North Korea Linked to the SWIFT Bank Hacks

North Korea could be behind the recent string of digital attacks on Asian banks, says Symantec. The cyber security firms notes that the attacks could be traced as far back as October 2015, two months prior to the earliest known incident. As you may recall, hackers stole around $80M from Bangladesh's central bank in March, and a similar attack was seen at a Vietnamese bank earlier this month. Symantec says that it has found evidence that distinctive malware that was used in both the hacks had strong commonalities with the 2014 Sony Picture breaches. Security firm FireEye also investigated the matter. From a Bloomberg report: Investigators are examining possible computer breaches at as many as 12 banks linked to Swift's global payments network that have irregularities similar to those in the theft of $81 million from the Bangladesh central bank, according to a person familiar with the probe. FireEye, the security firm hired by the Bangladesh bank, has been contacted by the other banks, most of which are in Southeast Asia, because of signs that hackers may have breached their networks, the person said. They include banks in the Philippines and New Zealand but not in Western Europe or the United States. There is no indication of whether money was taken.

The KIMs never die

They just want to fuck you up!

Re:The KIMs never die

Me take money, den buy nukes!! Fuck aw you muthafucka. Den me suck dick. Now me know why you caw him Rodman. You no foo me, roundeye!! You no rikey? Fuck owff!!

THERE IS NO BANK SECURITY

So you're telling me that an attack originates in a country with almost ZERO internet connectivity, and it took this long to track?

Re:THERE IS NO BANK SECURITY

Apparently NK hackers operate out of China; see e.g. here: http://edition.cnn.com/2015/01/06/asia/north-korea-hackers-shenyang/

Re:THERE IS NO BANK SECURITY

[93+Escort+Wagon]

What I find interesting is that, almost immediately after the Sony breach, the US government said "we're pretty sure North Korea did it"... and got soundly mocked.

Re: THERE IS NO BANK SECURITY

And anyone who says "it could" or "maybe it is" or similar BS will get mocked this time too. And so they should. Proof, or it didn't happen.

Re:THERE IS NO BANK SECURITY

[rahvin112]

The sony hacks were done from a Hotel In Thailand that NK had rented in a block and sent their hackers to live in for a few weeks. The internet access of NK has no relevancy to their ability to attack if they are willing to send their attackers abroad to orchestrate the attacks.

Re:THERE IS NO BANK SECURITY

[Agripa]

Even a stopped clock is correct twice a day. The U.S. lacks credibility when making such unsupported statements.

Re:THERE IS NO BANK SECURITY

[Agripa]

I wonder though how they manage their training program without such poor domestic internet connectivity. That must be done outside of North Korea also.

Re: THERE IS NO BANK SECURITY

[Coren22]

How do you propose that we "prove" who was responsible?

Subjects in comments are dumb

Pics of hot North Korean girls in military uniforms or it didn't happen!

Totally credible and meaningful

The norks got the fastest internet and the whole country is connected, like. And everybody knows exactly what a "hack" is so it's certainly clear what happened and it makes lucid sense to put it this way. You have but to say "hacker" and everybody knows, oh yeah, that guy. Such wonderfully precise reporting, this. It certainly makes complete sense to me. Thank you for this article that brought us utter clarity all around.

Roll back?

[Frosty+Piss]

Since this is all electronic - no one walked out of any bank with 80 million in a suitcase - there must be a trail. This trail certainly doesn't end at the Band of Kim Jong Un. Why is it not possible to say, "Well... This transaction was fraudulent. Let's reverse it!"

The money went someplace, and the movement of 80 million would certainly leave traces.

I'm sure I'm totally ignorant of how such a thing, in the world of electronic money transfers between banks and governments, could not be backed up.

Re:Roll back?

Rolling back is no possible because it would collapse the international payment system. The bank that received the funds would not be very happy if the transaction was rolled back while the criminals have already moved the money too yet other banks and accounts, or converted it into untraceable assets like cash, golds, diamants, etc.
If that were possible, receiving banks would freeze ALL incoming funds until they received the 'final clearance'. How long should they wait for that ? what form should this final clearance take ? would it help against this kind of fraud ? unlikely.
It would only bring the worlds complete payment networks to a grinding halt, destroying the world economy the moment this was made possible.

Re:Roll back?

