Top NSA official attributes attempted $1B bank heist to North Korean hackers

The story of the Bangladesh Bank/SWIFT heist has gotten much more interesting of late. Now, not only do we have a senior U.S. intelligence official attributing it to a government, we learn that the North Koreans tried to steal nearly ….

A senior National Security Agency official appeared to confirm that North Korean computer hackers were behind a multi-million dollar heist targeting Bangladesh’s central bank last year.

Computer hackers attempted to steal $951 million, but only got away with $81 million, some of which was later recovered. After the theft, security firms quickly pointed the finger at North Korea. Other experts disputed that finding. But on Tuesday, NSA Deputy Director Rick Ledgett appeared to say North Korea was the culprit during a cryptic exchange at a Washington forum.

Speaking at an Aspen Institute roundtable, Ledgett pointed out that private sector researchers had linked the digital break-in in Bangladesh to the 2014 hack on Sony Pictures, which the U.S. government attributed to Pyongyang.

“If that linkage from the Sony actors to the Bangladeshi bank actors is accurate — that means that a nation state is robbing banks,” Ledgett said. “That’s a big deal.” [Foreign Policy]

To be clear, this isn’t U.S. government attribution, and there’s no explanation here of why Ledgett thinks the North Koreans were behind the theft, but Ledgett is described as a “30-year veteran” of the NSA who is due to retire later this year. Such a person wouldn’t ordinarily make that statement unless (1) he believed it, and (2) he was fairly certain the agency management was OK with him saying it in a public forum. In fact,  I think we’re all going to be hearing much more about why people think North Korea is now the only government that robs banks. What I’m also hoping we’ll find out is what bank accounts the money ended up in.

By attacking a bank and making off with large sums of money, North Korea can evade sanctions and obtain foreign currency, but so far, that effort has not delivered serious dividends for Pyongyang.

North Korea: tactically brilliant and strategically moronic since 1948. By the way, don’t expect SWIFT to publicly admit that its software was hacked. Standard behavior for any corporate victim of a cyberattack is to refuse to comment, or even to deny. They’re more worried about their reputations for systems security than in helping to punish hackers and hold them accountable. In most cases, hackers don’t have reputations to protect. When the hacker is a government, however, it has far more to lose by being accused of bank fraud.