Bank Thefts Show North Korea’s Hacking Prowess

Pyongyang’s hackers may have tried to steal $1 billion from a Bangladeshi bank.

GettyImages-533939428crop
GettyImages-533939428crop

North Korean hackers have taken down banking services, attacked U.S. government websites, and wiped the computers of Sony Pictures. Now, they may have carried out an operation that is unprecedented in the history of state-sponsored hacking: trying to steal $1 billion.

If confirmed, the attack would represent a significant escalation in Pyongyang’s hacking ability and cement its position as a fairly sophisticated -- and highly daring -- actor in cyberspace.

In February, hackers attempted to make off with $1 billion from Bangladesh’s central bank, but the transfer was stopped by suspicious bankers in New York. The thieves nonetheless pocketed $81 million. According to an analysis by antivirus giant Symantec, the attempted heist featured a piece of code associated with a series of audacious hacks believed to have been carried out by North Korea.

North Korean hackers have taken down banking services, attacked U.S. government websites, and wiped the computers of Sony Pictures. Now, they may have carried out an operation that is unprecedented in the history of state-sponsored hacking: trying to steal $1 billion.

If confirmed, the attack would represent a significant escalation in Pyongyang’s hacking ability and cement its position as a fairly sophisticated — and highly daring — actor in cyberspace.

In February, hackers attempted to make off with $1 billion from Bangladesh’s central bank, but the transfer was stopped by suspicious bankers in New York. The thieves nonetheless pocketed $81 million. According to an analysis by antivirus giant Symantec, the attempted heist featured a piece of code associated with a series of audacious hacks believed to have been carried out by North Korea.

When hackers attacked South Korean banks in 2013 and Sony in 2014, they used what Eric Chien, the director of security response at Symantec, described as a highly distinctive piece of software used to delete data. That piece of software has now been discovered in the code used to execute the theft targeting the Bangladeshi central bank, as well as earlier attacks on banks in the Philippines and Vietnam. Security company BAE Systems has also found similarities in the wiping tool used in Bangladesh and against Sony.

“They’re showing skills that we haven’t seen before,” Chien said of the North Korean hackers.

The attack on the Bangladeshi bank managed to breach the highly protected Swift network, which more than 11,000 banks and financial institutions use to handle enormous sums of money on a daily basis — and which had previously been thought to be fairly secure.

That has raised fears about more pervasive vulnerabilities in a system that according to one estimate directs banks to pay out as much $5 trillion daily.

While North Korea is thought to have carried out a series of high-profile Internet crimes, the alleged foray into digital bank robbery would break new ground for Pyongyang. “If this was planned and executed by North Korea, this means a significant shift in their thinking,” said Jenny Jun, one of the authors of a Center for Strategic and International Studies report on North Korean cyber-capabilities. “They are basically using it as a separate source for generating revenue, which may come as a result of increased sanctions.”

Following nuclear and missile tests, the international community has ratcheted up sanctions on Pyongyang, placing further strain on the impoverished country’s tiny economy. The North Korean economy is estimated to be about $40 billion. Had the hackers succeeded in stealing $1 billion from Bangladesh’s central bank, they would have grown the economy by 2.5 percent.

But Jun is skeptical of the evidence marshaled by Symantec. Jun called the presence of the wiping tool associated with North Korea a “red flag” that the country may have been involved in the bank heist. But the evidence presented by the antivirus company doesn’t definitively prove Pyongyang’s responsibility.

She notes that investigators and researchers have so far not made public the command and control servers that were used to carry out the heist. They have also not determined where the stolen $81 million ended up.

Following that money trail will require resources that go beyond breaking down the code used and shows the limit.

Chien acknowledged in an interview with Foreign Policy that his determination that North Korean hackers were responsible for the attack hinges upon whether you believe statements by the National Security Agency and the FBI that North Korea was behind the Sony attack.

And on Friday, the U.S. government remained mum on who it believes was responsible for the attack on the banking system. A White House official speaking on the condition of anonymity told FP that Washington had not determined who was behind the attack. The NSA did not answer questions about the hack. The Office of the Director of National Intelligence — the coordinating body for the intelligence community — declined to comment.

Photo credit: KNS/AFP/Getty Images

See Also: Is It Time for the U.S. to Issue a Digital Dollar?

 Twitter: @EliasGroll

More from Foreign Policy

Soldiers of the P18 Gotland Regiment of the Swedish Army camouflage an armoured vehicle during a field exercise near Visby on the Swedish island of Gotland on May 17.
Soldiers of the P18 Gotland Regiment of the Swedish Army camouflage an armoured vehicle during a field exercise near Visby on the Swedish island of Gotland on May 17.

What Are Sweden and Finland Thinking?

European leaders have reassessed Russia’s intentions and are balancing against the threat that Putin poses to the territorial status quo. 

Ukrainian infantry take part in a training exercise with tanks near Dnipropetrovsk oblast, Ukraine, less than 50 miles from the front lines, on May 9.
Ukrainian infantry take part in a training exercise with tanks near Dnipropetrovsk oblast, Ukraine, less than 50 miles from the front lines, on May 9.

The Window To Expel Russia From Ukraine Is Now

Russia is digging in across the southeast.

U.S. President Joe Biden and Secretary of State Antony Blinken participate in a virtual summit with the leaders of Quadrilateral Security Dialogue countries at the White House in Washington on March 12.
U.S. President Joe Biden and Secretary of State Antony Blinken participate in a virtual summit with the leaders of Quadrilateral Security Dialogue countries at the White House in Washington on March 12.

Why China Is Paranoid About the Quad

Beijing has long lived with U.S. alliances in Asia, but a realigned India would change the game.

Members of the National Defence Training Association of Finland attend a training.
Members of the National Defence Training Association of Finland attend a training.

Finns Show Up for Conscription. Russians Dodge It.

Two seemingly similar systems produce very different militaries.