North Korea almost robs $1 billion from Bangladesh Central Bank

I found this 14-minute YouTube documentary to be very interesting. It explains in detail how hackers created 35 fake bank transfers totaling $951 million U.S. The timing of the hack was exquisite: Bangladesh is Muslim so has a Friday Sabbath; the transfers were initiated Thursday evening, and weren’t noticed until bankers returned to work on Sunday. (A few extra hours were gained by the hackers’ disabling a printer.) The transfers were all routed via New York which was closed on Sunday, so frantic calls from Bangladesh went unanswered. And, just as astronomers may wait several years for the perfect eclipse to make an observation, the hackers had waited until a Monday (8 Feb 2016) that landed on … Chinese New Years! The New York Fed was unable to cancel the four transfers that had gone to Philippines on that holiday; so the hackers quickly transferred the funds from Philippines to Macau and presumably on to North Korea.

Nevertheless, most of the fraudulent transfers were unwound. Instead of getting $951 million, the hackers had to settle for a mere $81 million — still enough to be touted as one of the biggest heists ever. The Fed was able to recover as much as it did partly due to luck: The hackers used “Jupiter” as part of some of the account names, and that word was, coincidentally, flagged due to a different abuser.

The video concludes with substantial circumstantial evidence that the hack was directed from North Korea.

It’s not clear to me how they could conceivably have got away with as much as a billion dollars. The electronic transfers are essentially meaningless in themselves: they are just book entries. If all the banks concerned agree that the electronic transfers are fraudulent, the book entries vanish and the “stolen” money reverts to the original account in a puff of electrons. Before that happens, the crooks must somehow withdraw physical hard currency somewhere and abscond with it. Evidently that was possible for tens of millions via Macau casinos. But I can’t imagine how it would be possible for much more than that within a few days.

Time for Concert for Bangledesh part 2.

If, like me, you’d rather read a story than watch a YouTube video, try this article from The New York Times Sunday Magazine.