Bank Thefts Show North Korea’s Hacking Prowess

Pyongyang’s hackers may have tried to steal $1 billion from a Bangladeshi bank.

GettyImages-533939428crop
GettyImages-533939428crop

North Korean hackers have taken down banking services, attacked U.S. government websites, and wiped the computers of Sony Pictures. Now, they may have carried out an operation that is unprecedented in the history of state-sponsored hacking: trying to steal $1 billion.

If confirmed, the attack would represent a significant escalation in Pyongyang’s hacking ability and cement its position as a fairly sophisticated -- and highly daring -- actor in cyberspace.

In February, hackers attempted to make off with $1 billion from Bangladesh’s central bank, but the transfer was stopped by suspicious bankers in New York. The thieves nonetheless pocketed $81 million. According to an analysis by antivirus giant Symantec, the attempted heist featured a piece of code associated with a series of audacious hacks believed to have been carried out by North Korea.

North Korean hackers have taken down banking services, attacked U.S. government websites, and wiped the computers of Sony Pictures. Now, they may have carried out an operation that is unprecedented in the history of state-sponsored hacking: trying to steal $1 billion.

If confirmed, the attack would represent a significant escalation in Pyongyang’s hacking ability and cement its position as a fairly sophisticated — and highly daring — actor in cyberspace.

In February, hackers attempted to make off with $1 billion from Bangladesh’s central bank, but the transfer was stopped by suspicious bankers in New York. The thieves nonetheless pocketed $81 million. According to an analysis by antivirus giant Symantec, the attempted heist featured a piece of code associated with a series of audacious hacks believed to have been carried out by North Korea.

When hackers attacked South Korean banks in 2013 and Sony in 2014, they used what Eric Chien, the director of security response at Symantec, described as a highly distinctive piece of software used to delete data. That piece of software has now been discovered in the code used to execute the theft targeting the Bangladeshi central bank, as well as earlier attacks on banks in the Philippines and Vietnam. Security company BAE Systems has also found similarities in the wiping tool used in Bangladesh and against Sony.

“They’re showing skills that we haven’t seen before,” Chien said of the North Korean hackers.

The attack on the Bangladeshi bank managed to breach the highly protected Swift network, which more than 11,000 banks and financial institutions use to handle enormous sums of money on a daily basis — and which had previously been thought to be fairly secure.

That has raised fears about more pervasive vulnerabilities in a system that according to one estimate directs banks to pay out as much $5 trillion daily.

While North Korea is thought to have carried out a series of high-profile Internet crimes, the alleged foray into digital bank robbery would break new ground for Pyongyang. “If this was planned and executed by North Korea, this means a significant shift in their thinking,” said Jenny Jun, one of the authors of a Center for Strategic and International Studies report on North Korean cyber-capabilities. “They are basically using it as a separate source for generating revenue, which may come as a result of increased sanctions.”

Following nuclear and missile tests, the international community has ratcheted up sanctions on Pyongyang, placing further strain on the impoverished country’s tiny economy. The North Korean economy is estimated to be about $40 billion. Had the hackers succeeded in stealing $1 billion from Bangladesh’s central bank, they would have grown the economy by 2.5 percent.

But Jun is skeptical of the evidence marshaled by Symantec. Jun called the presence of the wiping tool associated with North Korea a “red flag” that the country may have been involved in the bank heist. But the evidence presented by the antivirus company doesn’t definitively prove Pyongyang’s responsibility.

She notes that investigators and researchers have so far not made public the command and control servers that were used to carry out the heist. They have also not determined where the stolen $81 million ended up.

Following that money trail will require resources that go beyond breaking down the code used and shows the limit.

Chien acknowledged in an interview with Foreign Policy that his determination that North Korean hackers were responsible for the attack hinges upon whether you believe statements by the National Security Agency and the FBI that North Korea was behind the Sony attack.

And on Friday, the U.S. government remained mum on who it believes was responsible for the attack on the banking system. A White House official speaking on the condition of anonymity told FP that Washington had not determined who was behind the attack. The NSA did not answer questions about the hack. The Office of the Director of National Intelligence — the coordinating body for the intelligence community — declined to comment.

Photo credit: KNS/AFP/Getty Images

Twitter: @EliasGroll

More from Foreign Policy

Russian President Vladimir Putin chairs a commission on military-technical cooperation with foreign states in 2017.
Russian President Vladimir Putin chairs a commission on military-technical cooperation with foreign states in 2017.

What’s the Harm in Talking to Russia? A Lot, Actually.

Diplomacy is neither intrinsically moral nor always strategically wise.

Officers with the Security Service of Ukraine (SBU) wait outside an apartment in Kharkiv oblast, Ukraine.
Officers with the Security Service of Ukraine (SBU) wait outside an apartment in Kharkiv oblast, Ukraine.

Ukraine Has a Secret Resistance Operating Behind Russian Lines

Modern-day Ukrainian partisans are quietly working to undermine the occupation.

German Chancellor Olaf Scholz and French President Emmanuel Macron wave as they visit the landmark Brandenburg Gate illuminated in the colors of the Ukrainian flag in Berlin on May 9, 2022.
German Chancellor Olaf Scholz and French President Emmanuel Macron wave as they visit the landmark Brandenburg Gate illuminated in the colors of the Ukrainian flag in Berlin on May 9, 2022.

The Franco-German Motor Is on Fire

The war in Ukraine has turned Europe’s most powerful countries against each other like hardly ever before.

U.S. President Joe Biden holds a semiconductor during his remarks before signing an executive order on the economy in the State Dining Room of the White House in Washington, D.C.
U.S. President Joe Biden holds a semiconductor during his remarks before signing an executive order on the economy in the State Dining Room of the White House in Washington, D.C.

How the U.S.-Chinese Technology War Is Changing the World

Washington’s crackdown on technology access is creating a new kind of global conflict.