Episode Show Notes



JACK: [MUSIC] I’ve heard a few stories of people robbing banks just to get a few hundred dollars. I heard this one story of a guy who walked into a bank; he acted like he had a gun under his jacket. He placed a note on the bank teller counter and the note quietly said, this is a robbery. Give me some money. The teller straightened up and handed over some cash, and the guy ran out. He risked it all just for a few hundred or a thousand dollars. Then there are people who rob banks with bigger goals. Like, they want to score $100,000. To do this, you might have to hold up the whole bank, not just one teller, which causes total panic. You need to jump behind the counter and empty all the tills, and maybe bring a real gun this time.

It’s intense and crazy. But for some people that still isn’t enough. They have even bigger bank robbery ambitions. They want to score a million dollars and that kind of bank robbery is not easy. You have to time it just right, like just after someone makes a big deposit or maybe you plan to knock over a few of those armored bank trucks all at once. But some people have done it and it usually takes a lot more resources and skill to pull off a million-dollar bank robbery. But still, that’s not good enough for everyone. This is a story about how a group of people with some very interesting ties tried to rob a bank for one billion dollars.

(INTRO): [INTRO MUSIC] These are true stories from the dark side of the internet. I’m Jack Rhysider. This is Darknet Diaries. [INTRO MUSIC ENDS]

JACK: This is a big story and to help tell it, I brought in Geoff White.

GEOFF: I’m Geoff White. I’m an investigative journalist and I cover technology for, among others, BBC News, Channel 4 News, and my own podcast Cybercrime Investigations.

JACK: [MUSIC] Geoff has had his head in this case for over a year trying to unravel, understand, and crack this case. He knows more about this case than anyone else I could find, so let’s get into it. A billion-dollar bank robbery; that’s the goal here. But that’s like, impossible. Who would have a billion dollars lying around for someone to grab? A billion is a lot of money. Your average consumer bank like your local Chase or Wells Fargo bank branch is not gonna have this much money anywhere, probably not even in their bank headquarters, so your typical bank is out. We have to aim higher, possibly like a Federal Reserve Bank or something, some bigger place that has a lot of money.

The robbers knew that national banks would have a large amount of money like this, like a country’s reserve bank, so they started looking around for what national banks might be a good target. They chose the Bangladesh Bank. This was an interesting target to choose as far as central banks go. Bangladesh has a growing economy and is starting to really flourish, but it’s still a developing nation and its central bank doesn’t have the best security. I don’t know, which might make this an easier target than a more developed nation’s national bank, like the US Federal Reserve Bank. The Bangladesh Bank became the target.

GEOFF: Which is the national bank of Bangladesh. It’s like the Federal Reserve Bank or the Bank of England. It’s like the country’s bank. Billions of dollars of reserve currency is sitting in there.

JACK: Alright, so the target is set. Now, this group has a special weapon; they’re pretty good hackers. So, their plan isn’t to bust down the door, draw their weapons, and shout, [MUSIC] everyone on the floor, give me a billion dollars! No, that’s not an option here. Instead, the plan was to hack into the Bangladesh Bank and transfer out as much money as they could before anyone could catch them.

GEOFF: It starts a full year before. I think it was January 2015, the first e-mail started popping up inside Bangladesh Bank. A few employees get the classic phishing e-mail; it’s a zip file that contains a CV for somebody who looks like a job applicant. Opens the zip file, has a look at the CV or perhaps doesn’t ever get the CV but nonetheless, they get infected. Three people opened the e-mail in Bangladesh Bank and at least one of them got infected.

JACK: Okay, so the hackers, or in this case the bank robbers, infiltrate the network. Now, when they get in using a phishing e-mail like this, they only get into one person’s computer, whoever that person was who opened the e-mail, and that’s it. They just have access to that one computer. From there they have to try to hop around to other computers in the network. [00:05:00] Once they get in, they use three types of malware to set up for the next part.

