How A Printer Lost A Country $81,000,000

Cipher

26 Jun 202415:57

Summary

TLDRThe script recounts the infamous 2016 Bangladesh Bank heist, where hackers infiltrated the bank's system and attempted to steal over $1 billion using malware to exploit the Swift messaging network. Through a series of sophisticated maneuvers, including exploiting time zones and creating dummy accounts, the hackers successfully siphoned off $81 million before the operation was detected. The funds were then laundered through casinos in the Philippines, with the perpetrators believed to be the North Korean Lazarus Group, highlighting the vulnerability of global financial systems to cyber attacks.

Takeaways

🏦 The Bangladesh Bank heist occurred on February 7th, 2016, targeting the bank's automated printer which printed transaction reports, indicating a technical glitch as the initial problem.
🔍 The hackers infiltrated the bank's system through a disguised malware in a zip file sent via email in January 2015, gaining a foothold in the bank's network.
💻 The malware was custom-engineered to establish encrypted communication channels and map the bank's infrastructure, providing the hackers with a deep understanding of the bank's operations.
🌐 The bank used the SWIFT system for international money transfers, a secure network believed to be impenetrable, yet the hackers managed to breach it.
🚫 The hackers faced three significant challenges: the automatic printer, impersonating Bangladesh Bank's credentials on SWIFT, and the lack of funds in the bank's own accounts.
🎯 The hackers targeted Bangladesh Bank due to its rapid economic growth and lack of robust cybersecurity measures, making it a prime target for exploitation.
🕒 The heist was timed to take advantage of different time zones between Bangladesh, the US Federal Reserve, and the receiving banks in the Philippines, maximizing the window for undetected transactions.
🗓️ The Chinese New Year holiday provided an extended window for the hackers to move the money without detection, as banks were closed during this period.
🚫 A critical error in the malware stopped the printer from logging transactions, allowing the hackers to carry out their activities without immediate detection.
💡 The hackers attempted to transfer nearly a billion dollars, but due to a coincidence and a misspelling, only $81 million was successfully transferred.
🇵🇭 The stolen money was laundered through casinos in the Philippines, which had lax money laundering regulations, allowing the hackers to blend in and cash out.

Q & A

What was the unusual problem that Director of Bangladesh Bank Zuar B, Huda encountered on February 7th, 2016?
-The unusual problem was that the printer, which was an automated machine designed to print transaction reports instantly and automatically, had an empty tray, indicating a malfunction that had been plaguing the office for days.
What was the initial impact of the printer issue on Bangladesh Bank?
-After the printer came back online, a backlog of more than expected reports started rolling out, and it soon became obvious that something wasn't right, leading to panic as the New York Federal Reserve received instructions to drain their entire account.
How did the hackers initially breach the Bangladesh Bank's defenses?
-The hackers sent an email disguised as a job application which contained a zip file carrying harmful malware. Multiple bank employees unknowingly opened the zip file, granting the hackers their first foothold into the bank's system.
What was the purpose of the malware used by the hackers?
-The malware was a custom-engineered, advanced piece of software designed to establish encrypted channels, map the bank's system infrastructure, and create hidden back doors in the bank's network over the next year.
What is SWIFT and why was it targeted by the hackers?
-SWIFT is a secure messaging network used by banks and financial institutions worldwide to transmit instructions and information for international money transfers. It was targeted because it was a state-of-the-art system relied upon by federal banks globally, and the hackers aimed to exploit it to access vast reserves of money.
Why was Bangladesh Bank an attractive target for the hackers?
-Bangladesh Bank was attractive because, despite having a rapidly growing economy, it was still a developing nation with a central bank that lacked the powerful security measures needed to fend off sophisticated attacks, making it vulnerable to breaches.
How did the hackers plan to deal with the printer that automatically printed out Swift transactions?
-The hackers created malware that, when injected into the computer controlling the printer, would cause it to stop printing transaction logs, making it seem like a technical glitch and ensuring their fraudulent activities remained unnoticed.
What was the significance of the timing chosen by the hackers for the heist?
-The timing was significant because it took advantage of different time zones between Bangladesh, the US Federal Reserve in New York, and the receiving banks in the Philippines. This allowed the hackers to initiate the heist when banks were closed or less staffed, providing an extended window to move the money without detection.
How did the hackers attempt to launder the stolen money?
-The hackers attempted to launder the stolen money by sending part of it to casinos in the Philippines, where they played in private gambling rooms known as junkets, to blend in and buy time to cash out without getting caught.
What was the outcome of the heist and how much money was successfully stolen?
-The hackers successfully stole $81 million from the Bangladesh Bank. However, due to a spelling error in a transaction request, $870 million worth of transfer requests were held for human review, preventing the hackers from stealing the full intended amount.
Which group is believed to be responsible for the Bangladesh Bank heist and why?
-The North Korean hacking collective known as the Lazarus Group is believed to be responsible. The evidence points to them due to similar tools and techniques used in other cyber attacks, and the geopolitical context of North Korea being under sanctions and restricted from bulk money transfers.