How North Korean hackers became the world’s greatest bank robbers


The Reconnaissance General Bureau, North Korea’s equivalent to the CIA, has trained up the world’s greatest bank-robbing crews. In just the past few years, RGB hackers have struck more than 100 banks and cryptocurrency exchanges around the world, pilfering more than $650 million. That we know of.





It was among the greatest heists against a United States bank in history and the thieves never even set foot on American soil.
Nor did they target some ordinary bank. They struck an account managed by the Federal Reserve Bank of New York, an institution renowned for its security.
In vaults 80 feet below the streets of Manhattan, the bank holds the world’s largest repository of gold. Many of these gold bars belong to foreign governments, which feel safer storing their gold inside well-defended bunkers in America than at home.
By the same token, overseas governments also store cash with the Fed. But this is cash in the 21st-century sense: all ones and zeroes, not smudgy bills. The bank holds vast foreign wealth on humming servers wired up to the internet.





Students at Mangyongdae Revolutionary School, a prestigious academy in Pyongyang. North Korea’s elite hackers are often deployed to countries with faster internet speeds to target banks around the world. In the US, they’ve gone after Wells Fargo, Citibank and the New York Federal Reserve. (Credit: KCNA)




That’s what the thieves went after in February 2016: nearly $1 billion, sitting in a Fed-run account. This particular account happened to belong to Bangladesh. Having already hacked into the servers of the Bangladesh Central Bank, the criminals waited until a Friday — a day off in many Muslim-majority nations, Bangladesh included.





Then they started draining the account.





Posing as Bangladesh Central Bank staff, the hackers sent a flurry of phony transfer requests to the Fed totaling nearly $1 billion. The Fed started zapping cash into accounts managed by the thieves overseas, most of them in the Philippines. Much of the money was quickly pulled out as cash or laundered through casinos.





From there, the trail goes cold.





The hackers didn’t get the full billion they desired. Most of the bogus requests were caught and canceled by suspicious personnel. But they did end up with an amazing score: $81 million.





The culprits of this heist are loyal to one of the most impressive organized crime syndicates in the world. They don’t work for the Triads, nor the Sinaloa Cartel, nor Sicily’s Cosa Nostra. They are agents of the Reconnaissance General Bureau (or RGB), which is headquartered in Pyongyang. This is North Korea’s equivalent to the CIA.





Like the CIA, North Korea’s RGB is steeped in clandestine overseas plots: assassinations, abductions and lots of spying. But it is perhaps better understood as a mash-up between the CIA, the KGB and the Yakuza.





What distinguishes the bureau is its entrepreneurial streak — one with a distinctly criminal bent.





For decades, North Korea has been beleaguered by Western sanctions and barred from global markets. This has prodded the regime to seek revenue in darker realms that are beyond the law. These black-market enterprises have included heroin production, printing bogus $100 bills and counterfeiting name-brand cigarettes.





But all of those rackets have now been totally eclipsed by hacking. The bureau has trained up the world’s greatest bank-robbing crews, a constellation of hacking units that pull massive online heists.





These thieves also have one distinct advantage over other syndicates: They are absolutely confident that they’ll never be charged. So it goes when your own country sponsors your criminal mischief.





This is a new phenomenon, according to US intelligence officials. “A nation state robbing banks … that’s a big deal. This is different,” says Richard Ledgett. He was, until his recent retirement, the deputy director of the National Security Agency.





In recent years, North Korea has launched hacks against more than 100 banks and online exchanges in a total of 30 countries. The RGB appears to have successfully pilfered $650 million. That we know of.





And yet they are chronically overlooked — at least in the American media, where talk of online subterfuge is dominated by Russian political hacks. If you weren’t aware that North Korea pulled a heist on the Federal Reserve, note that the caper went down in February 2016, when the media spotlight was fixed on the US presidential race at the expense of, well, almost everything else.





Now that gaze has swung toward North Korea — and for good reason.





Not so long ago, North Korea spoke of smiting the US with its “treasured nuclear sword of justice.” Now it offers grand gestures of warmth. Kim Jong-un has released American prisoners. He has giddily stepped into South Korea — if only for a moment — and he is now readying peace talks with President Donald Trump, a man who has threatened the young autocrat’s life via Twitter. (This could all change in an instant, of course. The North Korean leader suspended talks with South Korea on Wednesday over joint US-Korea military exercises and threatened to cancel his summit with Trump.)





