratic People’s Republic of Korea (DPRK), the country’s political ideology is socialism, in reality it operates like a monarchy.

His son, Kim Jong-il, has relied on the military as his power center, provoking the United States with ballistic missiles and nuclear weapons. According to US authorities, the ruling machine has resorted to illegal methods to carry out these programs, including extremely subtle super dollar fraud.

Kim Jong-il also incorporated cyber technology into the country’s strategy. The Korea Computer Center was established in 1990. It is located at the center of the country’s information technology activities. 

In 2010, when Kim Jong-un, the third son of Kim Jong-il, began to be recognized as the successor to power, the ruling machine began to introduce their future leader as a champion of science and technology. The goal of the campaign was to gain the loyalty of a new generation of young men and to inspire them with new tools to act as warriors.

“After coming to power in 2011, the younger Kim described nuclear weapons as a” “precious sword,” “but he also needed funds to continue the program.” But after the first test of a nuclear weapon and the test of a long-range missile in 2006, the United Nations Security Council imposed tough sanctions, making it even more difficult for him.

U.S. officials believe cyber hacking is one of the ways to solve the funding problem.

But even with science and technology, North Koreans do not have direct access to the world’s internet. Because then the people of the country will see what the world outside the borders of their country is really like and will get a whole different kind of information about their government beyond the official statements.

As a result, the regime sends most of its talented computer programmers abroad, especially to China, to train cyber warriors.

There they learn how the world uses computers and the Internet for shopping, gambling, networking, and entertainment. Experts say that’s where they turn from maths geniuses into hackers.

It is believed that a large proportion of these young people live and work in North Korean-run centers inside China.

“They’re very good at covering their footprints, but sometimes, like any other criminal, they leave some imprint or evidence behind,” says former FBI Korea chief Kyung-Jin Kim, who now works as a private investigator in Seoul. “We can identify their IP address and track their location. “

The impression leads investigators to a modest hotel in Shenyang, in China’s northeast, with a pair of stone tigers carved in front of it. It is a traditional symbol of Korea. The hotel is named after Chilbosan, a well-known mountain area in North Korea.

Photos posted on the hotel review website Agoda show Korean architecture, colorful beds, North Korean cuisine, with waitresses singing and dancing for their customers.

It’s a very familiar place to detectives, says Kyung-Jin Kim. They suspect that North Korean hackers conducted their activities while sitting in Chilbosan, revealing themselves to the world for the first time in 2014.

In Dalian, another Chinese city where Park Jin-hyok is believed to have lived for nearly a decade, there is a community of computer programmers who live and work there in the style of North Koreans, says Hyun-seung Lee, who fled Korea.

Lee was born and raised in Pyongyang but lived for many years in Dalian, where his father did business for the North Korean government and had many contacts. In 2014, the family changed. At the time he lived there, more than 500 North Koreans lived in the port city next to the Yolo Sea. 

At least 60 of them are computer programmers – mostly young people. Lee says when North Koreans gather for national holidays, such as Kim Il-sung’s birthday – one invites Lee to their place of stay. There, Lee found at least 20 young people in one place. There were four to six people in each room. They have made the front living room like an office, where there are many computers.

They showed Lee what they were doing – selling mobile phone games to brokers in South Korea and Japan, earning them a million dollars a year.

Although North Korean security officials monitor them, these young people live relatively independent lives.

“Although there are restrictions, they have a lot of freedom compared to North Korea, they have access to the internet and they can watch some movies,” Lee said.

After eight years in Dalian, Park Jin-hyok is believed to have been eager to return to Pyongyang. In 2011, the FBI found an e-mail from Arripe, in which he mentioned his interest in marriage to his girlfriend. But he’ll have to wait a few more years to do that.

The FBI says his superiors had another mission planned for him. A cyber attack on the world’s biggest entertainment companies – such as Sony Pictures Entertainment in Hollywood, California.

In 2013, Sony Pictures announced that their new film, starring Seth Rogen and Jaime Franco, would be filmed in North Korea.

Franco plays the role of a talk show host in the film. Rose is the producer. They will go to North Korea to interview Kim Jong-un and the CIA will convince them to kill Kim Jong-un. 

In May 2017, an outbreak of WannaCry ransomware, such as WorldFire and Scrambling Victims Files, hit the Internet, causing many to pay thousands of dollars in ransom using Bitcoin to get their data back.

The UK’s National Health Service was heavily damaged in the attack, as was the Accident and Emergency Department. Emergency cancer appointments need to be rescheduled.

Investigators from the UK’s National Crime Agency, working in partnership with the FBI, analysed the code and found similarities between Bangladesh Bank, Sony Pictures and the virus that caused the attack. The FBI then filed charges against Park Jin-hyeok.

If the FBI’s allegations are correct, it should be understood that North Korea’s cyber army has now started accepting cryptocurrencies. This is an important development for them, because this new technology of currency is used to bypass the traditional banking system. As a result, hackers may no longer be able to do their work without paying middlemen or brokers. 

WannaCry is just the beginning. Technology experts have blamed North Korea for a number of cryptocurrency attacks in the past year. They say North Korean hackers are targeting places where cryptocurrencies such as Bitcoin are converted into currency. Some believe that they have stolen more than two billion dollars from these exchanges.

Such complaints are being reported. In February, the U.S. Justice Department alleged that the Lazarus Group operated from Canada to Nigeria, committing crimes such as computer hacking, global money laundering, and virtual currency theft.

If these allegations are true, then it should be understood that many people have underestimated North Korea’s technical skills and their dangerousness. 

At the same time, their power is sending a message of danger to our increasingly connected world. “Our fragility – what security analysts call an” “imperfect threat” “- this widespread use of power by a small group represents a bigger threat to us than their size.”

Investigators are trying to figure out how a small, impoverished country is silently tapping into rich and powerful bank accounts and email boxes thousands of miles away. This access threatens the economic and professional life of their victims, as well as their honor.

It’s a new battleground for the world. This fight is against a shadowy evil alliance of crime, espionage and abuse of state power, which is expanding rapidly.

Geoff White is the author of Crime.com: From Viruses to Vote Rigging, How Hacking Went Global. John H. Lee opened the first bureau of the Associated Press in Pyongyang. He is now a senior fellow at the Wilson Center in Washington, DC. )

  1. Political implications

    • Leave a Reply

    Your email address will not be published. Required fields are marked *

    Related News

    en_USEnglish
    en_USEnglish