Symantec traces Swift banking hacks to North Korea
- By Sean Lyngaas
- May 31, 2016
Security firm Symantec has linked the hackers who stole $81 million from a bank in Bangladesh to the 2014 hack of Sony Pictures Entertainment, which President Obama blamed on North Korea. The revelation comes as Congress probes the Federal Reserve on what it is doing to protect against such malware-enabled attacks on the financial system.
The February cyberheist of Bangladesh's central bank turned heads in part because hackers were able to manipulate SWIFT (Society for Worldwide Interbank Financial Telecommunication), a widely used financial system. Symantec researchers say they have found evidence that the same criminal group hit a bank in the Philippines, and attempted to steal $1.1 million from a bank in Vietnam.
One of the pieces of malware used in the targeted attacks on Southeast Asian banks has been used by Lazarus, a hacking group that has targeted U.S. and South Korean assets, Symantec said. Lazarus has been linked to a "highly destructive" malicious program that was used in the Sony Pictures hack, Symantec said in a blog post.
The cyber theft at Bangladesh's central bank involved siphoning funds from an account at the Federal Reserve Bank of New York. In response to the attack, Sen. Tom Carper, (D-Del.), ranking member of the Senate Homeland Security and Governmental Affairs Committee, sent a letter to New York Fed President William Dudley asking whether the Federal Reserve plans to update its cybersecurity policies. Carper requested a response by mid-June; a spokesperson said the senator had yet to receive one.
The FBI's evidence that North Korea was involved in the Sony Pictures attack included specific code and encryption algorithms. The Obama administration imposed sanctions on North Korea officials in retaliation.
Confirmation that North Korea was behind the SWIFT attacks would be evidence of the rogue state's ability to exploit cyberspace for asymmetric advantage.
"The North Korean government has used crime as a way to make hard cash for years – they're the best in the world at counterfeiting $100 bills," James Lewis, senior fellow at the Center for Strategic and International Studies, told FCW. "So it's no surprise that as their cyber capabilities have gotten better they've turned to hacking as another way to make money."
Sean Lyngaas is an FCW staff writer covering defense, cybersecurity and intelligence issues. Prior to joining FCW, he was a reporter and editor at Smart Grid Today, where he covered everything from cyber vulnerabilities in the U.S. electric grid to the national energy policies of Britain and Mexico. His reporting on a range of global issues has appeared in publications such as The Atlantic, The Economist, The Washington Diplomat and The Washington Post.
Lyngaas is an active member of the National Press Club, where he served as chairman of the Young Members Committee. He earned his M.A. in international affairs from The Fletcher School of Law and Diplomacy at Tufts University, and his B.A. in public policy from Duke University.
Click here for previous articles by Lyngaas, or connect with him on Twitter: @snlyngaas.