N. Korea banking on cyber attacks on banks for cash?

Despite sanctions, the country's economy is growing steadily and 'regime is getting wealthier'

North Korean hackers have become more sophisticated even as their goals have turned financial, in addition to efforts to spread propaganda, heist data and disrupt government and news websites in nations considered enemies. PHOTO: BLOOMBERG

SEOUL • When hackers associated with North Korea tried to break into Polish banks late last year, they left a trail of information about their apparent intentions to steal money from more than 100 organisations around the world, according to security researchers.

A list of Internet Protocol addresses, which was supplied by the security researchers and analysed by The New York Times, showed that the hacking targets included institutions like the World Bank, the European Central Bank and big United States companies such as Bank of America.

While some of the Polish banks took the hackers' bait, the scheme was detected fairly quickly and there is no evidence that any money was stolen from the targets.

Yet security researchers said the hit list, found embedded in the code of the attack on more than 20 Polish banks, underlines how sophisticated the North Korean hackers have become as their goals have turned financial, in addition to efforts to spread propaganda, heist data and disrupt government and news websites in nations considered enemies.

  • 100 More than this number of organisations worldwide that hackers associated with North Korea wanted to steal money from. They left a trail of details about their apparent intentions when they tried to break into Polish banks last year.

    1,700 Number of hackers that North Korea's hacking network emcompasses.

    5,000 More than this number of trainers, supervisors and others in supporting roles aid the group of North Korean hackers, South Korean officials estimate.

  • Signs of upcoming nuclear test

  • SEOUL • A fresh batch of vehicles has recently been spotted at North Korea's nuclear test site in another indication that the reclusive country may be preparing for its sixth nuclear test, said a United States think-tank yesterday.

    The 38 North, a website run by the US-Korea Institute at Johns Hopkins University, said satellite imagery showed four or five vehicles at the entrance to the North Portal - the main administrative area and the command centre of the Punggye-ri nuclear test site.

    Four of North Korea's five nuclear tests were carried out there.

    The imagery also showed construction material at a nearby storage lot. If the material is sand and aggregate, it could be mixed with concrete before being used to plug the tunnel to prevent a nuclear explosion from escaping into the atmosphere, said the think-tank.

    Its report comes amid speculation that North Korea is preparing a nuclear test to mark key anniversaries next month.

    The think-tank had warned earlier this month that North Korea could be carrying out "substantial tunnel excavation" at the nuclear test site to support an explosion up to 14 times more powerful than its last test in September.

    Pyongyang yesterday issued a statement via state media threatening to conduct "special operations and pre-emptive attacks" to crush ongoing US-South Korea military exercises.

The list of targets is part of a growing body of evidence showing how North Korea, a country that is cut off from much of the global economy, is trying to use its cyber attack abilities to bring in cash - and making progressively bolder attempts to do so.

North Korea's hacking network is immense, encompassing a group of 1,700 hackers aided by more than 5,000 trainers, supervisors and others in supporting roles, South Korean officials estimate. Because of the country's poor infrastructure, the hackers typically work abroad.

The security firm Symantec said it believed that the hackers behind the Poland attack were also behind two other major breaches.

They were the theft of US$81 million (S$113 million) from the central bank of Bangladesh and a 2014 attack on Sony Pictures which rocked the film industry.

In the bank theft, the attackers, using a global payment messaging system known as Swift, were able to persuade the Federal Reserve Bank of New York to move money from the Bangladesh bank to accounts in the Philippines.

The New York Fed released some of the US$951 million to accounts in the Philippines, as requested by the attackers. But officials in New York halted the full transfer when they noticed that something seemed amiss.

Swift has been urging the thousands of banks that belong to its network to take precautions.

The Wall Street Journal, citing people familiar with the matter, reported that prosecutors believe Chinese middlemen helped North Korea orchestrate the 2016 theft from Bangladesh's central bank, which was among the biggest bank robberies in modern times.

Swift has since revealed that its messaging system has been targeted in a "meaningful" number of other attacks last year using a similar approach as that in the Bangladesh incident.

It said it planned to cut off the remaining North Korean banks still connected to its system as concerns about the country's nuclear programme and missile tests grow.

A North Korean envoy said his country has been under sanctions for "half a century" but the communist state survives by placing an emphasis on juche or "self-sufficiency".

Mr John Park, director of the Korea Working Group at the Harvard Kennedy School, told Washington Post: "There's a puzzle here: The regime is getting wealthier amid the increasing implementation of sanctions."

While the North Korean economy is far from booming, it has been steadily expanding in recent years, as evidenced by all the construction in Pyongyang despite increasingly tight restrictions imposed by the outside world.


Join ST's Telegram channel and get the latest breaking news delivered to you.

A version of this article appeared in the print edition of The Straits Times on March 27, 2017, with the headline N. Korea banking on cyber attacks on banks for cash?. Subscribe