Hackers known as the “Lazarus Group” are sneaking into banks worldwide, moving around more than $100 million — and so far, getting away with it.
A recent spate of high-profile, digital bank heists have revealed shocking weaknesses in the security of the global financial system.
It’s posing a new reality: No longer do robbers need to storm banks wearing masks and armed with guns. They can empty a bank’s vaults electronically.
Here’s what you need to know.
1. At least four major banks have been infiltrated by hackers since January 2015.
The first known case happened in January to Ecuador’s Banco del Austro. That time, hackers stole $12 million and moved it through a Wells Fargo bank account in the United States.
Then it happened in October to a bank in the Philippines. Bankers’ desktop computers were infected with computer code that gave hackers control of the system. It’s unclear if any cash was stolen.
Vietnam’s TPBank was hit in December. Hackers tried to transfer out $1 million, but they failed.
In February, hackers broke into Bangladesh’s central bank and stole $101 million from its account at the New York Federal Reserve.
2. This risk poses a danger to banks everywhere
These hacks have exposed a flaw in the integrity of the international banking system. That system is based on trust — the understanding that if a bank approves a transaction, it’s really that bank making the call.
But only the largest banks — typically those in the United States and Europe — are well protected. As the CEO of Mastercard recently put it: Smaller banks are the weak link in the chain.
Hackers have discovered that they can break into a smaller, less guarded banks — and move money internationally with relative ease.
This is forcing banks to doubt the validity of wire transfer requests.
3. The hackers have been linked to North Korea.
Let’s be careful here. The hackers who attacked these banks are using pieces of the same malicious computer code as the hackers who attacked South Korean media companies in 2013, as well as Sony in 2014.
U.S. government investigators, as well as security companies BAE Systems and Symantec, all agree on this point.
The FBI has stated that the North Korean government was behind the 2014 Sony hack. Transitive logic, then, points the finger this time at North Korea.
CNNMoney has spoken to more than a dozen security researchers who support this theory.
But there’s reason to doubt this. Hackers share code. And some people even doubt the FBI’s assertion that North Korea hacked Sony.
4. SWIFT was not hacked.
A key role here is played by SWIFT, the worldwide interbank communication network that settles transactions. It’s how banks send money to each other.
SWIFT makes sure Bank A really is sending money to Bank B. In these cases, hackers entered Bank A. Using hacked credentials, thieves could move money along SWIFT to another bank account.
5. SWIFT says it has taken steps to keep money safe.
As a response to these hacks, SWIFT is forcing banks to increase their security. Moving money will require additional steps that prove a real banker is approving a transaction. Banks will also share more information with one another about their computer systems. This would form a unified defense against hackers. SWIFT is also analyzing its own infrastructure to spot how it’s being used illegally.
But the CEO of SWIFT has also said: “The financial industry, as a community, has to be clear that cyber risk is big; there will be more cyber attacks. And inevitably some will be successful,” he said.
Expect more digital bank heists.