Cyber Security and Emerging Threats Uncategorized

North Korea Leading the Rise of Cyberheists

The traditional bank robber is obsolete. He’s put away his gun, mask, and getaway vehicle and retreated to his computer, where astronomical sums can be stolen from half a world away. This is the future of bank robbery: the cyber-heist. While traditional robberies deal with relatively trivial sums of money, cyberheists deal with tens of millions of dollars – amounts that would be impossible to physically steal. While traditional bank robberies are often organized by small-time criminals, cyberheists are sophisticated productions organized by crime syndicates and rogue nations. Compared to other forms of cybercrime, cyberheists are relatively new. Banks have robust security systems that make them impregnable to most adversaries. Nations avoid them for fear of undermining trust in the financial institutions that underpin modern statecraft. Historically and for most people, the value of any theft largely pales in comparison to its long-term costs.

That’s changed. In February 2016, hackers sent thirty-five fake wiring orders to the Bangladesh Bank’s account at the Federal Reserve Bank of New York. Collectively the orders totalled almost $1 billion. Five of them succeeded, transferring US $100~ million to Sri Lanka and the Philippines. 40% of the funds were frozen and recovered before they could be withdrawn, with the rest disappearing into a labyrinth of laundering schemes. The heist could’ve been much worse. Of the thirty blocked orders, most were flagged due to misspelled instructions – a shocking oversight in an otherwise sophisticated operation. The Bangladesh robbery wasn’t the first cyberheist in history. That credit goes to a 2013 heist[ , targeting another Bangladeshi bank, worth US $250,000. However, the 2016 incident was the first heist of its scope, marking the evolution of cyberheists from a somewhat theoretical problem into a major institutional threat.

While attributing hacks is inherently difficult, there was eventually enough evidence to pin the blame on North Korea, a country which holds little affection for international systems and for which cash is particularly scarce. Since this landmark heist, North Korean attacks have become more robust, earning the Kim regime an estimated US $1 billion in revenue. The modus operandi largely stays the same, with a focus on careful reconnaissance work and fraudulent transfers. Recent attacks have become more destructive though, with hackers wiping bank hard disks in order to better mask their tracks. North Korea targets low-hanging fruit, hence the persistent targeting of banks in developing nations, which have weaker security systems and personnel training. Having initially focussed on South Asian banks, North Korea has more recently migrated its attention towards Latin America. In early 2018, Mexico’s state bank blocked an attempted theft[ of US $110 million, while a Chilean bank lost US $10 million.

While low-level banks remain the main targets for now, there are suggestions that North Korea will one day target more established banks in North America or Europe. In 2017, North Korean hackers managed to compromise the website of a Polish bank. It then used this to infect computers visiting that website, a “watering hole” scheme seemingly designed to make inroads into other financial institutions. Through this, North Korea compiled a list of over one hundred institutions that might eventually be targeted, which includes entities such as the Bank of America, European Central Bank, and World Bank. Observers expect some level of restraint when it comes to targeting American banks though, as a significant attack on the American banking sector risks destabilizing fragile negotiations between the United States and North Korea on a potential peace agreement. 

While North Korea moves towards increasingly ambitious targets, the country’s activities are paving the path for other actors to engage in similar heists. Iran is a particular concern given its similar isolation and hunger for cash. Russian criminal hackers are also experimenting in this field, with one cybercriminal group having stolen $1 million from a Russian bank in 2018. Financial institutions have taken notice and are instituting protocols to better defend themselves from attacks, and, when needed, to better recover stolen funds before they can be withdrawn. With both banks and robbers increasingly focussed on the realm of cyber crime, we ought to radically rethink what theft means in the digital age.

Featured Image: Briefcase filled with $100 bills. via

Disclaimer: Any views or opinions expressed in articles are solely those of the authors and do not necessarily represent the views of the NATO Association of Canada.

Adam Zivo
Adam Zivo is a social entrepreneur, photographer, and content producer. His past clients include brands such as America's Next Top Model, Flixel, and Bell Media. He is the founder and director of LoveisLoveisLove, an LGBTQ+ arts campaign that has engaged 400,000+ people to date. Adam completed his Bachelor of Arts in Philosophy at the University of Toronto, and in 2018 will be commencing his Masters of Public Policy and Governance at The Munk School, University of Toronto. Adam maintains a broad knowledge base, but is particularly focussed on cyber and information warfare, the political use of social media, as well as larger intersections of technology and governance.