Hacker group Lazarus
Billions looted for North Korea: a tiny detail blew up the biggest bank robbery ever
North Korean leader Kim Jong-un – here at a missile test-is to improve the treasury with online raids
© – /KCNA via KNS / dpa
They are considered the most successful bank robbers in the world: North Korea’s hacker group Lazarus is as ruthless as it is notorious. And almost made billions in loot on a single raid. But the perfect plan failed due to a small coincidence.
At least since they took over the entire system of the film giant Sony Pictures, North Korea’s hackers have been known to the world. At that time, it was still about principle: because dictator Kim Jong-un did not fare well in the comedy “The Interview”, unreleased cinema films, including Brad Pit, were put on the Net. Since then, the hackers have become the country’s main source of income. A report now shows how this was achieved – and how a tiny detail caused the biggest bank robbery of all time to fail.
In the beginning there was a broken printer in the Bank of Bangladesh, reports the “BBC”. When it suddenly failed on a Friday in February 2016, the employees did not think much at first. “We thought it was one of those problems, as it happens every day,” Manager Zubair Bin Huda told police afterwards. Then he knew what he had not suspected at that moment: That the defective printer had been part of the biggest robbery attempt of all time.
Billions-robbery
While the printer was down, the hackers transferred almost all of the Bank of Bangladesh’s cash reserves in 35 transactions to an account at the Federal Reserve Bank in New York, or Fed for short. 951 Million Dollars should change hands. For this, the attackers had successfully pretended to be employees in the bank’s systems, who made quite normal transfers.
The printer plays a central role here: The paper proofs for millions of transfers are printed out via the device, which is located in a high-security room of the Central Bank of Bangladesh. Exactly those were left out, while in the background the accounts were looted. When the printer was discovered to be defective that Friday morning, the attack had long been underway. The timing was cleverly chosen: When the hackers began to empty the bank’s accounts on Thursday evening, it was still morning in New York, so the bank there had plenty of time to carry out the order, but urgent inquiries to Bangladesh remained unanswered because of the time difference.
Discovery delayed
But the hackers had planned even more cleverly: When the defective printer was discovered on Friday, the weekend had already begun in Muslim Bangladesh. When the bank’s printer was repaired on Saturday, the irritated requests suddenly bubbled out of the United States. However, it was again not possible to answer them – because New York had now gone into the weekend. “That was the great elegance of the attack, “explains security expert Rakesh Asthana at the”BBC”. “They were able to delay the discovery by three days.”Once cleared from the account, the money should be shoveled into accounts in the Philippine capital Manila. There, on the Monday after the attack, the Chinese New Year began – a nationwide holiday.
The rest of the hack had also been planned in similar detail. More than a year earlier, a contaminated e-mail had opened the first access to the bank, the FBI later found out. Gradually, the attackers opened accesses in the network, took control. And began to take care of the important part: the withdrawal of money. Using fake IDs, they created four accounts at a bank on Jupiter Street in Manila. And waited for the perfect moment.
Failed by chance
That the great raid failed was due to a hard-to-believe coincidence: “The transactions were stopped by the Fed because they contained the word Jupiter,” explained US politician Carolyn Maloney. The hardly predictable reason: a ship of the sanctioned Iranian regime bears the same name as the street in which the apparently randomly chosen bank stands. By the name of the ship, the automatic transfer was interrupted, a manual check was ordered – and the huge robbery came to light.
The hackers were not entirely unsuccessful: 101 million dollars had already been transferred when the alarm bells began to ring. Of these, however, 20 million were booked back: Because the name of the recipient had been misspelled. A few years ago, this was falsely reported as the reason for the entire demolition. In the end, the Lazarus hackers were able to get away with 81 million dollars.
So far, this has had no consequences for them. Although a North Korean citizen was accused as the mastermind behind the attack, because he is in his home country, he probably does not have to fear extradition. And Kim Jong-un is likely to continue pouring money into the state coffers.
Source: BBC
Read also:
Bitcoin and iTunes coupons: How North Korean hackers launder their millions of loot
“Hidden Cobra”: FBI blows to attack North Korea’s hackers-and breaks new ground
Propaganda instead of ” House of Cards: North Korea now has its own Netflix
US authority warns: These three hacker groups make Kim Jong-un rich
A dream for hackers? At Putin still runs Windows XP
