North Korea Linked to the SWIFT Bank Hacks

North Korea could be behind the recent string of digital attacks on Asian banks, says Symantec. The cyber security firms notes that the attacks could be traced as far back as October 2015, two months prior to the earliest known incident. As you may recall, hackers stole around $80M from Bangladesh's central bank in March, and a similar attack was seen at a Vietnamese bank earlier this month. Symantec says that it has found evidence that distinctive malware that was used in both the hacks had strong commonalities with the 2014 Sony Picture breaches. Security firm FireEye also investigated the matter. From a Bloomberg report: Investigators are examining possible computer breaches at as many as 12 banks linked to Swift's global payments network that have irregularities similar to those in the theft of $81 million from the Bangladesh central bank, according to a person familiar with the probe. FireEye, the security firm hired by the Bangladesh bank, has been contacted by the other banks, most of which are in Southeast Asia, because of signs that hackers may have breached their networks, the person said. They include banks in the Philippines and New Zealand but not in Western Europe or the United States. There is no indication of whether money was taken.

The KIMs never die

[Anonymous Coward]

They just want to fuck you up!

THERE IS NO BANK SECURITY

[Anonymous Coward]

So you're telling me that an attack originates in a country with almost ZERO internet connectivity, and it took this long to track?

Re:

[Anonymous Coward]

Apparently NK hackers operate out of China; see e.g. here: http://edition.cnn.com/2015/01/06/asia/north-korea-hackers-shenyang/

Re:

[93 Escort Wagon]

What I find interesting is that, almost immediately after the Sony breach, the US government said "we're pretty sure North Korea did it"... and got soundly mocked.

Re:

[Coren22]

How do you propose that we "prove" who was responsible?

Re:

[Agripa]

Even a stopped clock is correct twice a day. The U.S. lacks credibility when making such unsupported statements.

Re:

[rahvin112]

The sony hacks were done from a Hotel In Thailand that NK had rented in a block and sent their hackers to live in for a few weeks. The internet access of NK has no relevancy to their ability to attack if they are willing to send their attackers abroad to orchestrate the attacks.

Re:

[Agripa]

I wonder though how they manage their training program without such poor domestic internet connectivity. That must be done outside of North Korea also.

Roll back?

[Frosty Piss]

Since this is all electronic - no one walked out of any bank with 80 million in a suitcase - there must be a trail. This trail certainly doesn't end at the Band of Kim Jong Un. Why is it not possible to say, "Well... This transaction was fraudulent. Let's reverse it!"

The money went someplace, and the movement of 80 million would certainly leave traces.

I'm sure I'm totally ignorant of how such a thing, in the world of electronic money transfers between banks and governments, could not be backed up.

Re:

[Anonymous Coward]

Rolling back is no possible because it would collapse the international payment system. The bank that received the funds would not be very happy if the transaction was rolled back while the criminals have already moved the money too yet other banks and accounts, or converted it into untraceable assets like cash, golds, diamants, etc.
If that were possible, receiving banks would freeze ALL incoming funds until they received the 'final clearance'. How long should they wait for that ? what form should this fina

Re:

[Sir Holo]

Rolling back is no possible because it would collapse the international payment system. The bank that received the funds would not be very happy if the transaction was rolled back while the criminals ...

Fuck the SWIFT System. They take over a week for me to get a few thousand over from the US to the UK (allies).

PayPal will let me do it instantaneously. I do it all the time.

Re:

[Marcus Johnson]

"Once inside the network, the hackers modified software called Alliance Access to both make the transactions and hide the evidence. Alliance reads and writes SWIFT messages to files on the filesystem, and it records transaction information in an Oracle database. The hackers created malware that removed integrity checks within the Alliance software and then monitored the transaction files sent through the system, searching the payment orders and confirmations for specific terms. These terms and the responses

Re:

[laughingskeptic]

I'm sure it was quickly used to purchase pre-positioned shell companies which lived only long enough to perform further transactions. If the world's banks all operated on a nice block-chain then one could follow the trail. But in order to follow the trail of nested shell companies one would have to be able to track the activities of every crooked attorney at every courthouse in the world. My solution is banks should only interact with whitelisted entities rather than relying on national and various other

Kimmie took socks from my dryer

[Tablizer]

Seems everything is blamed on N.K. these days. It's perhaps too easy to do: everybody believes they are jerks, and they can't sue back for defamation if the accusation is wrong.

I'm not saying they didn't do it, only that their situation sure makes them a highly convenient scapegoat.

It reminds me of the time that our boss retired, and every problem was blamed on him afterward because he wasn't around to set the record straight. We knew the accusers were full of it because he didn't even work on most of the projects that flopped. We started to blame plumbing problems on him as a running joke.

