The commotion in Bangladesh over missing $1B was bigger not so much because of money missing, but how it went undetected, and covered up.
BAL goondas preemptively abducted country's leading computer security guy, beaten him half dead, and made him shut-up for a mere prospect of him being involved into investigation.
Note that a billion dollar didn't go missing - they attempted to steal a billion dollar but only managed to get $81 million, out of which roughly a quarter has been recovered by Bangladesh.
As the article points out, the cover-up started at the highest level, with the governor of the central bank himself not informing the government or law agencies as soon as the news reached him. He tried to hire some other security agencies to trace and retrieve the money, (probably hoping to salvage some of his reputation and following the old maxim that it is better to seek forgiveness than permission). He ofcourse had to resign the next day.
I am sure the law went overboard while investigating a case of this maginitude with huge public pressure on them - it's pretty common in Asia for the police to even resort to torture.
Not spoken about here is the fact that Lazarus __did__ make off with well over a billion dollars in funds by hacking numerous cryptocurrency exchanges around Asia and got away with it, too.
Oh, and this is just KuCoin they're talking about here. They stole well over $3 billion more from several other exchanges in 2017-2018. All the exchange hacks back then on the various Asian exchanges are attributed to them. Really likely they made off with upward of $5 billion in today's terms of all sorts of altcoins.
>In the ensuing years, tech security firms have attributed many more cryptocurrency attacks to North Korea. They claim the country's hackers have targeted exchanges where cryptocurrencies like Bitcoin are swapped for traditional currencies. Added together, some estimates put the thefts from these exchanges at more than $2bn.
“But North Korea is better than that. They would not steal all the other movies and not grab The Interview. I am convinced that this is an inside job.”
Surely the fact that The Interview was the one movie they did not want to "grab" indicates that there was something about that movie. Perhaps they grabbed the others to spread them freely on pirate sites, but didn't want to spread The Interview because their whole aim was to make sure no one could ever see it.
The article uses the phrase 'It was "well-known in the intel community"' from an FBI agent to prove a North Korean connection. They aren't doubting the FBI at all in this story, it's less cheap entertainment more blatant propaganda.
It's well known among people who pay attention to these sorts of things, but a lot of otherwise well educated people seem to think that all of North Korea is a primitive backwater stuck in the 50s lacking any kind of technical sophistication.
Tangential question: in order to become educated/expert in some field (e.g. IT) one needs the freedom of doing research, free access to information, Internet, thus exposure to "western"/civilized values, human rights, etc... So how NK "produces" such experts behind the iron curtain?
Exposure to “Western”/civilized values? What are you even talking about?
Yes you can learn to be a script kiddy and plan heists without having the pledge of allegiance as part of a balanced breakfast. Books and random websites and stuff!
Not to mention that people from NK or China don’t just explode from logic errors after discovering Facebook.
And yes people have ways of getting around internet blocking stuff for “reasons”. They get exposed to minion memes and come out without being totally radicalized.
> So in order to train its cyber-warriors, the regime sends the most talented computer programmers abroad, mostly to China.
There they learn how the rest of the world uses computers and the internet: to shop, to gamble, to network and to be entertained. It's there, experts say, that they are transformed from mathematical geniuses into hackers.
The hackers have a lot more access to information than regular citizens because they need it to do their job, but it would be interesting to know how that affects the defection rate.
I very much doubt North Korea produces a ton of experts on their own.
China is likely happy to supply experts and teaching, though, as long as they are used to disrupt China's opposition. Provides a layer of plausible deniability for China.
I feel like as somebody that works in tech, infosec media tends to feel too dense, or overdramatised (nothing against the BBC writers, I don't expect them to be super technical)
The best middleground I found was Sandworm by Andy Greenberg. Does anybody know of similar works?
>In January 2015, an innocuous-looking email had been sent to several Bangladesh Bank employees. It came from a job seeker calling himself Rasel Ahlam. His polite enquiry included an invitation to download his CV and cover letter from a website. In reality, Rasel did not exist - he was simply a cover name being used by the Lazarus Group, according to FBI investigators. At least one person inside the bank fell for the trick, downloaded the documents, and got infected with the viruses hidden inside.
>Once inside the bank's systems, Lazarus Group began stealthily hopping from computer to computer, working their way towards the digital vaults and the billions of dollars they contained.
I'd say when you want elite level hackers, then try those: https://ctftime.org/ like
More Smoked Leet Chicken, Dragon Sector or Plaid Parliament of Pwning
> thieves had gained access to a key part of Bangladesh Bank's systems, called Swift
Eh, what? I recall that to get access to SWIFT, you would require a SWIFT USB stick. How would a hacker be able to access SWIFT without the USB stick? This story doesn't smell right to me.
[+] [-] baybal2|4 years ago|reply
The commotion in Bangladesh over missing $1B was bigger not so much because of money missing, but how it went undetected, and covered up.
BAL goondas preemptively abducted country's leading computer security guy, beaten him half dead, and made him shut-up for a mere prospect of him being involved into investigation.
