Bankers beware: North Korea is on a hacking spree

Bankers beware: North Korea is on a hacking spree

Locked in a punishing sanctions regime, North Korea is throwing caution to the wind and has mounted a series of cyber attacks by taking advantage of outdated financial technology, mainly through the SWIFT network. Such cyber-attacks are likely to continue if international financial systems are not shored up in the near future.

A new threat is looming on the horizon, one that has gone largely unnoticed: the string of attacks on the global bank payment messaging system known as SWIFT. Founded in 1973 in Brussels, the company is responsible for the daily transfer of trillions of dollars between banks. The most recent hacking case saw Turkey’s Akbank exposed to a cyber attack which ended up costing the bank around $4 million. This took place a couple of weeks after the Russian central bank suffered a similar fate, leaving it approximately $31 million poorer. An unnamed Ukrainian bank was also targeted through the same method, with unnamed hackers stealing some $10 million.

Despite the considerable sums involved, the attackers have left only breadcrumbs of information behind. Their most successful – and most widely-documented – money-grabbing scheme has been the misappropriation of $81 million from the central bank of Bangladesh. The group exploited a SWIFT product called Alliance Access, a server software system that links banks with the central messaging system, in order to appropriate the central bank’s financial details.

Having penetrated the system and gained access to sensitive financial information, the hackers then masqueraded as the Bangladeshi central bank to request a transfer of funds from the Federal Reserve Bank of New York to a number of private organisations in the Philippines and Sri Lanka. Requests of up to $1 billion worth of transactions raised suspicions among employees at the New York Fed, who alerted the central bank in Bangladesh. Around $870 million was prevented from being transferred after alarm bells sounded.

North Korea targeting overseas black money

These large-scale heists are still shrouded in mystery, and have received relatively little attention by the media and international organisations. SWIFT, for its part, has been reluctant to speak about security breaches and merely warned that the trend is bound to continue well into the future. The company also shifted the blame to the banks, urging them to shore up their defences in order to pre-empt further attacks. Nevertheless, SWIFT does not have authority over financial institutions and therefore has no mandate to impose any requirements on them. The nature of these attacks is growing in sophistication, and it is unlikely that SWIFT’s efforts to tackle the issue will suffice. Worse, both SWIFT and the victims have so far refused to divulge key information, complicating possible preventive measures.

From the scraps of information we do have available, the most credible culprit seems to be the Lazarus Group, a North Korean hacking crew known for infiltrating Sony’s systems in 2014. It makes sense: shut out from the world by a decade-old sanctions regime over its illicit nuclear activities, North Korea has found a novel way of raising funds. In choosing their targets, the hackers have gone after weakly protected financial institutions that, most importantly, have large amounts of ‘illegitimate’ money on their books.

It is no coincidence that the aforementioned string of attacks was concentrated around the Black Sea region, targeting Russian, Ukrainian and Turkish banks. A significant proportion of the money deposited in the financial institutions of these countries has been made through illegal means, thereby complicating any complaint these institutions could otherwise lodge.

Just look at the most recent case of money laundering involving the Russian subsidiary of Deutsche Bank, which was dealt a huge fine for failing to properly obtain information from its customers dealing in suspicious trades. Some 2,400 suspect trades, worth a whopping $10 billion, were identified. As for Turkey, the Central Bank has been accused of circumventing Iranian sanctions by paying Teheran in gold for oil exports. Other Turkish entities have been involved in “terrorism financing” by refusing to freeze suspected assets, drawing the ire of the United States.

Is blockchain the solution?

Since North Korea shows no signs of winding down its costly nuclear program, having just tested a ballistic missile on Sunday, and since China refuses to slap harsher sanctions on Pyongyang, such cyber attacks will likely continue and only grow in scale in the future. That is, unless the world banking system gets its act together and revamps the outdated SWIFT system.

The World Economic Forum offers a solution: standardizing blockchain, the technology behind bitcoin, into the cross-border bank payment system. The function of blockchain is to make sure that every transaction in a chain of transactions is recorded. Money transfers can thus be traced at each step of the chain of transactions, and any suspicious movement of money can be detected. The technology has so far been successfully implemented by a number of Silicon Valley start-ups. If it were implemented with successful interoperability between banks, North Korea’s hacking units may find it substantially more difficult to penetrate confidential information within banks in their attempts to steal money.

This prospect is not far fetched. Last month, SWIFT itself announced that it is mulling over the prospect of introducing blockchain into its communication system. Analysts were not enthused; however, as the company did not give a time frame for the program and did not talk about the costs this transition entails. With the number of cyber attacks set to increase in the near future as North Korea’s nuclear saber rattling continues, (transparently) reforming the banking system is the only way to make sure the hermit kingdom scales down its ambitions.

About Author

Leon Aslanov

Leon Aslanov holds an MSc in International Public Policy from University College London. He is a researcher and political analyst with an in-depth knowledge on the languages, societies and politics of the South Caucasus, Turkey, Iran and the surrounding region. His specific research interests lie in conflict resolution, divided societies and history of the aforementioned regions.