GEOFF: As far as I’m aware, one of them created the backdoor into Bangladesh Bank. Another of them created the encrypted channel so that you could pull stuff out of that backdoor without being spotted, and the third piece of software was used to scan and navigate across the network.

JACK: [MUSIC] They spent some time mapping out the network of the Bangladesh Bank, moving around, establishing persistence, and learning about how to transfer money around.

GEOFF: One of the first things they do is they work out where Bangladesh Bank’s got its money. It’s not all sitting in Dhaka, the capital of Bangladesh, the money that – the Bangladesh Bank has a foreign currency reserve account in New York at the New York Fed, so, there’s a billion dollars sitting there. The criminal’s like, okay, there’s a billion dollars. That would be good if we can get that. In order to transfer money, banks have this system called SWIFT. SWIFT is the international bank transfer system. There’s an international bank version of that which transfers millions, billions of dollars around the world.

JACK: SWIFT is a banking network used to send payment orders between banks. There are over 11,000 members, financial institutions in over two hundred countries around the world who use SWIFT to send payment orders to each other. Anyway…

GEOFF: The thieves realize okay, to transfer that billion dollars out of the New York Fed, we’re gonna have to get to the SWIFT software and do a series of transfers using SWIFT. That’s exactly what they’re doing. When they get into Bangladesh Bank, they’re trying to navigate their way around the network and find the computer that’s got SWIFT on it so that they can then manipulate that computer and transfer the money out of New York and out of the New York account of Bangladesh Bank.

JACK: The thing about SWIFT is that it’s pretty secure. It is secure. It has to be because it’s handling this very sensitive financial communications. It’s practically impossible to hack but as with all computers, there is a weakness and one of the biggest weaknesses is human error. Hackers rooted around the Bangladesh Bank network looking for the right computer that can authorize bank transfers. Of course, they find it; the computer authorized to make SWIFT transfers. Bingo. Instead of trying to hack into the SWIFT system, they got to the human users of the computer terminals that ran SWIFT. They watched how the users interacted with it and they learned how to impersonate those human users, and then trick the SWIFT network into thinking that they were authorized users making real transaction requests. But first, the SWIFT terminal.

GEOFF: I don’t know about you; if I was confronted with the SWIFT terminal, I would have no idea where to start. I’d probably make some mistakes. It did not take these guys very long at all to make the transfers to transfer out the money.

JACK: Hm, this makes me think that these hackers are probably already familiar with the SWIFT bank system. Perhaps this was someone who had done work for SWIFT before or someone who hacked into a bank and did some SWIFT transfers already. Since they knew how to use it right away without having to sit and watch how a typical bank operator does it, it’s very interesting. They got that piece sorted, but now they needed to figure out how to hide their tracks to blend in. To do this, they obtained bank transfer record and used them to learn what a typical large transfer would look like. [MUSIC] They studied the bank’s high-dollar value transfers. What kind of transactions were they? When were they made and to who? They used these insights to plan their theft. They would use transactions that looked like the bank’s typical large transactions to steal their billion dollars without raising suspicions.

GEOFF: There’s transactions they lined up. Not only did they know how to run SWIFT, but they knew what to type into SWIFT to make the transfers look legit. They had all this almost in advance. It was almost like how they knew how SWIFT ran.

JACK: With the right keystrokes on this computer, they can move that one billion dollars to another bank account, an account owned by the hackers. But hold up, even if they now had access and a plan for making their transfer blend in, making one giant transfer to themselves still might not be the best idea. Using this strategy might have raised a flag somewhere in the system. A big transfer like that might require additional authorization or something. Why put all your eggs in one basket? If that one-billion-dollar transfer fails, then everything fails. The hackers decided to break up the theft into many smaller transfers.

GEOFF: This is classic money laundering technique.

