North Korea suspected in fed probe of ‘Lazarus’ bank hacks

Global banking system under attack

Federal officials have opened a national security investigation into the recent $101 million hack of Bangladesh’s central bank amid suspicions that North Korea was involved, law enforcement officials tell CNN.

The probe, launched by the FBI and federal prosecutors in Los Angeles, echoes the suspicions of private cybersecurity firms that spoke with CNN in recent days.

The massive digital heist of Bangladesh Bank and at least three other banks could pose a serious threat to the global banking system.

U.S. investigators “aren’t ready to attribute this to North Korea,” one law enforcement official said. “There’s a lot we don’t know yet.”

In recent months, a hacking team known as the “Lazarus Group” has broken into Bangladesh’s central bank and stolen $101 million. It has also slipped into banks in Ecuador, the Philippines, and Vietnam.

Some of the computer code used in these bank hacks match code used in previous attacks, according to cybersecurity firms BAE Systems and Symantec.

Related: Global banking system under attack – what you need to know

In 2013, hackers used unique code to attack South Korean banks and broadcasters. At the time, the South Korean government blamed North Korea.

In 2014, part of the code was repurposed to attack Sony Pictures, according to researchers. The FBI blamed that attack on North Korea.

“If you believe those government assertions, then the Bangladesh attack was North Korea,” said Eric Chien, technical director of Symantec Security Response.

In addition, federal investigators have spotted that parts of the same malicious software were used against Sony Pictures and Bangladesh Bank, according to U.S. law enforcement officials. They also found the hackers used the same computer or network of computers.

However, nothing is conclusive.

Spokespeople for the FBI and the U.S. Attorney’s Office in Los Angeles declined to comment.

Limiting the American investigation is the fact that the United States is only privy to some evidence of the Bangladesh Bank hack. The FBI is still working to get cooperation from Bangladeshi authorities to access the Bangladeshi central bank computer network.

Placing blame is tricky

CNN has spoken to a dozen cybersecurity researchers who have backed up the assertions made by BAE Systems and Symantec.

The hackers who attacked Sony and the Bangladesh Bank used the same underlying source code — to perform tasks like erasing evidence. In doing so, they ran a huge risk of getting caught because security software usually spots reused malware, cybersecurity experts said.

“The technology in that code is pretty trivial. A first-year college student with a little effort could pull it off,” said Corey Wells, an experienced computer hacker.

British cybersecurity consultant Matt Tait said the bank hacking operation would be immensely difficult and risky for a copycat. It’s more likely the same hacker tweaked a tool in their own toolbox.

“I think it was North Korea,” he said. “This operation was meticulously planned. And these guys knew how to launder money. That makes me lean strongly towards the notion that this was a nation state.”

But some researchers remain unconvinced.

Cybersecurity expert Rob Graham said hackers share code in the underground all the time, meaning these hacks could have been carried out by different people.

“I and many others believe the evidence is flimsy that North Korea was involved in the Sony attack,” Graham said.

comments powered by Disqus