In 2016, a group of state-sponsored North Korean hackers almost stole a billion dollars from Bangladesh’s national bank. Fortunately, most of the money wasn’t able to make its way back to North Korea. Here’s how a couple of oversights and sheer coincidences thwarted what would have been one of the biggest electronic heists in history.
Jun 30, 2021 · 4 min read
A heist of this size required a year of careful planning and preparation. North Korean hackers had to infiltrate the bank systems without detection, work their way through the bank’s computers one by one until they reached the digital vaults, figure out an escape route for the money, and finally clean it to make it untraceable for the relevant authorities.
The hackers dubbed themselves the Lazarus Group, and prepared to make history.
This complex string of events started with a simple email sent by Rasel Ahlam, a Bangladeshi man looking for a job at the bank. However, Rasel Ahlam didn't exist. He was just an alias created by the Lazarus Group to get a foothold in the bank’s systems.
Only a fraction of the money requested was transferred, with five transactions approved by the Federal Reserve on Friday morning, February 5. But why were the other 30 rejected? Luckily, it was due to America’s ever-pervasive and extensive security measures.
The RSBC bank is located on Jupiter Street in Manila. Jupiter also just so happened to be the name of an Iranian shipping vessel, thus immediately flagging the name “Jupiter” as suspicious. Once the connection was made, the Federal Reserve instantly placed a halt on most of the transactions.
$20 million of the stolen cash was sent to a Sri Lankan charity to channel it to other accounts. However, a simple spelling error raised suspicions, and the transaction was reversed very quickly.
The rest of the $81 million was laundered through two of the Philippines' premier casinos, “The Solaire” and “The Midas”, over several weeks. At the time, there were no money-laundering regulations for Filipino casinos, so all money siphoned through the casino may as well have been from legitimate sources.
This was done through the careful application of socially engineered scenarios. Masquerading as a humble job seeker with an innocently worded email could automatically put some readers at ease. “This person sounds harmless enough. Let’s have a look at what they’ve got to offer.”
Every cybersecurity expert in the world would tell you not to open any links provided from an email address you aren’t familiar with. The bogus emails from Rasel Ahlem were sent to several workers, and all it took was one of them to click the link.
By dressing malware up in a package of nice words and familiarity, it’s a lot easier to trick people into clicking something they shouldn’t. Why spend time, effort, and resources breaking into a computer when a hacker could manipulate the victim into doing it themselves? That’s the danger of socially engineered hacking campaigns.
Staying safe online isn’t just about having the best VPN on the market or the strength of your firewall and antivirus. You now have to be aware of common tricks and techniques that cybercriminals will employ to sneak into your network.
This whole heist, which took a year of meticulous research and planning, was triggered by one person clicking a link and downloading a file. Had the workers of Bangladesh Bank been updated with basic cybersecurity information, the heist would have been foiled instantly.
Knowledge is the best tool against these kinds of attacks. Remind yourself daily not to click on any suspicious emails — send them straight to the trash. Familiarize yourself with this helpful guide on the most common techniques used by hackers in 2021.