Re:

[edittard]

It reminds me of the time that our boss retired, and every problem was blamed on him afterward because he wasn't around to set the record straight.

So the joke about three envelopes is based on reality?

Re:

[tnk1]

They did say that the attack had similarities to the Sony Pictures hack, which was also believed to be NK. I don't think they just picked NK out of a hat before making the assertion.

The Kims are the closest thing to a bunch of real-life Bond villains that the world has ever seen. This is definitely not out of character for them.

Re:

[Tablizer]

Kims are the closest thing to a bunch of real-life Bond villains

Oh, but there are other strong contenders. [telegraph.co.uk]

Re:

[khallow]

The obvious rebuttal is who needs to blame the North Koreans? Saying you got robbed by the North Koreans isn't any gentler to your career than saying you got robbed by anyone else with similar degree of sophistication. And at least Russian mobsters have a track record of effective stealing from banks.

Re:

[rahvin112]

NK has been counterfeiting US currency for like 20 years. In fact the entire reason the US Mint started making all the news bills you see in circulation now is because NK and Iran both started large scale counterfeiting.

Re:

[slashrio]

Never let a good crisis go to waste!

Re:

[tnk1]

What you appear to be missing is a connection between your putative experience and your conclusion. One example of such would be the facts that you are using to back up your assertion.

Just who types this bullshit

[tetraverse]

Just who types this bullshit?

The popular bad guy

[gurps_npc]

We know they do bad things, so they are the goto bad-guys now. After all, if they support counterfeiting, what else won't they do?

Honestly, we probably have no idea who did this, but they are the most likely bad actors.

Re:

[swb]

You would think they might consider going all in on illicit drug manufacturing.

It'd generate huge hard currency profits, PRK has the intellectual know-how and ability to setup a completely vertically integrated production process at large scale, is totally immune from any government sanction and has a security apparatus that no competing cartel could match.

I think its been rumored they have been linked to methamphetamine production in the past, but you wonder why they wouldn't ramp this up with a wider prod

Re:

[Blaskowicz]

I just read somewhere that they have no real medicines in their hospitals, so they make do with readily available heroin instead. It wouldn't surprise me but I have to wonder how could be verified that information.

I guessed right!

[GameboyRMH]

https://tech.slashdot.org/comm... [slashdot.org]

Really?

[whoever57]

A country in which few people have access to the Internet (few of whom are likely to have real computer skills) and a generally poorly educated population has produced all these skilled hackers that have hacked multiple companies and banks?

It doesn't seem very likely.

Re:

[GameboyRMH]

You think their starving peasants are the ones doing the hacking? More likely a military-run black-hat group. They have a nuclear weapons program that occasionally makes working nukes and missiles, I think they can train a group of cybercriminals.

Re:

[turbidostato]

"A country in which few people have access to the Internet (few of whom are likely to have real computer skills) and a generally poorly educated population has produced all these skilled hackers that have hacked multiple companies and banks?"

Weird, isn't it?

It is like, say, a country with massive obesity epidemics that still produces a lot of Olympic medals, or something.

Re:

[Hognoxious]

In the sport example, there's a selection mechanism in place. Starting from a pool of pretty much everybody, the gym teacher selects the best kids for the school team, and the ones who win the city championship compete at the state level and so forth until the best are in the national squad.

You couldn't do that if only a dozen people have ever actually seen a running track. Well you could, but they probably wouldn't win very much.

tl;dr either the Norks are utterly brilliant at talent spotting or they're s

Bullshit and lies

[Anonymous Coward]

just more propaganda against one of several countries on the U.S political agenda. North Korea don't have nowhere near the resources and skill-set to do this, period. If it comes out of the foul mouth of the war-mongering U.S, then be highly suspicious of it.

Re:

[Anonymous Coward]

And with that statement, who do you think needs to most urgently be disconnected, North Korea, who couldn't computer-hack their way out of 127.0.0.1, or the U.S who has tried to hack every government and industry in the world? Do you actually believe North Korea are responsible for this?

For people wondering how North Korea got so good i

[manu144x]

Basically the new leader has the entire country oriented towards computer science. He basically built a small city just for them, with much higher standards of living than the rest of the population. They even have malls, restaurants, taxis, cars, everything. So now every teen has incentive to be good at software as it can be their entire family ticket out of poverty and hunger. He can move his family, and his parents to a free apartment there. Of course it's still very controlled, imagine something like

Do they...

[PixetaledPikachu]

...run out of Arabic terrorist organization to blame on?