Federal investigators are looking at whether the $81 million stolen from a Bangladesh central bank account at the Federal Reserve Bank of New York last year has links to North Korea.
This is due to similarities in the code used in the online heist and in an earlier breach of Sony Pictures, according to two insiders quoted by Bloomberg and who asked to remain unidentified since the matter has not gone public.
The theft, deemed one of the biggest bank heists in recent history, appears to have some hacking tools shared with those in the 2014 attack against Sony Pictures, the maker of the film “The Interview.” The movie centered on North Korean leader Kim Jong-un.
The Federal Bureau of Investigation (FBI) tied the Sony attack to North Korea, and was followed by an outage of the Asian country’s internet that a U.S. lawmaker considered a retaliatory act.
Where Does North Korea Come In?
The Wall Street Journal earlier reported the potential relationship to North Korea of the Bangladesh theft.
National Security Agency Deputy Director Richard Ledgett said in a Tuesday discussion that the Sony hack was rightfully tied to the North Korean government, and private investigators traced the malware used in the attack to that used in the Bangladesh theft.
"If that attribution is true, if that linkage from Sony actors to Bangladeshi bank actors is accurate,” said Ledgett. “That means a nation state is robbing banks.”
In response to the moderator’s question, Ledgett said he believes there are now nation-states robbing banks, although he did not point to any evidence already collected.
North Korean capital Pyongyang is facing elevated sanctions from the United Nations, which has also started examining North Korean front companies in China that let it secure foreign currency.
Bangladesh Heist Revisited
In March 2016, hackers siphoned $81 million from the New York Fed account of the Central Bank of Bangladesh, where instructions for making the payment were considered authenticated by the widely used SWIFT message system.
Fake SWIFT messages tricked the New York Fed into wiring the money to hacker-maintained accounts resting in the Philippines. The system was eventually able to stop $850 million more in attempted transfer.
According to experts, the lack of appropriate security allowed the hackers to penetrate the bank’s systems and launch money transfers. They pointed to the lack of firewall, as well as second-hand $10 routers on the bank’s computers connected to the global payment network.
In the wake of the incident, probes on potential computer breaches expanded to as many as 12 banks linked to Swift’s network, finding similar irregularities. There were telltale signs of infiltration seen in banks such as the Philippines and New Zealand.
SWIFT, which stands for Society for Worldwide Interbank Financial Telecommunication, is a Brussels-based interbank cooperative. It urged financial institutions to bolster their security, and while many cases may turn out to be false positives or not connected to SWIFT messages at all, it may be a key to put security reviews in place.
This incident, now one of the biggest cybercrimes the world has seen, highlighted vulnerabilities in the payment network within the global financial system, and led to more rigorous security measures and guidelines from central banks worldwide.