🔑 Key Takeaways
- Cybersecurity measures are critical for national banks, as hackers can gain access through phishing emails and steal vast sums of money with their hacking skills.
- Even the most secure systems can be vulnerable to social engineering attacks. It's crucial to train users to be vigilant and prevent cyber criminals from gathering valuable information that can be used against them.
- A well-planned and executed hacking technique can go undetected even with the most secure systems. Human error can raise alarms and help prevent further loss.
- Proper security measures should be implemented and regularly updated to prevent cyber attacks, with insider threat monitoring and swift response systems in place to limit damage.
- Hackers used the controllable environment of branded casino chips to launder stolen money through junkets while playing Baccarat, a game with a high chance of getting their money back.
- North Korea's government is involved in large-scale bank robberies and has been using casinos for money laundering, posing a serious threat to international financial security. The US is taking legal action against those involved in cyberattacks.
- North Korean government-supported individuals were behind major cyber-crimes, including the Sony hack and Bangladeshi bank heist. Publication of free speech messages is urged to send a message against censorship.
- Properly trained and educated employees are essential in preventing cyber threats and attacks. Governments are also involved in cybercrime operations, highlighting the need for increased cybersecurity measures and constant vigilance.
📝 Podcast Summary
Hackers Attempt Billion-Dollar Bank Robbery Through Phishing Emails
A group of hackers attempted a billion-dollar bank robbery by hacking into the Bangladesh Bank's network and transferring out money. They gained access to the network by phishing emails, infecting at least one computer. The hackers aimed for the Bangladesh Bank because it was a national bank with large amounts of money and relatively weak security compared to developed countries' national banks. The hackers were not interested in using weapons or violence to rob the bank; they used their hacking skills to steal the money. While smaller-scale bank robberies for a few hundred or thousand dollars may be common, robbing a national bank for a billion dollars required more resources and skill.
Hackers use social engineering to steal billions from Bangladesh Bank through SWIFT
Hackers used SWIFT, a secure banking network used for international bank transfers, to steal a billion dollars from Bangladesh Bank in New York. Instead of hacking into the SWIFT system, they got to the human users who interacted with the SWIFT terminal. They watched how users interacted with it and learned how to impersonate them to make real transaction requests. Hackers were familiar with the SWIFT bank system and had all their moves planned in advance. They obtained bank transfer records and used them to learn what a typical large transfer would look like. Finally, they decided to break up the theft into many smaller transfers, instead of making one giant transfer to avoid raising flags.
The Intricate Hack that Stole Millions from Bangladesh Bank's Account
The hackers used a well-planned money laundering technique and took advantage of time zones and holidays to steal 951 million dollars from the Bangladesh Bank's account in the New York Federal Reserve Bank. They executed a successful spear-phishing operation, infiltrating the bank's computer network and impersonating Bangladesh Bank's credentials on SWIFT. On Thursday, February 4th, 2016, the hackers accessed the SWIFT terminal and transferred the money to thirty-six bank accounts around the world. They played three time zones to their advantage, ensuring bank workers in Bangladesh would not be around to notice any suspicious activity. A human error caused the transfer of twenty million dollars to the wrong account, raising alarms.
Hackers Steal Millions from Bangladesh Bank
Hackers exploited a vulnerability in Bangladesh Bank's security system and successfully transferred $81 million into their accounts in the Philippines. They were able to bypass safeguards such as the SWIFT printer by hacking it to print blank pages of transaction records. Additionally, the transfers occurred during Chinese New Year when RCBC Bank was closed, and there are allegations that there was an insider involved. The New York Federal Reserve was alerted to the suspicious transactions but was unable to get through to Bangladesh Bank due to the weekend. Multiple intermediary banks were involved in the transactions, causing delays in trying to stop them. Only four out of the 36 attempted transactions were successful, but the hackers still managed to steal a significant amount of money.
Hackers laundered stolen money by gambling in private casino rooms.
The hackers laundered $50 million of the stolen money from the Bangladesh Bank heist by sending it directly to two casinos in the Philippines and gambling it in private rooms called junkets. The casino chips issued in junkets are branded and only work in that room, making it a controllable situation for money launderers. The hackers played Baccarat, a game with only two things to bet on, and with a 90 percent chance of getting their money back over a long period of time, making it a safe way to gamble without raising suspicion. The hackers needed to buy enough time to cash out without raising suspicion as everyone involved knew about the heist.
North Korea's Bank Robbery Scheme and The Use of Casinos for Laundering Money.
North Korean government, through its hacking arm Lazarus Group, has been responsible for several bank robberies, attempting to steal roughly 1.2 billion dollars but managing only $122 million till now. The 81-million-dollar bank heist from Bangladesh Bank was one of the largest bank robberies in history and North Korea has been using this stolen money as a major source of income due to international financial sanctions. Casinos in the Philippines were the means through which these hackers laundered money. Although the North Korean government has been involved in several cyberattacks, this is the first known instance of them robbing banks. The US Department of Justice announced criminal charges against a North Korean computer programmer for his involvement in several cyberattacks conducted by the North Korean government.
North Korea's Involvement in Cyber Crimes
The North Korean government was responsible for the cyber-attack targeting Sony Pictures and the cyber-heist of Bangladesh Bank, despite their attempts to cover their tracks and deny involvement. The evidence shows that the North Korean subjects, backed by their government, were responsible for these crimes. The Sony hack was related to a movie called The Interview, which showed a comedy of two people traveling to North Korea to interview Kim Jong Un. The hack resulted in the release of unreleased movies, scripts, e-mails, personal information and salaries. Although there was an indictment for the hacker's arrest, it is impossible to arrest him as he is in North Korea. The US government urges companies to publish free speech messages to send a message that censorship is not allowed.
The Human Factor in Cybersecurity
Humans are both the weakest and strongest link in cybersecurity. While the 81 million dollar theft from Bangladesh Bank was possible due to a human clicking on a phishing email, another human was able to stop the transfer of 900 million dollars, proving the importance of well-trained and educated employees. The involvement of governments like North Korea in cybercrime is concerning, and the fact that the hackers responsible for the Bangladesh Bank heist are still at large and continuing to attack banks worldwide shows the need for increased cybersecurity measures. Governments have the time and money to conduct cybercrime operations, making it a whole new ball game. Cybersecurity is crucial, and constant vigilance is necessary to prevent future attacks.