WSJ: Feds may indict North Koreans in Bangladesh Bank fraud

This story just gets more interesting by the day:

Federal prosecutors are building cases that would accuse North Korea of directing one of the biggest bank robberies of modern times, the theft of $81 million from Bangladesh’s account at the Federal Reserve Bank of New York last year, according to people familiar with the matter.

The charges, if filed, would target alleged Chinese middlemen who prosecutors believe helped North Korea orchestrate the theft, the people said.

The current cases being pursued may not include charges against North Korean officials, but would likely implicate North Korea, people close to the process said. [Wall Street Journal, Aruna Viswanatha and Nicole Hong]

Traditionally, robbery has meant theft by means of force or intimidation. I thought this case sounded like a better fit for bank fraud until I read the Criminal Code section on bank robbery, which is much broader than the common law definition and covers the whole life cycle of the criminal course of conduct.

The FBI’s Los Angeles Field Office and the U.S. Attorney’s Office for the Central District of California have the lead, which means the indictments would most likely issue in the Central District of California (and consequently, the Ninth Circuit). It’s not an ideal place to pick venue if you’re the government. The USAO for the Southern District of New York is also investigating other bank fraud cases it suspects of being the work of the same North Korean hacking group, known as “Lazarus.”

As I noted in my report on North Korea’s sponsorship of terrorism, the U.S. government thinks the Reconnaissance General Bureau (which is designated by both U.S. Treasury and the U.N. Security Council) did the Sony cyber attack. Recent reports have also linked the code used in the Bangladesh fraud to the code used in the Sony attack. That would make the RGB a prime suspect in both attacks, which means it would have been a violation of the International Emergency Economic Powers Act (IEEPA) for anyone to knowingly engage in dollar transactions with the RGB’s agents after August 30, 2010, when that agency was first designated.

If charges are filed against alleged middlemen in the Bangladesh theft, they are expected to be similar to charges unsealed in September against a Chinese businesswoman, Ma Xiaohong, some of these people said.

That makes sense. The “Chinese middlemen” could be charged with violating the IEEPA and money laundering whether the feds can pin the bank fraud on the North Koreans or not. Here’s my post on the Ma Xiaohong/Dandong Hongxiang case, with links to the indictment and the civil forfeiture complaint.

There is, apparently, a “minority view” among the feds that the North Koreans may have sold the code to third parties without being directly involved. Depending on the evidence, that might still be a crime — most likely conspiracy to commit bank fraud or a violation of the Computer Fraud and Abuse Act, or aiding and abetting one of those crimes. That might even be a smarter charging strategy.

The report also says the Treasury Department may freeze the assets of those under investigation (I’d guess under Executive Order 13722, implementing the NKSPEA, or EO 13757, Obama’s eleventh-hour cyber executive order).

A decade ago, the feds were ready to indict North Korean officials for counterfeiting, but political pressure from the State Department got the case shelved — permanently. That was the George W. Bush administration. I don’t get the impression that the Trump administration would do any such favors for Kim Jong-un.