[+] [-] webmobdev|4 years ago|reply
As the article points out, the cover-up started at the highest level, with the governor of the central bank himself not informing the government or law agencies as soon as the news reached him. He tried to hire some other security agencies to trace and retrieve the money, (probably hoping to salvage some of his reputation and following the old maxim that it is better to seek forgiveness than permission). He ofcourse had to resign the next day.
I am sure the law went overboard while investigating a case of this maginitude with huge public pressure on them - it's pretty common in Asia for the police to even resort to torture.
[+] [-] bigbluedots|4 years ago|reply
[+] [-] mcintyre1994|4 years ago|reply
[+] [-] frogcoder|4 years ago|reply
[+] [-] BTCOG|4 years ago|reply
https://www.forbes.com/sites/thomasbrewster/2021/02/09/north...
Oh, and this is just KuCoin they're talking about here. They stole well over $3 billion more from several other exchanges in 2017-2018. All the exchange hacks back then on the various Asian exchanges are attributed to them. Really likely they made off with upward of $5 billion in today's terms of all sorts of altcoins.
https://www.coindesk.com/north-korean-hacking-group-lazarus-...
[+] [-] meowface|4 years ago|reply
>In the ensuing years, tech security firms have attributed many more cryptocurrency attacks to North Korea. They claim the country's hackers have targeted exchanges where cryptocurrencies like Bitcoin are swapped for traditional currencies. Added together, some estimates put the thefts from these exchanges at more than $2bn.
[+] [-] bellyfullofbac|4 years ago|reply
Was the Sony hack really done by the North Koreans [1]? "Journalists" just repeating what the FBI say make me doubt their seriousness.
[1] https://talglobal.com/knowledge-center/hack-at-sony-pictures...
[+] [-] rjmunro|4 years ago|reply
Surely the fact that The Interview was the one movie they did not want to "grab" indicates that there was something about that movie. Perhaps they grabbed the others to spread them freely on pirate sites, but didn't want to spread The Interview because their whole aim was to make sure no one could ever see it.
[+] [-] boomboomsubban|4 years ago|reply
[+] [-] sudeepj|4 years ago|reply
Really? This is actually well-known (atleast amongst security agencies) [1][2]
[1] https://www.ft.com/content/cbb28ab8-8ce9-11e9-a24d-b42f641ec...
[2] https://www.business-standard.com/article/international/cybe...
[+] [-] dagw|4 years ago|reply
[+] [-] johncoltrane|4 years ago|reply
[+] [-] shahchirag1709|4 years ago|reply
Just wanted to share.
[+] [-] jollygoodshow|4 years ago|reply
[+] [-] mzs|4 years ago|reply
[+] [-] zerr|4 years ago|reply
[+] [-] rtpg|4 years ago|reply
Yes you can learn to be a script kiddy and plan heists without having the pledge of allegiance as part of a balanced breakfast. Books and random websites and stuff!
Not to mention that people from NK or China don’t just explode from logic errors after discovering Facebook.
And yes people have ways of getting around internet blocking stuff for “reasons”. They get exposed to minion memes and come out without being totally radicalized.
[+] [-] wombatmobile|4 years ago|reply
[+] [-] f00zz|4 years ago|reply
https://www.bloomberg.com/news/features/2018-02-07/inside-ki...
[+] [-] cinntaile|4 years ago|reply
[+] [-] 55555|4 years ago|reply
[+] [-] bluefirebrand|4 years ago|reply
China is likely happy to supply experts and teaching, though, as long as they are used to disrupt China's opposition. Provides a layer of plausible deniability for China.
[+] [-] igou|4 years ago|reply
The best middleground I found was Sandworm by Andy Greenberg. Does anybody know of similar works?
[+] [-] tester756|4 years ago|reply
>In January 2015, an innocuous-looking email had been sent to several Bangladesh Bank employees. It came from a job seeker calling himself Rasel Ahlam. His polite enquiry included an invitation to download his CV and cover letter from a website. In reality, Rasel did not exist - he was simply a cover name being used by the Lazarus Group, according to FBI investigators. At least one person inside the bank fell for the trick, downloaded the documents, and got infected with the viruses hidden inside.
>Once inside the bank's systems, Lazarus Group began stealthily hopping from computer to computer, working their way towards the digital vaults and the billions of dollars they contained.
I'd say when you want elite level hackers, then try those: https://ctftime.org/ like
More Smoked Leet Chicken, Dragon Sector or Plaid Parliament of Pwning
[+] [-] jokethrowaway|4 years ago|reply
The main difference is that they know they have their country's backing and they don't need to account for that risk, allowing them to aim higher.
[+] [-] jialutu|4 years ago|reply
Eh, what? I recall that to get access to SWIFT, you would require a SWIFT USB stick. How would a hacker be able to access SWIFT without the USB stick? This story doesn't smell right to me.
Here is a link for SWIFT Alliance Lite 2:
https://www.swift.com/our-solutions/interfaces-and-integrati...