[mr.mdjohnson]

"Once inside the network, the hackers modified software called Alliance Access to both make the transactions and hide the evidence. Alliance reads and writes SWIFT messages to files on the filesystem, and it records transaction information in an Oracle database. The hackers created malware that removed integrity checks within the Alliance software and then monitored the transaction files sent through the system, searching the payment orders and confirmations for specific terms. These terms and the responses to them were specified by a Command and Control server in Egyp When a message with one of the search terms was found, the malware would do different things depending on the kind of message. Payment orders were modified to increase the amounts being moved, updating the Alliance database with new values. Confirmation messages from the SWIFT network were also modified. Confirmations are printed and stored in the database. Before being printed, the malware would alter the confirmations to show the original, correct transaction value; it also deleted conformations from the Alliance database entirely. It's still not clear how the initial transactions were entered into the system to trigger the malware in the first place. Getting the money out is also difficult. It is being laundered through the Philippines, and that laundering is currently being investigated by the Philippine senate. The $81 million that was successfully stolen was sent to the Philippines to accounts at the Rizal Commercial Banking Corp (RCBC) held by two Chinese nationals who organize gambling junkets in Macau and the Philippines. The money was moved to several Philippine casinos and then subsequently to international bank accounts. Philippine casinos are exempted of anti-money laundering law that requires them to report suspicious transactions, making them an attractive target for this kind of crime. The Treasurer of RCBC has resigned, and the manager of one of its branches is facing criminal charges after she withdrew $427,000 from an account linked to the theft. The Governor of the Bangladesh Bank, Atiur Rahman, also resigned in March over the heist.t" http://arstechnica.com/securit...

Re:Roll back?

[laughingskeptic]

I'm sure it was quickly used to purchase pre-positioned shell companies which lived only long enough to perform further transactions. If the world's banks all operated on a nice block-chain then one could follow the trail. But in order to follow the trail of nested shell companies one would have to be able to track the activities of every crooked attorney at every courthouse in the world. My solution is banks should only interact with whitelisted entities rather than relying on national and various other blacklists. Before the internet era, this would have been very difficult. But today, it would not be that hard to maintain a whitelist. Some banks might chose to do business with unverifiable companies, but then they should also be the ones who are out of pocket when a large transaction involving one of their dubious clients needs to be reversed.

Re:Roll back?

[roman_mir]

Who is the final authority to say that any transaction must be reversed? Who is the final authority to say that a transaction must not be reversed?

Re:Roll back?

[Sir+Holo]

Rolling back is no possible because it would collapse the international payment system. The bank that received the funds would not be very happy if the transaction was rolled back while the criminals ...

Fuck the SWIFT System. They take over a week for me to get a few thousand over from the US to the UK (allies).

PayPal will let me do it instantaneously. I do it all the time.

Kimmie took socks from my dryer

[Tablizer]

Seems everything is blamed on N.K. these days. It's perhaps too easy to do: everybody believes they are jerks, and they can't sue back for defamation if the accusation is wrong.

I'm not saying they didn't do it, only that their situation sure makes them a highly convenient scapegoat.

It reminds me of the time that our boss retired, and every problem was blamed on him afterward because he wasn't around to set the record straight. We knew the accusers were full of it because he didn't even work on most of the projects that flopped. We started to blame plumbing problems on him as a running joke.

Re: Kimmie took socks from my dryer

Yep sure is nice and convenient to have a bogey man to blame problems on. Like you said, NK surely doesn't have clean hands, but if anything less than a thorough investigation is being done... we should blame it on NK!

Re:Kimmie took socks from my dryer

[edittard]

It reminds me of the time that our boss retired, and every problem was blamed on him afterward because he wasn't around to set the record straight.

So the joke about three envelopes is based on reality?

Re:Kimmie took socks from my dryer

[tnk1]

They did say that the attack had similarities to the Sony Pictures hack, which was also believed to be NK. I don't think they just picked NK out of a hat before making the assertion.

The Kims are the closest thing to a bunch of real-life Bond villains that the world has ever seen. This is definitely not out of character for them.

Re:Kimmie took socks from my dryer

[khallow]

The obvious rebuttal is who needs to blame the North Koreans? Saying you got robbed by the North Koreans isn't any gentler to your career than saying you got robbed by anyone else with similar degree of sophistication. And at least Russian mobsters have a track record of effective stealing from banks.

Re:Kimmie took socks from my dryer

[rahvin112]

NK has been counterfeiting US currency for like 20 years. In fact the entire reason the US Mint started making all the news bills you see in circulation now is because NK and Iran both started large scale counterfeiting.

Re:Kimmie took socks from my dryer

[Tablizer]

Kims are the closest thing to a bunch of real-life Bond villains

Oh, but there are other strong contenders.

