The Digital Bank Heist: Part 2

As the DarkNet Diary podcast explained, $81 million dollar had been stolen from the Bangladesh Bank. But how do you cash out that much money? If you just keep transferring it electronically across banks, it leaves a trail. The thieves had planned that out too.

 

They emptied the accounts in the Philippines almost immediately (almost certainly, someone in Philippines was in on the crime). The money was then taken to casinos in the region, where it was converted into chips. But if you gamble with that much but don’t play for long, it draws attention. The thieves chose a game where one doesn’t lose much, around 10% on average (They were willing to write off the 10% as the cost of doing “business”). Having played long enough to avoid suspicion, they cashed back their chips and walked away. But it’s still a lot of cash. The money trail of subsequent investigations led to Macao, China. But after that, the trail just vanishes.

 

This seemed to be an exceptionally sophisticated heist. Meticulously planned. Patiently executed. With actors in different countries. Every step planned through. How can a gang of hackers have such expertise and so many resources? Hence the question (and answer):

“Who exactly were these hackers? Well, it turns out it was the North Korean government.”

At first this seems crazy. Sure, countries hack each other all the time, but never for financial gain. They hack for spying, stealing secrets, or installing malware for future “detonation” e.g. wartime. But stealing money? That was new.

 

Aha, but North Korea had been under severe sanctions. It doesn’t have access to international money. It doesn’t have much to sell/trade in any case:

“You can see a progression where it’s like oh, uh-uh, we can’t get any money.  How are we going to do that?  Oh, well, let’s just try and hack our way around that.”

If you’re wondering why the money would have gone to Macao (China) on the way, that fits once the final destination is North Korea:

“From Macao, it can then be wired directly into North Korea because North Korea does business with companies in China and so, this transaction could easily be hidden.”

 

I find a silver lining in this story. It made me realize why robbing banks digitally is so hard: while electronic stealing can be done, cashing out is very hard. Banks usually have per day limits on transactions. So too do ATM’s. Emptying out an account with huge amounts in cash sets off red flags – unless you have bribed someone at the bank. Circumventing every step requires far more than just hacking skills. The reason we can sleep easy wrt the money in the bank is not because their system is unhack’able but because there are so many steps involved in truly walking away with all the cash. And they’re all very complicated. Which makes it very hard for any one entity to pull it off.

Comments

Post a Comment

Popular posts from this blog

Why we Deceive Ourselves

In their book, The Elephant in the Brain , the authors describe this weird aspect of deception that we practice: deceiving ourselves! That is so weird: “If our minds contain maps of our worlds, what good comes from having an inaccurate version of these maps?” The Sigmund Freud school of thought treats self-deception as a defense mechanism, “a way for the ego to protect itself”. The mind seeks to protect itself from anxiety and other negative emotions. Many object to this reasoning: since accurate information is so critical to our survival, surely distorting information would be dangerous. Wouldn’t the goal of protecting our self-esteem have been better achieved by making the brain’s self-esteem mechanism stronger instead? The new school of thought explains self-deception as “primarily outward-facing, manipulative, and ultimately self-serving”. This is based on Thomas Schelling’s work on game theory: “In a variety of scenarios, limiting or sabotaging yourself is the winn...
Read more

Europe #3 - Innsbruck

The last city we visited in Europe was Innsbruck in the Austrian Alps. After the cold and windy experience (at times) of Paris and Netherlands, Innsbruck was a wonderful change – it didn’t feel that cold, it was not windy all of which made it easy to walk around. Something absolutely necessary given how scenic the place is.   Since the hotel check-in time was much later in the day, we left the baggage and went to the Swarovski HQ-cum-museum about an hour by bus from Innsbruck. The crystal exhibits were brilliant – colorful, bright, shiny. Jewellery aside, it was a display of what one can do with crystals. While my wife and daughter loved the jewellery, I liked the superhero themed exhibits of Batman, Spiderman, the Hulk, and Star Wars. We didn’t buy anything there, though we did buy stuff in the Swarovski store in Innsbruck – jewellery, not the superhero stuff.   Innsbruck is a major tourist attraction during the skiing season but now in summer, we saw many groups of ...
Read more

The Thrill of the Chase

So many people complain about the difficulty in making decisions while shopping. Do you buy Brand X that gives 20% extra free? Or Brand Y that has 10% off? Or Brand Z that gives something else free with it? Do you buy that flat screen TV today or wait for the sale at Diwali? Now since the customer is king, shouldn’t companies be simplifying pricing choices? Like maybe offering consistently low prices all the time? Not so fast, as the US store, JC Penney discovered to its cost. Turns out that while people do complain about pricing choices, they are irrational. Also, they enjoy the thrill of the chase. Huh? The word “sale” acts like a siren call for many people: it lures them in to make that purchase. Consistently low prices don’t do the same. Besides, if a competitor lowers their prices just one time of the year, and Poof! Suddenly that low price claim becomes suspect in shoppers’ eyes. Then there are those sites that offer coupons: have lunch at Restaurant A on Wedne...
Read more