JACK: In May 2015, five bank accounts were opened in the RCBC Bank on Jupiter Street in Manila, the capital of the Philippines. Each of these accounts were opened with an initial five hundred-dollar deposit. These accounts sat untouched for nearly a year until the weekend of February 5th, 2016. By that point, the bank robbers had everything set up. They launched a successful spear phishing operation on Bangladesh Bank employees which allowed them to get access to the bank’s computer network [00:10:00] and the SWIFT terminals. They figured out how to impersonate Bangladesh Bank’s credentials on SWIFT. Now, they have bank accounts set up around the world waiting to receive the stolen money. We know about those five accounts in the Philippines and…

GEOFF: At least one account set up in Sri Lanka. I don’t know where the other accounts are. Despite efforts, I have not managed to find out. But this was a worldwide operation.

JACK: Now, they’re ready to roll. On February 3rd, 2016, the hackers entered the Bangladesh Bank network one more time. It was a Thursday. They waited for the bank to close that night and as soon as it did, they made the keystrokes needed to get into the SWIFT terminal. See, the Bangladesh Bank actually has a lot of money in the US Federal Reserve Bank, so they accessed the Bangladesh Bank account in the New York Federal Reserve Bank and started making transfers to thirty-six of the hacker’s bank accounts all over the world. The thirty-six transactions totaled 951 million dollars. Now, the timing of this transaction was perfect; a Thursday night in Bangladesh.

GEOFF: In classic heist movie tradition, you try and pick out a weekend to do your bank break-in. What you’re ideally looking for is a long weekend, a bank holiday weekend, public holiday weekend, which would give you three days.

JACK: In an already really well thought-out, elaborate plan, the timing was a stroke of genius because it meant that not only are the hackers dealing with a long weekend, but they’re also taking advantage of…

GEOFF: Three time zones, here; you’ve got Bangladesh Bank which is the bank that’s been hacked into where the money’s gonna be transferred from, you’ve got where the actual money is which is New York, which is obviously a different time zone, and you’ve got where the money is going which is the Philippines which is yet another time zone. What they did was played these three time zones to their advantage.

JACK: Now, besides the time zones being to their advantage, in Bangladesh, the weekend starts Thursday night. Because this was Thursday night, nobody was gonna be in on the weekend to see anything suspicious happening. However, it’s not the weekend in New York; it’s Friday in New York which means the funds can be transferred properly there.

GEOFF: By that time, a lot of the bank workers would have gone home. They know they’ve got a good, long weekend – a weekend, two days, to work with. But of course, it’s 9:36 a.m. in New York where the actual money is. When they start issuing the commands to transfer out the money, in New York, they’ve got an entire day of New York working on it knowing that the people in Bangladesh who might be keeping an eye on it, most of them aren’t to work over the weekend.

JACK: There’s another detail of timing that also helped them out. The attack started on Thursday, February 4th. On that following Monday, February 8th, was the Chinese New Year which is a bank holiday in the Philippines which is where those RCBC bank accounts were sitting.

GEOFF: You’ve got all of Thursday, Friday, Saturday, Sunday, and Monday with these three time zones working to your advantage.

JACK: On Friday morning in New York, the Federal Reserve receives all these SWIFT transaction requests that look like they’re coming from the Bangladesh Bank. The New York Federal Reserve Bank proceeds to process the transactions. [MUSIC] Money starts being sent to the hacker’s bank accounts one by one. Millions here, millions there. One of the transactions is for twenty million dollars to one of the hacker’s bank accounts in Sri Lanka.

GEOFF: Twenty million dollars was gonna go to Sri Lanka which is a huge amount of money for the charity concern that it was going to.

JACK: The New York Federal Reserve approves the request and the twenty million dollars starts making its way to the intermediary bank which happens to be in Germany. But it gets stopped there because of a pretty basic human error. The money was trying to be sent to the Shalika Foundation but the transfer request spelled it as Shalika Fundation. It was missing an ‘o’. When a human looked at this transfer, it rang some alarm bells.

GEOFF: The bank in Sri Lanka flagged it back to a bank in Germany that had done the transfer. They in turn transferred it back to New York and said, we think something’s wrong with this. New York, you can imagine, had some pretty hairy moments looking at these transactions and going oh shit, something’s wrong here.