Re:Kimmie took socks from my dryer

[slashrio]

Never let a good crisis go to waste!

BULLSHIT!

I'm a network engineer with 30 years experience and I specialize in penetration testing and computer forensics.

This is nothing but more propaganda by the Obama administration to make N.K. look bad so he has an excuse to start trouble with N.K.

Do NOT be fooled by it.

Re:BULLSHIT!

[tnk1]

What you appear to be missing is a connection between your putative experience and your conclusion. One example of such would be the facts that you are using to back up your assertion.

Just who types this bullshit

[tetraverse]

Just who types this bullshit?

Re:Just who types this bullshit

The propaganda wing of Best Korea's Most Glorious Cyber Army. Enlist* today and join the ph34red 1337 unit in their fight against Sony, banks and evil in general!

* applicants should bring their own devices, Internets, and foods

The popular bad guy

[gurps_npc]

We know they do bad things, so they are the goto bad-guys now. After all, if they support counterfeiting, what else won't they do?

Honestly, we probably have no idea who did this, but they are the most likely bad actors.

Re:The popular bad guy

[swb]

You would think they might consider going all in on illicit drug manufacturing.

It'd generate huge hard currency profits, PRK has the intellectual know-how and ability to setup a completely vertically integrated production process at large scale, is totally immune from any government sanction and has a security apparatus that no competing cartel could match.

I think its been rumored they have been linked to methamphetamine production in the past, but you wonder why they wouldn't ramp this up with a wider production.

Re:The popular bad guy

[Blaskowicz]

I just read somewhere that they have no real medicines in their hospitals, so they make do with readily available heroin instead. It wouldn't surprise me but I have to wonder how could be verified that information.

I guessed right!

[GameboyRMH]

https://tech.slashdot.org/comm...

Really?

[whoever57]

A country in which few people have access to the Internet (few of whom are likely to have real computer skills) and a generally poorly educated population has produced all these skilled hackers that have hacked multiple companies and banks?

It doesn't seem very likely.

Re:Really?

[GameboyRMH]

You think their starving peasants are the ones doing the hacking? More likely a military-run black-hat group. They have a nuclear weapons program that occasionally makes working nukes and missiles, I think they can train a group of cybercriminals.

Re:Really?

[turbidostato]

"A country in which few people have access to the Internet (few of whom are likely to have real computer skills) and a generally poorly educated population has produced all these skilled hackers that have hacked multiple companies and banks?"

Weird, isn't it?

It is like, say, a country with massive obesity epidemics that still produces a lot of Olympic medals, or something.

Re:Really?

[Hognoxious]

In the sport example, there's a selection mechanism in place. Starting from a pool of pretty much everybody, the gym teacher selects the best kids for the school team, and the ones who win the city championship compete at the state level and so forth until the best are in the national squad.

You couldn't do that if only a dozen people have ever actually seen a running track. Well you could, but they probably wouldn't win very much.

tl;dr either the Norks are utterly brilliant at talent spotting or they're subcontracting the whole thing out to somebody else.

Re:Really?

It doesn't feel very complicated. Round up about a thousand 13-year-old school boys that seem particularly smart (and maybe a hundred school girls if they care about pretending to not be mysoginistic), send them to a secret special camp and increase their parents' food ration.
Learning the command line etc. can be pretty quick I guess, so is picking up the English vocabulary as well. After some time the better half or tenth may become designated hackers while the rest might be tasked with more mundane software and IT tasks.

Bullshit and lies

just more propaganda against one of several countries on the U.S political agenda. North Korea don't have nowhere near the resources and skill-set to do this, period. If it comes out of the foul mouth of the war-mongering U.S, then be highly suspicious of it.

Disconnect them

There's a simple answer to government sanctioned hacking - disconnect them. No muss, no fuss.

Re:Disconnect them

And with that statement, who do you think needs to most urgently be disconnected, North Korea, who couldn't computer-hack their way out of 127.0.0.1, or the U.S who has tried to hack every government and industry in the world? Do you actually believe North Korea are responsible for this?

For people wondering how North Korea got so good i

[manu144x]

Basically the new leader has the entire country oriented towards computer science. He basically built a small city just for them, with much higher standards of living than the rest of the population. They even have malls, restaurants, taxis, cars, everything. So now every teen has incentive to be good at software as it can be their entire family ticket out of poverty and hunger. He can move his family, and his parents to a free apartment there. Of course it's still very controlled, imagine something like checkpoints with armed guards to bypass if you want to even go in.

Do they...

[PixetaledPikachu]

...run out of Arabic terrorist organization to blame on?