North Korea Linked to the SWIFT Bank Hacks

North Korea could be behind the recent string of digital attacks on Asian banks, says Symantec. The cyber security firms notes that the attacks could be traced as far back as October 2015, two months prior to the earliest known incident. As you may recall, hackers stole around $80M from Bangladesh's central bank in March, and a similar attack was seen at a Vietnamese bank earlier this month. Symantec says that it has found evidence that distinctive malware that was used in both the hacks had strong commonalities with the 2014 Sony Picture breaches. Security firm FireEye also investigated the matter. From a Bloomberg report: Investigators are examining possible computer breaches at as many as 12 banks linked to Swift's global payments network that have irregularities similar to those in the theft of $81 million from the Bangladesh central bank, according to a person familiar with the probe. FireEye, the security firm hired by the Bangladesh bank, has been contacted by the other banks, most of which are in Southeast Asia, because of signs that hackers may have breached their networks, the person said. They include banks in the Philippines and New Zealand but not in Western Europe or the United States. There is no indication of whether money was taken.

THERE IS NO BANK SECURITY

So you're telling me that an attack originates in a country with almost ZERO internet connectivity, and it took this long to track?

Re:THERE IS NO BANK SECURITY

[rahvin112]

The sony hacks were done from a Hotel In Thailand that NK had rented in a block and sent their hackers to live in for a few weeks. The internet access of NK has no relevancy to their ability to attack if they are willing to send their attackers abroad to orchestrate the attacks.

Roll back?

[Frosty+Piss]

Since this is all electronic - no one walked out of any bank with 80 million in a suitcase - there must be a trail. This trail certainly doesn't end at the Band of Kim Jong Un. Why is it not possible to say, "Well... This transaction was fraudulent. Let's reverse it!"

The money went someplace, and the movement of 80 million would certainly leave traces.

I'm sure I'm totally ignorant of how such a thing, in the world of electronic money transfers between banks and governments, could not be backed up.

Re:Roll back?

Rolling back is no possible because it would collapse the international payment system. The bank that received the funds would not be very happy if the transaction was rolled back while the criminals have already moved the money too yet other banks and accounts, or converted it into untraceable assets like cash, golds, diamants, etc.
If that were possible, receiving banks would freeze ALL incoming funds until they received the 'final clearance'. How long should they wait for that ? what form should this final clearance take ? would it help against this kind of fraud ? unlikely.
It would only bring the worlds complete payment networks to a grinding halt, destroying the world economy the moment this was made possible.

Re:Roll back?

[mr.mdjohnson]

"Once inside the network, the hackers modified software called Alliance Access to both make the transactions and hide the evidence. Alliance reads and writes SWIFT messages to files on the filesystem, and it records transaction information in an Oracle database. The hackers created malware that removed integrity checks within the Alliance software and then monitored the transaction files sent through the system, searching the payment orders and confirmations for specific terms. These terms and the responses to them were specified by a Command and Control server in Egyp When a message with one of the search terms was found, the malware would do different things depending on the kind of message. Payment orders were modified to increase the amounts being moved, updating the Alliance database with new values. Confirmation messages from the SWIFT network were also modified. Confirmations are printed and stored in the database. Before being printed, the malware would alter the confirmations to show the original, correct transaction value; it also deleted conformations from the Alliance database entirely. It's still not clear how the initial transactions were entered into the system to trigger the malware in the first place. Getting the money out is also difficult. It is being laundered through the Philippines, and that laundering is currently being investigated by the Philippine senate. The $81 million that was successfully stolen was sent to the Philippines to accounts at the Rizal Commercial Banking Corp (RCBC) held by two Chinese nationals who organize gambling junkets in Macau and the Philippines. The money was moved to several Philippine casinos and then subsequently to international bank accounts. Philippine casinos are exempted of anti-money laundering law that requires them to report suspicious transactions, making them an attractive target for this kind of crime. The Treasurer of RCBC has resigned, and the manager of one of its branches is facing criminal charges after she withdrew $427,000 from an account linked to the theft. The Governor of the Bangladesh Bank, Atiur Rahman, also resigned in March over the heist.t" http://arstechnica.com/securit...

Kimmie took socks from my dryer

[Tablizer]

Seems everything is blamed on N.K. these days. It's perhaps too easy to do: everybody believes they are jerks, and they can't sue back for defamation if the accusation is wrong.

I'm not saying they didn't do it, only that their situation sure makes them a highly convenient scapegoat.

It reminds me of the time that our boss retired, and every problem was blamed on him afterward because he wasn't around to set the record straight. We knew the accusers were full of it because he didn't even work on most of the projects that flopped. We started to blame plumbing problems on him as a running joke.

Re:Really?

[turbidostato]

"A country in which few people have access to the Internet (few of whom are likely to have real computer skills) and a generally poorly educated population has produced all these skilled hackers that have hacked multiple companies and banks?"

Weird, isn't it?

It is like, say, a country with massive obesity epidemics that still produces a lot of Olympic medals, or something.