JACK: This raises the alarm and the New York Federal Reserve is now scrambling to try to figure out what’s going on. They tried calling the Bangladesh Bank on a Friday, but Friday is the weekend in Bangladesh so they were unable to get through. By this point, the first part of the hack was done; they hacked into the Bangladesh Bank, sent the money to the New York Federal Reserve, and then told the New York Federal Reserve to send it to thirty-six accounts. By Friday at 3:59 a.m. local time in the Philippines, the hackers logged out of the Bangladesh Bank SWIFT network. The malware that they had installed on the machines began deleting evidence of their crime. But hold up, you’d think that the bank’s security systems would have some kind of failsafe to protect against this kind of robbery, right?

GEOFF: There’s a printer, an HP LaserJet printer, in the corner of the office in Bangladesh Bank and its job is partly to print out records of SWIFT transactions when they’re made.

JACK: Every day, including on Bangladeshi weekends, that printer is automatically printing out all the transactions that are coming in. Normally, that’s not that many, maybe a dozen. The paper printouts [00:15:00] are one safeguard. Another safeguard is that there’s employees who are on-duty and it’s their job to scrutinize the transactions on these records. On the Friday of the hack, that employee was named Zubair and he was the director of the bank. But the hackers had a plan for this, too.

GEOFF: Now, the hackers, one of the smart things they did when they did their heist, was to realize that if the printer kept going, it would immediately expose what they’d done.

JACK: To deal with this failsafe, the thieves hacked the printer to make it print blank pages of transaction records. Then they installed malware on the computers running the printer that would delete evidence of the messages. Zubair was in the office on Friday, but the printer was just printing out blank pages. He assumed it was just some technical glitch and he could deal with it on Saturday. But then on Saturday, there was an even bigger problem. When the Bangladesh Bank employees tried to log into the SWIFT terminal, they were seeing errors and couldn’t log in.

When they finally were able to log into the system, they saw three messages from the New York Federal Reserve asking about the large quantity of payment instructions that they had received over the Bangladeshi weekend which altogether totaled almost one billion dollars. At this point, on Saturday, Zubair was pretty panicked. He tried to call the New York Federal Reserve Bank but of course, it’s now Saturday where the banks are closed in the US. He starts e-mailing and faxing in requests to the Federal Reserve to stop all transactions and payments for this. At some point, the Bangladesh Bank employees also shut down their server in an attempt to stop even more fraudulent transactions from executing.

GEOFF: They then start making a series of appeals. They’re obviously contacting the New York Federal Reserve to try and get the money back. I never realized this about the international banking system, but there’s a lot of intermediaries. It’s not just from the New York Fed that the money goes straight to the Philippines or straight to Sri Lanka. It goes to a number of intermediary banks. To get the kinda of sense of panic, one bank contacting another and saying well, hang on, what’s happened here? Who transferred the money to you? Where’s the money gone now? You’ve got multiple different banks to go through.

JACK: While thirty-six transactions were attempted, which totaled almost a billion dollars, only four transactions actually went through. The bank robbers successfully transferred 81 million dollars to their five RCBC bank accounts in the Philippines which they had set up nearly a year before using fake IDs. One reason the money made it to their accounts in the Philippines was that the transfers occurred during the Chinese New Year, so [MUSIC] RCBC Bank was closed when the Bangladesh Bank tried to call up and stop the transfer. But that’s not the only reason. There’s some allegations that there might have been an insider at the RCBC Bank, too. The timeline is pretty suspicious. On February 9th, RCBC logs into the SWIFT system and sees the stop payment messages that Bangladesh Bank has now sent them. Yet even after seeing those stop payments, that same day the hackers were able to completely empty their bank accounts, huge sums of money. Once they’re withdrawn…

GEOFF: That money was programmed to disappear. There was a whole system in place to take that money and speed it through the system so that no one could ever find it again.

