The Lazarus heist: How North Korea almost pulled off a billion-dollar hack
In 2016 North Korean hackers planned a $1bn raid on Bangladesh's national bank and came within an inch of success - it was only by a fluke that all but $81m of the transfers were halted, report Geoff White and Jean H Lee But how did one of the world's poorest and most isolated countries train a team of elite cyber-criminals?It all started with a malfunctioning printer
Original Article: The Lazarus heist: How North Korea almost pulled off a billion-dollar hack
Convert your long form article to podcast? Visit SendToPod
Follow me on Twitter to find out more.
----
In 2016 North Korean hackers planned a $1bn raid on Bangladesh's national bank and came within an inch of success - it was only by a fluke that all but $81m of the transfers were halted, report Geoff White and Jean H Lee. But how did one of the world's poorest and most isolated countries train a team of elite cyber-criminals?
It all started with a malfunctioning printer. It's just part of modern life, and so when it happened to staff at Bangladesh Bank they thought the same thing most of us do: another day, another tech headache. It didn't seem like a big deal.
But this wasn't just any printer, and it wasn't just any bank.
Bangladesh Bank is the country's central bank, responsible for overseeing the precious currency reserves of a country where millions live in poverty.
And the printer played a pivotal role. It was located inside a highly secure room on the 10th floor of the bank's main office in Dhaka, the capital. Its job was to print out records of the multi-million-dollar transfers flowing in and out of the bank.
When staff found it wasn't working, at 08:45 on Friday 5 February 2016, "we assumed it was a common problem just like any other day," duty manager Zubair Bin Huda later told police. "Such glitches had happened before."
In fact, this was the first indication that Bangladesh Bank was in a lot of trouble. Hackers had broken into its computer networks, and at that very moment were carrying out the most audacious cyber-attack ever attempted. Their goal: to steal a billion dollars.
To spirit the money away, the gang behind the heist would use fake bank accounts, charities, casinos and a wide network of accomplices.
But who were these hackers and where were they from?
According to investigators the digital fingerprints point in just one direction: to the government of North Korea.
SPOILER ALERT: This is the story told in the 10-episode BBC World Service podcast, The Lazarus Heist - click here to listen. This article is a 20-minute read.
That North Korea would be the prime suspect in a case of cyber-crime might to some be a surprise. It's one of the world's poorest countries, and largely disconnected from the global community - technologically, economically, and in almost every other way.
Image source, Getty Images
And yet, according to the FBI, the audacious Bangladesh Bank hack was the culmination of years of methodical preparation by a shadowy team of hackers and middlemen across Asia, operating with the support of the North Korean regime.
In the cyber-security industry the North Korean hackers are known as the Lazarus Group, a reference to a biblical figure who came back from the dead; experts who tackled the group's computer viruses found they were equally resilient.
Little is known about the group, though the FBI has painted a detailed portrait of one suspect: Park Jin-hyok, who also has gone by the names Pak Jin-hek and Park Kwang-jin.
It describes him as a computer programmer who graduated from one of the country's top universities and went to work for a North Korean company, Chosun Expo, in the Chinese port city of Dalian, creating online gaming and gambling programs for clients around the world.
While in Dalian, he set up an email address, created ...