In 2016 North Korean hackers planned a $1bn raid on Bangladesh’s national bank and almost succeeded. It was only down to luck that all but $81m of the transfers were halted.
The hackers prepared meticulously for months, gained access to the systems then waited for months for the exact right moment that would give them the longest window of opportunity.
This was at the start of a weekend, at a holiday time giving them a clear 5 days starting in Bangladesh, then the Fed in New York then the Philippines where much of the money was intended to end up.
They carried out their plan meticulously, but bad luck got in the way.
- They had created a number of fake accounts at a bank branch in Jupiter street in Manila but Jupiter was the name of an Iranian ship and that raised red flags in New York and all but $101 million of the transactions were temporarily blocked for investigation.
- $20m was to be transferred to a Sri Lankan charity called the Shalika Foundation but the name was misspelt and the transaction blocked
- $81 reached a hotel and Casino in the Philippines to be laundered but much was lost in the process
The group got away with around $34 million of the $1 Billion they targeted.
Analysis of the digital fingerprints of the theft point to the government of North Korea, to a group of hackers known as the Lazarus Group.
These are the people believed to have spread the Wannacry ransomware that devastated the NHS in 2017 and also various large organisations around the world.
For more detailed information see https://www.bbc.com/news/stories-57520169
If you have any experiences with these scams do let me know, by email.