JACK: A large percentage of the 81 million dollars went to a single person.

GEOFF: From the investigation in the Philippines, that thirty million was given to a bloke, Chinese national, who just disappeared with it and he’s never been heard of again.

JACK: Perhaps this Chinese man was in on it somehow, a middle man or something, and he required a cut of the money to do his job. But yeah, we don’t know what happened to him or his money. He just vanished. [MUSIC] But that’s still fifty million dollars for the rest. The next part of the plan was for the hackers to make it so that this money couldn’t be traced back to the bank heist. They needed to come up with a plan to launder fifty million dollars. To do that, they sent it directly to a casino.

GEOFF: One’s called the Midas Casino and one’s called the Solaire Casino. I think it was thirty million in the Solaire and twenty million in the Midas.

JACK: Now, it’s not clear how the money got to the casino but from what I understand, when high-rollers come into town, they don’t stroll in through the front door with like, a million dollars in a briefcase. No, they link up their bank account to the casino’s bank account and initiate transfers to the casino that way. My guess is that on Friday, the funds were transferred into these bank accounts in the Philippines and then on Monday, those funds were cleared. However, Monday was a Chinese New Year, so those banks were closed. But my theory was that the hackers had prearranged with the casino to make these huge transfers on Monday. They were done online or through the casino somehow without having to go into the bank. But now that the money was in the casino, they couldn’t just grab their money and go. They needed to gamble for a while to not look suspicious.

GEOFF: The way it might work for you and I is we’d go and we’d say okay, I want to bet a million dollars this weekend. The casino would say okay, pay your million dollars into our account, numbered X. That way when you go, there’s a record of that transaction. You turn up at the casino and say hey, I’ve got a million dollars in your bank account. I’d like to bet [00:20:00] my money now.

JACK: A few Chinese men who were working with these hackers took the money from the heist, went into the casino, and requested a junket. A junket is a private room for high-rollers who can gamble without being bothered. Basically, you tell the casino I want a room for a certain number of gamblers and we’re going to spend ten million dollars here.

GEOFF: What’s most important about this, certainly from a money laundering point of view, is the chips that are issued, the casino chips that are issued, only work in that room. They’re like, branded casino chips. They only work in that room. What that means is if you’re a money launderer and you’ve paid your fifty million to these casinos, you hire out a room, you’ve got your guys in there to gamble. You know that those chips are only gonna be spent and gambled in that room so you’ve got a controllable situation. These guys can’t wander off somewhere with your chips and spend them elsewhere. They’ve got to spend them in that room. You can keep an eye on what they’re spending.

JACK: The other important detail about these junket rooms is that they were playing Baccarat.

GEOFF: Baccarat is interesting because there’s only two things to bet on in Baccarat. You bet on the bank or you bet on the player.

JACK: They say that if you keep playing Baccarat over a long period of time, the odds are pretty good that you’ll get about ninety percent of your money back. The casino will end up with ten percent of your money after you play for a long period of time which is sort of a safe way to gamble without losing too much. This will allow the hackers to gamble without causing suspicion, like they’re just cashing out and laundering money. The hackers sat there in a private junket in the two casinos in the Philippines, gambling their loot that they just stole, just trying to buy enough time to cash out without raising suspicion. Because at this point, everyone involved; the Bangladesh Bank, the New York Federal Reserve, the RCBC, and the law enforcement agencies, they know that $81 million has been stolen.

The authorities were able to follow the money to the casino which raises a question. If we know all this money passed through two casinos to be laundered, are the casinos responsible at all? Well, as it turns out, just days after the bank heist, Bangladesh Bank asked the Philippines authorities for help. The authorities shut down those fake bank accounts and they knew where the men went with the money. They knew what casinos they were in, but the country’s law enforcement let them play without making any arrests. The casinos, for their part, had some plausible deniability.

GEOFF: To us, this just sounds crazy; a bunch of Chinese guys turn up and bet ten million, tens of millions of dollars. But if you’re a casino in the Philippines, that happens a lot. It isn’t unfeasible that the casino could have looked at this and thought well hey, here’s some high-rollers in town, big spenders.

