The Digital Bank Heist: Part 2

As the DarkNet Diary podcast explained, $81 million dollar had been stolen from the Bangladesh Bank. But how do you cash out that much money? If you just keep transferring it electronically across banks, it leaves a trail. The thieves had planned that out too.

 

They emptied the accounts in the Philippines almost immediately (almost certainly, someone in Philippines was in on the crime). The money was then taken to casinos in the region, where it was converted into chips. But if you gamble with that much but don’t play for long, it draws attention. The thieves chose a game where one doesn’t lose much, around 10% on average (They were willing to write off the 10% as the cost of doing “business”). Having played long enough to avoid suspicion, they cashed back their chips and walked away. But it’s still a lot of cash. The money trail of subsequent investigations led to Macao, China. But after that, the trail just vanishes.

 

This seemed to be an exceptionally sophisticated heist. Meticulously planned. Patiently executed. With actors in different countries. Every step planned through. How can a gang of hackers have such expertise and so many resources? Hence the question (and answer):

“Who exactly were these hackers? Well, it turns out it was the North Korean government.”

At first this seems crazy. Sure, countries hack each other all the time, but never for financial gain. They hack for spying, stealing secrets, or installing malware for future “detonation” e.g. wartime. But stealing money? That was new.

 

Aha, but North Korea had been under severe sanctions. It doesn’t have access to international money. It doesn’t have much to sell/trade in any case:

“You can see a progression where it’s like oh, uh-uh, we can’t get any money.  How are we going to do that?  Oh, well, let’s just try and hack our way around that.”

If you’re wondering why the money would have gone to Macao (China) on the way, that fits once the final destination is North Korea:

“From Macao, it can then be wired directly into North Korea because North Korea does business with companies in China and so, this transaction could easily be hidden.”

 

I find a silver lining in this story. It made me realize why robbing banks digitally is so hard: while electronic stealing can be done, cashing out is very hard. Banks usually have per day limits on transactions. So too do ATM’s. Emptying out an account with huge amounts in cash sets off red flags – unless you have bribed someone at the bank. Circumventing every step requires far more than just hacking skills. The reason we can sleep easy wrt the money in the bank is not because their system is unhack’able but because there are so many steps involved in truly walking away with all the cash. And they’re all very complicated. Which makes it very hard for any one entity to pull it off.

Comments

Post a Comment

Popular posts from this blog

Student of the Year

Image
As a toddler, my daughter loved Alia Bhatt’s songs, esp. the ones from Student of the Year . (That movie did have many good songs and well-choreographed dances). Fast forward to present day, when she is 12 yo. She rarely watches Hindi movies now, but one of the few ones she likes of late, Raja aur Rani ki Prem Kahani has, yes, Alia Bhatt.   If I had any hopes that there was anything to be read in the name of her toddler-time favorite ( Student of the Year ), they have been dashed. Our conversations come exam time are perfectly captured by this photo and its caption: In fact, the pic below captures how she and I look at her answer sheets – me intently, she with an expression of “It’s over, so why are you even looking at it?”   Of late, we pull her leg and tell her that she isn’t showing any signs of academic prowess, she’d better find a rich guy to marry. Some time later, she showed us this meme on the Internet: “Me No Study, Me No Care Me Go Marry Millionaire If He Die
Read more

Animal Senses #7: Touch and Remote Touch

Instinctively, we think touch is based on contact. Not entirely true, explains Ed Yong in Immense World – there’s a more important aspect than contact: “These incredible feats are possible through movement. If you rest a fingertip upon a surface, you can get only a limited idea of its features. But as soon you’re allowed to move, everything changes. Hardness becomes apparent with a press. Textures resolve at a stroke.” As you run your fingers over a surface, they hit the tiny peaks and troughs and set off vibrations in the mechanoreceptors at their tips.   At the tip of its snout, the star-nosed mole has many pairs of hairless appendages. It uses them to touch things around itself. Alive or dead? Food or ignore? It does these movements at an insane speed. In the time it takes to blink our eyes, the star-nosed mole can probe, identify and swallow its food. “Light may be the fastest thing in the universe, but light sensors have their limits, and the star-nosed mole’s sense of
Read more

The Retort of the "Luxury Person"

Image
Coming up with biting and witty retorts. It’s something we dream of, but rarely manage to pull off. Worse, the more we stew over the offending remark, the more likely we are to come up with that dream retort, as Calvin ruefully points out: During our last holiday at the Taj Resort, seeing my wife carrying towels to our poolside chairs, one of the kids there mistook her for a member of the staff and asked for a towel. When my wife narrated this to us, I did not imagine that my 8 yo daughter would come up with her own retort. But a day later, my daughter recapped the incident, an incident that didn’t even involve her in the first place , and said, “You know what I’d have told that kid who asked for the towel?”. And without waiting for an answer, she told us anyway: “I don’t work here. I too am a luxury person who is living at this resort. Go get your own towel.” We were highly amused by the phrase she had coined: “luxury person”. It certainly captures the kind of holid
Read more