U.S. Prepping Case Linking North Korea To $81MM New York Fed Bank Heist

As tensions between the U.S and North Korea continue to escalate, with the most recent provocation coming from Kim Jong Un last night, the Wall Street Journal has just reported that Federal prosecutors are building potential cases that would accuse North Korea of directing the theft of $81 million from Bangladesh’s account at the Federal Reserve Bank of New York last year.

The charges, if filed, would target alleged Chinese middlemen who prosecutors believed help North Korea orchestrate the theft, the people said.


The current cases being pursued may not include charges against North Korean officials, but would likely implicate North Korea, people close to the process said—with the U.S. accusing a foreign government of orchestrating one of the biggest bank robberies of modern times.

Richard Ledgett, the deputy director of the National Security Agency, said he was “optimistic about the truth of that,” when asked about reports of a connection between the two cybercrimes.  “If that linkage is true, that means a nation-state is robbing banks. That is a big deal; it’s different,” he said on Tuesday during a panel discussion at the Aspen Institute.

Meanwhile, U.S. Treasury authorities are considering sanctions against the alleged middlemen, an approach the U.S. is increasingly using to go after suspected criminals who are unlikely to fall into U.S. custody.



For those who missed our coverage, roughly a year ago we wrote about extensively about this incident in which a group of hackers used Swift, the interbank messaging system, to steal nearly $100 million from the Central Bank of Bangladesh being held at the Federal Reserve Bank of New York.  Here's a recap:

For those who missed the story, you can review it in all its James Bond-ish glory in the four posts linked below, but here is a brief summary of what happened to the $81 million: 1) it was transferred to four accounts at the Jupiter Street, Makati City, branch of Rizal Commercial Banking Corp (RCBC) in the Philippines, 2) $470,000 in cash went into the branch manager's trunk and the rest went to a possibly forged (but possibly not) account registered to one William Go, 3) the money was transferred to an FX broker called Philrem, 4) $50 million was split between two casinos and the remaining $31 was delivered to a "Weikang Xu" in cash.

From there, the trail goes cold.


Per the WSJ, the hackers behind the Bangladesh heist were likely a part of the same group that hacked Sony back in 2014.

Private security researchers have traced the Bangladesh heist to a hacking group known as Lazarus, which they say was also behind the Sony hack. In 2014, the FBI blamed North Korea for the Sony breach.


“The whole security community has said that the attack tools and techniques used in Sony are the same ones used in Bangladesh,” said Eric Chien, an engineer with security vendor Symantec Corp.

All that said, as always, one must maintain a healthy dose of skepticism when drawing conclusions on issues where pure speculation and conflicting interests can conspire to morph circumstantial evidence into undeniable 'fact'.  As even the WSJ notes, there remains a view among some federal officials that the evidence doesn’t prove beyond a doubt that North Korea was behind the Bangladesh theft.  Moreover, others believe the hackers who carried out the Bangladesh heist may have appropriated, tweaked or repurposed the malicious code that the U.S. government made public after the Sony hack—which wouldn’t necessarily indicate they are linked to North Korea.