All started with a malfunctioning printer, BBC reports on BB cyber heist
How N Korea pulled off a billion-dollar hack
BI Report || BusinessInsider
It may sound unbelievable that the Bangladesh Bank’s cyber heist in February 2016 began with a faulty printer, but BBC disclosed it in a report on Monday.
“It all started with a malfunctioning printer. It's just part of modern life, and so when it happened to staff at Bangladesh Bank they thought the same thing most of us do: another day, another tech headache. It didn't seem like a big deal," the report says.
But this wasn't just any printer, and it wasn't just any bank.
Bangladesh Bank is the country's central bank, responsible for overseeing the precious currency reserves of a country where millions live in poverty, reports BBC.
The printer played a pivotal role which was located inside a highly secure room on the 10th floor of the bank's main office in Dhaka, the capital of Bangladesh.
Its job was to print out records of the multi-million-dollar transfers flowing in and out of the bank, the report said.
When staff found the printer was not working around 08:45 on Friday, February, 5 2016, “We assumed it was a common problem just like any other day,” Zubair Bin Huda, the then duty manager, later told police. "Such glitches had happened before."
In fact, this was the first indication that Bangladesh Bank was in a lot of trouble.
Hackers had broken into its computer networks and at that very moment were carrying out the most audacious cyber-attack ever attempted. Their goal: to steal a billion dollars.
To spirit the money away, the gang behind the heist would use fake bank accounts, charities, casinos and a wide network of accomplices. But who were these hackers and where were they from?
According to investigators the digital fingerprints point in just one direction to the government of North Korea.
That North Korea would be the prime suspect in a case of cyber-crime might to some be a surprise. It's one of the world's poorest countries, and largely disconnected from the global community - technologically, economically, and in almost every other way.
And yet, according to the FBI, the audacious Bangladesh Bank hack was the culmination of years of methodical preparation by a shadowy team of hackers and middlemen across Asia, operating with the support of the North Korean regime.
In the cyber-security industry the North Korean hackers are known as the Lazarus Group, a reference to a biblical figure who came back from the dead experts who tackled the group's computer viruses found they were equally resilient.
Little is known about the group, though the FBI has painted a detailed portrait of one suspect:
Park Jin-hyok, who also has gone by the names Pak Jin-hek and Park Kwang-jin.
Who is this Park Jin-hyok?
The report describes him as a computer programmer who graduated from one of the country's top universities and went to work for a North Korean company, Chosun Expo, in the Chinese port city of Dalian, creating online gaming and gambling programs for clients around the world.
While in Dalian, he set up an email address, created a CV and used social media to build a network of contacts.
Cyber-footprints put him in Dalian as early as 2002 and off and on until 2013 or 2014, when his internet activity appears to come from the North Korean capital, Pyongyang, according to an FBI investigator's affidavit.
The agency has released a photo plucked from a 2011 email sent by a Chosun Expo manager introducing Park to an outside client.
It shows a clean-cut Korean man in his late 20s or early 30s, dressed in a pin-striped black shirt and chocolate-brown suit.
But the FBI says that while he worked as a programmer by day, he was a hacker by night.
In June 2018, US authorities charged Park with one count of conspiracy to commit computer fraud and abuse, and one count of conspiracy to commit wire fraud (fraud involving mail, or electronic communication) between September 2014 and August 2017.
He faces up to 20 years in prison if he is ever tracked down. (He returned from China to North Korea four years before the charges were filed.)
Short presentational grey line
When the bank's staff rebooted the printer, they got some very worrying news.
Spilling out of it were urgent messages from the Federal Reserve Bank in New York - the "Fed" - where Bangladesh keeps a US-dollar account.
The Fed had received instructions, apparently from Bangladesh Bank, to drain the entire account - close to a billion dollars.
The Bangladeshis tried to contact the Fed for clarification, but thanks to the hackers' very careful timing, they couldn't get through.
The hack started around 20:00 Bangladesh time on Thursday 4 February. But in New York it was Thursday morning, giving the Fed plenty of time to (unwittingly) carry out the hackers' wishes while Bangladesh was asleep.
The next day, Friday, was the start of the Bangladeshi weekend, which runs from Friday to Saturday. So the bank's HQ in Dhaka was beginning two days off.
And when the Bangladeshis began to uncover the theft on Saturday, it was already the weekend in New York.
"So you see the elegance of the attack," says US-based cyber-security expert Rakesh Asthana.
"The date of Thursday night has a very defined purpose. On Friday New York is working, and Bangladesh Bank is off. By the time Bangladesh Bank comes back on line, the Federal Reserve Bank is off. So it delayed the whole discovery by almost three days."
And the hackers had another trick up their sleeve to buy even more time. Once they had transferred the money out of the Fed, they needed to send it somewhere. So they wired it to accounts they'd set up in Manila, the capital of the Philippines.
And in 2016, Monday 8 February was the first day of the Lunar New Year, a national holiday across Asia.
By exploiting time differences between Bangladesh, New York and the Philippines, the hackers had engineered a clear five-day run to get the money away.
They had had plenty of time to plan all of this, because it turns out the Lazarus Group had been lurking inside Bangladesh Bank's computer systems for a year.