JACK: It’s worth pointing out that in the Philippines at that time, casinos didn’t have good money laundering regulations. So, it’s possible that’s why these casinos were targeted for this. The robbers finished their gambling which was actually money laundering, quietly cashed out their chips, walked out of the casino, and promptly left the country, flying to China. In total, the hackers were able to successfully steal 81 million dollars from the Bangladesh Bank. So, who exactly were these hackers? Well, it turns out it was the North Korean government.

GEOFF: [MUSIC] North Korea starts getting into computer hacking, from what the experts are saying, about 2009. There’s the creation of a thing called the Reconnaissance General Bureau which pulls together a lot of their hacking people into one unit.

JACK: Security researchers dubbed this North Korean hacking group the Lazarus Group which also is known as the Reconnaissance General Bureau or APT38. Researchers found traces of Lazarus Group on other attacks, too. It’s really interesting to see a nation state getting into the game of bank robberies because nation state hackers don’t rob banks. They never hack for financial gains. I seriously can’t find any other story of a nation state hack where their goal was to steal money. North Korea seems to be the only one hacking for financial gains which is so weird. But according to Geoff, this actually kind of makes sense from a geopolitical standpoint.

GEOFF: 2013, the sanctions have passed restricting North Korea from bulk transfers of money which is a response to North Korea launching missile tests that the world does not want it to do. That’s 2013. It stopped from getting access to international money. Two years later, 2015, they start hacking into Bangladesh Bank, according to the FBI. You can see a progression where it’s like oh, uh-uh, we can’t get any money. How are we going to do that? Oh, well, let’s just try and hack our way around that.

JACK: That’s where Lazarus Group and these bank robberies come in. It wasn’t just Bangladesh Bank that they targeted. Lazarus Group has been tied to almost all of the world’s SWIFT attacks to date. Banks in Ecuador, Vietnam, Poland, India, Taiwan, and Russia have all been hacked and had attempted bank robberies which can be attributed to hackers within the North Korean government being the main culprits. They’ve been hitting bank after bank, [00:25:00] attempting to steal millions of dollars. All in, Geoff estimates that the Lazarus Group has tried to steal roughly 1.2 billion dollars but has only ended up with $122 million. Some say that this 81-million-dollar bank heist from the Bangladesh Bank was the largest bank robbery in history.

GEOFF: If it is North Korea, that’s 1.2 billion dollars going to a country that’s under international, financial sanctions. From the ones I’ve added up, they’ve tried to get $1.2 billion. What they ended up with was $122 million. So, roughly a tenth of what they tried to get is what they actually managed to pull out.

JACK: If Lazarus Group has stolen $122 million, that would be a significant portion of North Korean’s GDP. Since it’s been so successful, I see no reason why they can’t continue to do this for years into the future. Typically, what we’ve seen is the money is taken to Macao, in China, which is where the money went after they cashed out on this casino. From Macao, it can then be wired directly into North Korea because North Korea does business with companies in China and so, this transaction could easily be hidden. Yeah, 122 million dollars stolen? This looks like North Korea got away with it. But don’t just take my word for it. The US Department of Justice investigated this a lot. The FBI wanted to know more and spent two years tracking down who hacked the Bangladesh Bank and came to a conclusion. In late 2018, the US Department of Justice gave this announcement.

DOJ: We have unsealed criminal charges against a North Korean computer programmer for participating in a conspiracy that conducted sophisticated cyber-attacks around the world on behalf of the North Korean government. Members of the conspiracy are responsible for some of the most damaging and most well-known cyber-intrusions in history including the cyber-attack targeting Sony Pictures and the cyber-heist of Bangladesh Bank. The criminal complaint unsealed today specifically charges Park Jin Hyok but the complaint also alleges a wide-ranging conspiracy and describes in minute detail how we were able to link the North Korean government to these crimes. Despite their attempts to cover their tracks and despite the North Korean government’s claims that it was not involved in these crimes, the 172-page affidavit details evidence that clearly demonstrates that the North Korean subjects, backed by their government, were responsible for these crimes.

