We all have heard about the great Spanish web series ‘Money Heist’, where it takes the entire law enforcement agency to capture the criminal mastermind ‘The Professor’. The professor raids the Bank of Spain and Royal Mint of Spain, but the setting is a little old. The drama series received global accolades and awards for phenomenal portrayal, direction, narration and creativity. Everyone in this world likes free money where with just a click of a button, millions of dollars are deposited in our bank account; hackers are a species of human beings that go to lengths to acquire easy money.
What if the money heist is actual, it happened in 2016, and the details of the intricate robbery are released in 2021? This is exactly what happened in Bangladesh when hackers from North Korea stole $81 million from a bank in Bangladesh in 2016. But the hackers will not receive any accolades; instead, they will spend the rest of their lives in hiding. The robbery is known as Bangladesh bank robbery, where hackers have navigated the global banking systems, used administrative loopholes to put motion to a well-planned theft of millions of dollars. This feels like a Mission Impossible movie where the great Ethan Hunt enters into a well-guarded fortress with super cool gadgets and courage to retrieve money or classified information. As history is our witness, this is the biggest cyberheist in the world.
Let’s have a closer look at how this sophisticated high-tech robbery happened –
An investigation report by BBC this week revealed the details of the robbery of 2016; according to the news, the hackers are of North Korean origin. According to the report, the attack happened between 4 to 7 February 2016. The hackers new administration and its schedule because the timing was carefully chosen to take advantage of the different time zone of Dhaka and New York City. It was also the weekend on the date of the heist.
The instrument of theft was a false SWIFT payment order of US$951 million, which was the total money the bank had. To show that they are bankers the hackers used Federal reserve bank account of New York and successfully stole $81 million. The stolen money was later transferred into accounts at a Philippines based banking cooperation named the Rizal banking commercial cooperation.
How did the hackers infiltrate the band system?
The hocrux of the robbery was an ordinary printer located in a highly secure room on the 10th floor of headquarter building of bank in Dhaka. As in every suspense thriller movie, the printer was malfunctioning that day; things get more interesting as the report unwinds! It was used to print transaction records that were worth millions of dollars – there goes the whistleblower.
Just like cliché scene of any crime movie the bank staff assumed that the printer was broken, which was a common occurrence and hence didn’t bother with it. But the broken and printer was the first indication that hackers had infiltrated the building, as reported by the BBC report. When the printer was rebooted all hell broke loose – it printed urgent messages from Federal Reserve bank of New York, where Bangladesh has a US dollar account. The printed statements showed that the federal bank had received instructions from the Bangladesh bank to train their entire account which had around $1 billion in it – touché!
When a threat is registered, standard operating procedure of any human brain directs a flurry of activities like yelling, screaming, running, hitting or in this case contacting the Federal Reserve Bank in New York – which they couldn’t get through that day. They couldn’t connect to the bank because of the timing set by the hackers. The robbery took place at 8 o’clock on February 4 in Bangladesh; at that time it was dawn in New York- everyone was asleep. The next day on February 5, it was Friday working day in New York but it was the weekend in Bangladesh. By the time hacking was confirmed in Bangladesh it was weekend in New York.
Things do get interesting as the report proceeds!
That particular weekend was also the start of Lunar New Year in east and south-east Asia, so very conveniently, the money could be transferred to banks in Manila, Philippines. It was a national holiday there and no one bothered to notice such a significant transaction. By using different time zones, cultures and holidays of Bangladesh, America and Philippines the hackers routed their money and almost got away with it.
How did they manage to get access to the Horcrux- printer?
The report by BBC uncovered this feat – the hackers planned this robbery a year in advance! They had plenty of time to observe the bank, its administrative staff, timing, cleaning schedules, maintenance and repairing schedule et cetera. The group of hackers known as Lazarus group had lurked inside Bangladesh bank’s computer system for a year.
This all started with an innocent and unimportant email sent to Bangladesh bank employees in January 2015. The Trojan horse (email) was sent by Rashel Ahlam who was looking for jobs. The email politely asked the employee to download his CV and cover letter from a website- again cliché. In reality Ahlam did not exist and it was just a cover used by the Lazarus group to infiltrate the bank- fake identity are ubiquitous covers used in movies.
Every suspense thriller movie has one curious soul who cannot contain his interest in unimportant stuff and lets the killer lose. There is one employee according to the report which fell for the trick and download that the CV, thereby infecting the entire system with virus planted by the Lazarus group. The group was then hopping between computers and servers secretly choreographing their way inside the digital vaults which contained big money. It took an entire year for the hackers to rob the bank because they had to remove the money not to be retrieved.
Every criminal leaves clue on his way when he leaves the crime scene, so did the hackers – while rewiring the money they made fundamental errors like spelling mistakes- spelling the conduit’s name wrong foundation was spelt fundation, leaving clues like Jupiter street, which helped authorities trace the Manila banks – all these mistakes cost them a lot of money. The hackers were only able to run away with $81 million as opposed to $101 million.
Money laundering is a way to put off traceability, best way to do it is via casinos. Casinos of Manila were used to convert the stolen $16 million into hard white cash, recovered from a man. Later the agencies discovered that gambling centres of Macau were used to rewire the remaining $34 million to North Korea. That is how the authorities found out that the hackers are from the China-North Korea border region. They exhibited a similar pattern of cybercrimes and another cyberheistaccording to reports of the US authorities.
Who is the accused?
The FBI filed a case against Park Jin Hyok, a North Korean citizen for helping and conspiring the cyber attack which resulted in massive amounts of damaged hardware, resources, loss of data and money around the world. Park who is a piece of work- was also accused of working for the North Korean government, using his computer skills to develop a malware which was used in 2017 Wannacry 2.0 global ransomware attack, theft of $81 million of 2016, The 2014 attack on Sony pictures entertainment. Apart from these high-profile attacks he is also accused of intruding on entertainment, financial services, defence technology, virtual currency, electric utilities et cetera.