Investigators believe they’ve found the culprit behind cyberattacks on banks in Asia: Kim Jong Un. Having long used counterfeiting, drug trafficking, gun running and slave labor to gain hard currency, North Korea’s dictator may have pulled off the first state-backed digital bank robbery in history.
That’s the conclusion of Symantec, a digital-security firm that has linked North Korean hackers to the theft of $81 million from Bangladesh’s central bank in February and two smaller raids last year on commercial banks in the Philippines and Vietnam. All three heists used computer code seen only twice before: in cyberattacks on South Korean banks and media in 2013 and the hack of Sony Pictures in 2014, both of which the U.S. and others have attributed to North Korea’s hacker army.
The bank heists could have been worse. Though the attackers sought to transfer nearly $1 billion out of Bangladesh’s central bank, alert staffers at banks around the world stopped some $850 million from flowing out. But a theft of $81 million is still one of the largest ever, and officials in the Philippines, where the stolen loot first landed, aren’t confident they’ll track it down.
The hack worked by manipulating Swift, the Society for Worldwide Interbank Financial Telecommunication, the part of global finance’s central nervous system through which 25 million transfer messages worth an estimated $5 trillion pass daily. Swift says the attackers compromised the banks, not its own “core messaging services.” But Swift also sent a mandatory software update to all customers and its CEO warned of a “watershed moment” in global financial risk.
One lesson is not to underestimate Pyongyang’s technological capabilities. The same regime that starves its people also produced counterfeit $100 bills so hard to detect that U.S. officials dubbed them “supernotes.” Pyongyang also has enough nuclear material to make more than 10 bombs, according to the U.S.-based Institute for Science and International Security, and a missile program that threatens the U.S. mainland.
Pyongyang will grow more brazen until it faces greater costs. The Obama Administration promised harsh penalties after the 2014 Sony assault but imposed weak, redundant sanctions that it barely enforced. The U.S. enacted stronger sanctions this year, after Pyongyang’s latest nuclear test, but several pressure points remain untouched.
One option would be to cut off North Korean access to Swift, as the U.S. and European Union did to Iran in 2012. Opponents say using Swift as a sanctions tool encourages China and Russia to create a rival clearinghouse, but they’re working to do that anyway. Why leave holes in North Korean sanctions in the meantime?
The U.S. can also designate North Korea a “primary money-laundering concern,” as it did to Burma and Iran. Washington should return Pyongyang to the terror-sponsor list from which the Bush Administration removed it in 2008.
As usual with North Korea, the greatest impediment is China, the Kim regime’s patron and its bridge to the global Internet. Defectors and experts say North Korean cybersquads operate from northeast Chinese cities such as Shenyang, which would be impossible without official complicity. That such hackers may now be robbing banks around the world should raise doubts about Beijing’s claim to be an anchor of global financial stability.
Will Beijing and Pyongyang be forced to account for the Kims’ bank robberies? That’s up to the U.S. and its allies.