It all started with a faulty printer. It would seem – a common breakdown, which thousands of people and companies around the world face every day. But it was not a simple printer: it was located in a closely guarded room at the headquarters of the Bangladeshi Central Bank.
When the clerks discovered that the printer was not working, they assumed that it was a common breakdown, which had happened before. But that was the start of huge problems for Bangladesh's central financial institution, a country where millions of people live in poverty.
In February 2016, it turned out that a broken printer was the first link in a massive hacker operation trying to carry out the most daring cyberattack in modern history, according to the BBC.
But why was it necessary to disable the printer? The fact is that it was an important link in the security system: all electronic transfers were duplicated on paper using this printer. The number and volume of transactions carried out over computer networks could always be compared with the backup data, which he automatically printed out.
The hackers took into account the time difference between the capital of Bangladesh, Dhaka and New York: the printer “broke” on Thursday late in the evening, when the working day in the United States had long ended. Friday and Saturday in Bangladesh are days off. On Sunday, they do not work in the New World.
It was the three-day delay in the investigation that the hackers were counting on. Moreover, they transferred the stolen money to one of the Philippine banks. And on Monday, February 8, 2016, the Lunar New Year fell, all of Southeast Asia was celebrating. As a result, for four whole days, even with a strong desire, few could stop them.
The printer was taken out of service on Thursday, February 4, 2016. Immediately after that, 35 instructions were sent to New York by hackers to write off $ 951 million from correspondent accounts of Bangladesh Bank. This was practically all the money that the Asian country had in the United States.
The theft was discovered relatively quickly, the next day. And the manager of the Bangladeshi bank was confident that the stolen money could be returned. That is why he decided to keep what happened a secret – both from the public and from the government.
But it soon became clear that it would not be possible to simply cancel the transfers made: money from the United States was redirected to the Philippines, and the local government announced that it would give it back only by court order. The story has become public knowledge.
Upon closer investigation, it became clear that the hackers had been waiting for their high point for a year, skillfully hiding their presence on Bangladesh Bank's computer networks. And it all started with a harmless letter sent in January 2015 to the email addresses of several employees of the institution. In this letter, a certain Russel Ahlam respectfully asked to consider his candidacy for one of the vacant positions, for which he offered to download and get acquainted with his resume.
Russell never existed. And the letter was a successful attempt to penetrate the bank's computer systems. At least one of the recipients clicked on the download link, and hackers began to penetrate from one bank computer to another, moving towards the main goal – a billion dollars.
The stolen money from Bangladesh had to be taken somewhere. To do this, on one of the busy streets of the center of the Philippine capital, in the branch of RCBC, one of the largest banks in this Asian country, four current accounts were opened.
The employees of the department could not really remember what kind of people opened them. The depositors' documents aroused no suspicion, only later it became clear that they were fake. New clients deposited $ 500 on each of their accounts and never touched that money again.
The choice of a bank branch became that annoying trifle that did not allow attackers to rob an entire nation. The branch was located on a street called Jupiter in Manila. This innocent proper name put hacker translations in the category of requiring additional verification. The fact is that the name of the ancient Roman god of thunder and lightning was also borne by one of the Iranian sea vessels that were at that time under American sanctions. And one mention of the word “Jupiter” was enough for the computer systems of the US Federal Reserve System (FRS) to suspect that something was wrong and temporarily froze transactions.
Only thanks to this, the bulk of the stolen money never reached the accounts of the attackers. Only five hacker-made transfers in the amount of $ 101 million overcame the obstacles of the US Federal Reserve.
The $ 20 million was to be credited to the Shalika Foundation, a Sri Lankan charity. But a Sri Lankan bank clerk found fault with a spelling mistake in the fund's transliteration, and the money was returned to America. But 81 million disappeared into dummy accounts in the Philippines, and the loss of this amount was a serious blow to the economy of Bangladesh, where one in five of its inhabitants lives below the poverty line.
The investigation showed that the traces of the hackers lead to North Korea.
It would seem, why should one suddenly suspect the DPRK – a country that in all aspects – technological, economic, cultural – is almost completely cut off from the whole world?
But the US FBI is confident that this is the work of the North Koreans, namely the Lazarus Group – a hacker group named after the biblical character who rose from the dead Lazarus.
The Americans do not know much about the composition of this group. Although the FBI does have one relatively detailed portrait. They suspect a certain Park Jin Hyuk, also known as Park Kwang Jin. He graduated from one of the best universities in the DPRK, worked for Chosun Expo in Dalian, China. This company specializes in the development of online games and writing software for online casinos.
The conviction of the investigators that the traces lead precisely to Pyongyang was, among other things, reinforced by the fact that the traces of the stolen $ 81 million, of course, led the investigators to Macau. It was in this Chinese enclave that North Korean officials were repeatedly caught selling top-quality $ 100 bills. It was in Macau that the half-brother of the incumbent North Korean leader Kim Jong-un, who was mortally poisoned in Malaysia, lived. It was in Macau, one of the world's casino capitals, that the cash withdrawn from the Manila bank at the gaming tables turned first into bets and then into legitimate winnings. The scheme of fake casino games allows (and detectives are well aware of this) to legalize funds obtained by criminal means at a ridiculously low percentage.
Some defectors who managed to escape from North Korea also tell about the Lazarus Group. From them it became known that high-class programmers working for the DPRK government are not only engaged in hacker attacks, but also produce various kinds of software products that are in high demand in neighboring China, primarily games.
In May 2017, computers around the world were attacked by the ransomware WannaCry. Hackers encrypted user files and demanded a ransom in bitcoins for decryption. Analysis of the program showed a striking similarity to the codes used by hackers who previously attacked the National Bank of Bangladesh. The FBI has added another to the list of charges it has leveled against Park Jin-hyek, highlighting the fact that the North Korean cyber army is betting on cryptocurrency, the path of which is almost impossible to trace.
Official Pyongyang denies these and other similar accusations. But in February of this year, the US Department of Justice indicted two more DPRK citizens who, according to the Americans, are members of the Lazarus Group and are associated with a huge money-laundering network stretching from Canada to Nigeria.
These accusations and other suspicions of cyber espionage and hacking of computer networks in Washington are very muffled, for some reason preferring to always accuse Russia of this kind of activity.