JACK: Oh, whoa. The same group did the Sony hack, too? I’m sure you’ve heard of this. There was this movie that Sony Pictures was producing called The Interview, a comedy with Seth Rogan and James Franco, where they were to travel to North Korea to interview Kim Jong Un.

AGENT: [MUSIC] The CIA would love it if you could take him out.


AGENT: Take him out.

AARON: Like, for drinks?

DAVE: Like, to dinner?

AARON: On the town?

AGENT: No. Take him out.

AARON: You want us to kill the leader of North Korea?


JACK: Well, as it turns out, North Korea did not find this funny and hacked into Sony Pictures, getting access to e-mails, personal information, unreleased movies, scripts, and salaries. They published all this to Wikileaks and at the same time demanded that Sony not release The Interview. If that wasn’t enough, they were destroying computers inside Sony using a wiper virus. Of course, this sparked a major debate over in Washington, DC as President Obama was trying to figure out what to do. An enemy nation just attacked an American company. If this had been a kinetic attack like with a bomb or fire, this would certainly be an act of war. Some people were urging Obama to consider this to be the same. But someone else said, are we really gonna go to war every time a company gets hacked? President Obama had this to say.

OBAMA: We cannot have a society in which some dictator someplace can start imposing censorship here in the United States. Because if somebody is able to intimidate folks out of releasing a satirical movie, imagine what they start doing when they see a documentary that they don’t like or news reports that they don’t like.

JACK: Strangely enough, Trump, who was not president at the time, was interviewed on the Wendy Williams show and was asked about this. Here’s what he said.

TRUMP: Look, I hear the movie is terrible. If somebody did that to our president, whether you love your president or don’t love your president, if they start talking about assassination – and I heard they did some really vile things. It wasn’t just like, assassination.

WENDY: In the movie.

TRUMP: Yeah, it was really terrible, terrible things to him. That’s pretty bad stuff, right? I can see both sides of it.

JACK: That’s not – I’m not even gonna comment on that. Sony backed out of releasing the film, but Washington DC urged them to publish it anyway to send a message that Kim Jong Un cannot suppress free speech [00:30:00] whenever he wants. Sony did a limited release and made the film available directly for download. But yeah, it’s fascinating to see the US has enough evidence to blame the same North Korean hacker for the hack on Sony and the Bangladesh Bank heist. The DOJ has an indictment for the hacker’s arrest but they’ll likely never be caught because there’s no way to go into North Korea and arrest him. They probably aren’t traveling anywhere anytime soon. But if the guy listed in the indictment were to travel to a country which has an extradition treaty with the US, [MUSIC] the FBI would probably find out and try to arrest them. Geoff, being the curious person he is and good journalist, decided to go to the North Korean embassy in England to get some answers.

GEOFF: The embassy is in West London, in a suburb of West London, called Ealing. Look, all the embassies, there’s certain areas of London where the embassies are based like big, posh houses, security outside. The Canadian flag waves outside the Canadian embassy, and so on. North Korea really does look like a semi-detached house in a suburb. It was, actually. It’s a converted family house. I went up; I thought look, I tried to e-mail them, I’ve tried to call them. I got no response, so I went to the embassy to knock on the door. It’s really disappointing. There’s a sort of electric gate that sits across the driveway.

Two very expensive Mercedes, by the way, parked in the driveway. The electric gate is all sort of remote control from inside the place. The front door of the actual embassy itself is behind that electric gate. I’ll be honest with you, it wasn’t unfeasible; I could have jumped the gate to get to the front door but I just thought at that point you’re kind of trespassing on the North Korean embassy. I didn’t want to end up in the Evening Standard as – technology journalist tasered as he tries to – I don’t know. I felt I’d done…

JACK: So, there was no bell or anything to push?

