Nation State Hackers Case Study: Bangladesh Bank Heist

In 2016, the Bangladesh Bank was breached, resulting in the loss of $81 million. This highly sophisticated attack is seen by many as the largest bank robbery in history, later found to be the works of nation state hackers

The attack was meticulously calculated, beginning a year before the eventual release of such large funds. It is suspected that emails containing malware were sent to employees of the Bangladesh Bank- seemingly harmless files which, when opened, released malware onto the user’s computer. From here, the attackers were able to gain access to the wider systems within the Bangladesh Bank. In the meantime, bank accounts were being set up across the world for the eventual transfer of money. 

The attackers were also able to hack into the SWIFT network through the Bangladesh Bank. The SWIFT network is used to transfer money internationally between banks, and the attackers were knowledgeable of the system, suggesting they had carried out attacks like this before. Having access to the SWIFT network meant that they could transfer money out of the Bangladesh Bank’s account in the New York Federal Reserve. 

The plan was extremely complex, and took advantage of the different time zones involved in international banking. Transferring money from the New York account of the Bangladesh Bank into bank accounts in the Philippines meant the involvement of three time zones. The timing was expertly planned, meaning that when the New York Fed began receiving fraudulent payment orders on Thursday afternoon, the Bangladesh Bank was closed (their weekend begins on Friday). Then, when the Bangladesh bank reopened on the Sunday, the New York Fed was of course closed for the weekend. At this realisation, the Bangladesh Bank tried to contact the banks in the Philippines, which was closed for Chinese New Year. The attack came at a time where banks were unable to communicate effectively, increasing their chance of success. By the time the banks in their respective countries were able to contact each other, it was too late. 

A total of almost $1 billion was ordered to be transferred, though only $81 million was ever actually transferred, as many of the requests were rejected by the New York Fed. However, $81 million is still an extremely vast sum of money. A percentage of the stolen money was immediately sent to a Chinese national, though it is unclear why- perhaps this was someone who had played a role in the attack. The rest of the money, which was sent to accounts across the world, including the Philippines and Sri Lanka, needed to be laundered. This was achieved by sending the money to two casinos in the Philippines, where the hackers gambled and cashed out, leaving no trace of the money. 

This attack was extremely advanced, stealing such a huge amount of money and involving national banks across the world. It is now believed that North Korean nation state hackers are responsible for the heist. The operation fit the patterns of the workings of the Lazarus Group, thought to be associated with North Korea. North Korea is reported to employ over 1,500 hackers across the world, supported by around 5,000 other staff. North Korean hackers are known for their skill in targeting banks in developing nations, especially in Southeast Asia, who may have more security vulnerabilities than countries long-established in the market. The traits of the Lazarus Group found throughout the heist, combined with the known abilities of North Korean hackers in infiltrating banks newly emerging into the market, leads to the strong likelihood that North Korean nation state hackers launched the attack. 

It is, however, very unexpected to see nation state hackers attack for financial gain. Though, in this case, it does seem to make sense. In 2013, sanctions were passed to restrict North Korea’s ability to transfer large sums of money internationally, due to their launching of missile tests against the wishes of other countries. Therefore, this attack may be seen as a response to this sanction- taking matters into their own hands by stealing from international banks. 

This example of nation state hacking demonstrates the immense expertise, forethought and co-ordination of these groups and their attacks. Such large amounts of money stolen, likely never to be retrieved, and the involvement of countries on the international scale highlights just how competent nation state attackers can be, and how their attacks can be devastating.