Slave to the Blog: The Willie Sutton Edition
Legend has it that when asked why he robbed banks, the notorious criminal Willie Sutton responded “because that’s where the money is.” I told Brian Todd of CNN the same thing when he asked me why the North Koreans were breaking into banks. Regrettably my soundbite was left on the cutting room floor.
Last week Steph Haggard discussed a Symanec report in the press about last year’s robbery of the Bangladesh central bank. Now, an interesting new piece of circumstantial evidence has come to light via Kapersky Lab. They claim that the North Korean hacker group Lazarus left behind a digital fingerprint when a server it was using crashed in Europe and they were unable to wipe its logs. The recovered log contained a link to a server back in North Korea. Lazarus has been associated with attacks on South Korean banks in 2013, the Sony hack in 2014, and the $81 million Bangladesh heist last year, among other incidents.
CNN is reporting that the hackers infiltrated the World Bank, the European Central Bank, and the central banks of Brazil, Chile, Estonia, Mexico, and Venezuela, as well as commercial banks, trading companies, and casinos around the world. Indeed, one of the difficulties Lazarus encountered was laundering the stolen funds. They were reduced to turning them into casino chips in the Philippines. The supposition is that the North Koreans are not breaking into banks in Nigeria to steal money (though given the history of 419 scams there is a delicious irony in that), but rather it is creating a sleeper network of compromised accounts, so that when it pulls off the next big heist it will have a network ready to launder the money.
And why stop there? South Korea is having an election next month, and there is concern that the North Koreans might take a play out of the Russian play book and try to interfere in their next election—or ours.