In the U.S., federal prosecutors are looking into whether North Korea played a role in the February 2016, theft of $81m from the New York Federal Reserve Bank belonging to the Bangladesh Central Bank.
Initial reporting indicated the hackers were from China. The culprits reportedly introduced the stolen funds into the Philippines banking system, sold them to an underground foreign exchange broker, then transferred proceeds into at least two local casinos, the funds were then bought back by the money broker and transferred out to accounts overseas in a short period of time.
The Wall Street Journal reports that anonymous sources have indicated that no charges have been filed in the U.S. yet but Chinese middlemen would likely be the targets. Some federal officials believe that, although a unique piece of code was found related to the North Korean cyber attack on Sony in reprisal for the production and promotion of a movie critical of North Korea’s Kim Jong-un, the code may have been tweaked to leave a false trail. The Sony code was reportedly made public after the hack. A piece of that code was used to identify North Korea as parts of that code were nearly identical in structure and functionality to malware known to have been deployed in the past by North Korea.
No charges were ever filed in the Sony hack of 2014.
Bloomberg reports that the New York Fed/Bangladesh hackers used some of the same code. The money was reportedly transferred via SWIFT, meaning the global payment messaging system itself, or an employee was probably compromised, persuading the banks to transfer the funds into four accounts at Rizal Commercial Banking Corp in Manila.
The heist, initially reported at $100 million and later confirmed to be $81m, could have been much larger as the initial attack called for $951m but the NY Fed halted transfers after suspicions were raised.
In March of 2016, the Fed denied they had been compromised but did not rule out the SWIFT angle. On August 11, they responded to Freedom of Information Requests stating that they had provided the asked for documents on July 29. Finally, on August 16 a joint statement by the Federal Reserve Bank of New York, Bangladesh Bank, and SWIFT was released outlining a May 10 meeting the three entities held in Basel Switzerland.
According to the Wall Street Journal, deputy director of the National Security Agency, Richard Ledgett, said at a panel discussion at the Aspen Institute this week in regard to the reported link to North Korea, “If that linkage is true, that means a nation-state is robbing banks,” Ledgett said. “That is a big deal; it’s different.” In a colorful metaphor that does not seem apropos out of complete context, he went on to compare the situation to being like “security guards at Home Depot” being expected to stand up to the North Korean Army.
A small portion, about $15 million, of the money has been returned to Bangladesh from the Philippine banking system after a regional trial court ordered the Bangko Sentral ng Pilipinas (BSP) to return the funds to the Bangladesh central bank. The Philippines Anti-Money Laundering Council stated in December that they were working on recovering more of the money but it’s unclear if more has been returned.
Kim Wong, head of Eastern Hawaii Leisure Company casinos and a junket operator, surrendered the last of the $15m to the Philippine bank in multiple tranches, the first $5 million in May and the last in September. Wong denied any wrongdoing.
The Philippines casino industry was not covered under AML law when the heist occurred and the government has attempted to institute more stringent AML controls since that time, but the 2001 Anti-Money Laundering Act has still not been amended to include casinos. In February the country narrowly escaped being blacklisted by the Paris-based Financial Action Task Force a global body focused on anti-money laundering and terrorist financing.
The 2017 International Narcotics Control Strategy Report from the United States’ Department of State continued to list the Philippines as a “country/jurisdiction of primary concern” due to extreme bank secrecy laws and casinos not being covered by the country’s Anti-Money Laundering Act.