For now, Kim Jong-un and Trump have agreed to meet in Singapore on June 12. This round and future rounds of talks — should they proceed without breaking down —will center on the fact that, against all odds, the leader of this impoverished nation has acquired humankind’s most powerful creation: the hydrogen bomb.





That we all know. But those with deep knowledge of North Korea’s RGB also tend to believe that North Korea has pulled off another stunning technological feat: amassing one of the most skilled hacking syndicates in the world.





Moreover, these bank heists are linked to the state’s nuclear arsenal. Missile tests provoke sanctions. Sanctions dry up North Korea’s foreign cash reserves. Pyongyang is then left scrambling to find alternate revenue streams in the underworld. None of these criminal enterprises are as lucrative as hacking — and none poses a greater threat to the US-dominated global financial system.





To make sense of North Korea’s hacking feats, I sought out Kim Heung-Kwang, a bespectacled 58-year-old computer scientist living in Seoul. Kim is familiar with the thinking of tech-savvy servants of the regime in Pyongyang.





He used to be one of them.










Kim isn’t all that easy to find. That’s how he likes it.





After agreeing to meet, Kim sends directions by text. Following them leads my co-producer, Sona Jo, and me into a drab cement structure on the outskirts of Seoul, far from the capital’s glitzy shopping promenades. Outside, it’s snowing softly and a chill pervades the unheated building. Reaching Kim’s chambers requires a steep climb up a freezing stairwell.





He answers the doorbell in a chipper mood — “Come in!” he says, in a sing-song melody — and promptly offers a cup of green tea. On the way here, I was braced for an awkward, slow-to-warm sort of encounter. That vibe has characterized some of my past interviews with North Korean defectors. They were, after all, reared from birth to despise Americans.





“Well, you’re jackals!” Kim says when I ask about his anti-American indoctrination. He’s laughing with his eyes, which crinkle when he smiles. “That’s what they say. Americans are our everlasting enemy. Bosses of a corrupt empire.”





But Kim is welcoming, exuding the demeanor of a gentle professor. I can’t say the same of the other man in the room: a tall guy, clad in a dark coat, who does not introduce himself but eyes us up and down before retreating to a corner in silence. I decide not to ask.





Kim has come a long way since he emerged scared, soaking wet and nearly possessionless from the Tumen River in 2003. That was the year he sneaked to the banks of the river, which divides his homeland from China, and bribed a North Korean guard. The soldier looked away as Kim swam through freezing waters toward China. But as he swam, Kim says, he was shot at by a second guard whom he’d neglected to bribe.





Ultimately, he made it to the far shore unscathed and, from China, made his way to South Korea. Today, he heads an alliance of highly educated North Korean defectors.





He keeps busy by running this alliance — called North Korea Intellectuals Solidarity — which comprises escaped North Korean lawyers, doctors, engineers, academics and programmers. The intel he has gathered from these associates suggests to him that North Korea’s hackers are “an absolute treasure to Kim Jong-un,” he says. “Because it is becoming clear that North Korean hackers are the best in the world.”





RelatedWhat it will take to to denuclearize North Korea





Kim is a computer scientist himself. He specializes in digital networks and claims he took part in early modem communication between Pyongyang and Hamhung, North Korea’s second-largest city and Kim’s hometown.





That’s also where he spent years as a university professor, teaching soldiers-to-be about online networks. Many of his students, he says, were swept into the RGB to fulfill their ultimate mission: infiltrating the networks of enemies overseas.





Kim believes this background, plus his access to intel shared among hundreds of highly placed defectors, qualifies him as an authority on North Korean hackers. They are, he says, profoundly underestimated on the world stage.





“They’re the geniuses of North Korea,” Kim says. “Let’s make this simple. You want to rank countries when it comes to government hacking? Well, most people will say America is No. 1, Russia is No. 2, China is No. 3and so on.”





“But tell me, honestly. Is anyone pulling off as many successful hacking operations as North Korea?”





Let’s review some of North Korea’s greatest hacks.





In 2014, North Korean agents crept into the digital infrastructure of Sony Pictures, which was preparing to release “The Interview,” a screwball comedy about assassinating Kim Jong-un. Pyongyang’s agents wiped data and leaked embarrassing emails until Sony caved and canceled the film’s mainstream release.





In 2017, North Korean hackers seized Microsoft computers worldwide with a worm known as WannaCry. Devices were rendered useless unless the owner paid a ransom in Bitcoin — the price of unfreezing the computer. More than 200,000 computers in 150 countries were affected.


'; (function() { var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true; dsq.src = '//' + disqus_shortname + '.disqus.com/embed.js'; (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq); })();