GEOFF: No, there is no bell. There is no bell accessible on the outside. In order to get to the bell, I would have had to have jumped the gate and jumping the gate just felt a step too far. Yeah. I sent them a letter by recorded delivery and I got a little confirmation back from the post office saying that my letter had been received by Mr. Kim at a particular time. Mr. Kim still hasn’t got back to me to answer my questions and I suspect I won’t hear back, but worth the trip.

JACK: I want to take a minute to emphasize that this 81 million dollars was stolen because someone clicked a link on a phishing e-mail. This goes to show that humans are still the weakest link in the network, but the other 900 million dollars in transfers was stopped because of a human. Somebody spotted these transactions and was able to take action which protected most of the one-billion-dollar payload from the hackers. Yeah, while humans are the weakest link, they’re also the strongest link at the same time. A well-trained and educated employee can do wonders for a company by protecting their systems from hackers. In 2018, the Bangladesh Bank brought a lawsuit against RCBC, the bank in the Philippines where the money was sent to, for failing to quickly put a freeze on the fraudulent accounts. They alleged there was corruption or collusion which allowed the hackers to get away with it.

But RCBC responded with a defamation lawsuit. They were saying it was an inside job from the Bangladesh Bank. But check this out, in January 2019, the bank manager at RCBC was arrested and found guilty of money laundering. She was sentenced to four to seven years in prison. As it turns out, she was the one who opened the bank accounts that the stolen money was sent to. Now, she handles things related to customer care and I don’t know enough about the RCBC policies to know if it’s normal for a bank manager to open accounts for customers, so I’m not sure how suspicious this is but so far, she’s the only one to have been arrested in connection with this bank robbery. In the meantime, the Lazarus Group continues to attack the SWIFT banking system. In October 2017, they hit the Taiwanese Far Eastern International Bank. Between January and May of 2018, they targeted Mexico’s Bancomext, and in May 2018, it was the Bank of Chile.

GEOFF: It used to be governments hacked into other governments for secrets, cyber-criminal groups hacked into banks for money, and hacktivist groups caused chaos to get profile.

JACK: [MUSIC] It’s just so strange to me to see a government conducting cyber-crime and just out there stealing wads of money. But there it is, plain as day, and that just scares me.

GEOFF: When you’ve got the time and money that governments have, suddenly you’re in a whole different ball game. If those guys are getting involved in cyber-crime operations, we are in a whole different ball game.

JACK: That’s not to say this is suddenly going to be a common thing, that governments are going to be turning to international crime sprees to fund their [00:35:00] activities. North Korea, of course, does not follow the norm on many levels. But still, it’s pretty concerning that three years later, even though we know exactly who was behind the Bangladesh Bank heist, the hackers are still at large and are continuing to attack banks all over the world and developing new attacks. In fact, North Korea is responsible for another huge cyber-attack, an attack that was so big, it cost the world four billion dollars. But that story is going to have to wait until the next episode. So, join me in two weeks, will you?

(OUTRO): [OUTRO MUSIC] A big thank you to journalist Geoff White for sharing his research and insights with us. Geoff has just published a new book. It’s called Crime Dot Com: From Viruses to Vote Rigging, How Hacking Went Global. I highly recommend it. Geoff is a great investigator and writer and trust me, this book is right up your alley. There’s an affiliate link to Crime Dot Com in the show notes, so check it out. Geoff also has a pretty good podcast called Cybercrime Investigations where he goes super in-depth on stories he investigated. I also highly recommend that podcast. This show is made by me, the gold coder, Jack Rhysider. This episode was produced by the sandy surfer, Eileen Guo. Original score for this episode was done by Garrett Tiedemann and our theme music is by the bobbling Breakmaster Cylinder. Even though cyber-actors are working on new cyber-pathogens to wage cyber-attacks on cyber-bullies who have too much cyber-sex, this is Darknet Diaries.



Transcription performed by Leah Hervoly www.leahtranscribes.com