Authorities appear to be closing in on those behind the February 2016 heist on the Bangladesh Central Bank.
A US Federal Bureau of Investigation (FBI) agent working in the Philippines, Lamont Siller, told an audience on 29 March, “we all know the Bangladesh Bank heist, this is just one example of a state-sponsored attack that was done on the banking sector." Siller said that the FBI was working with the Philippines government "to ensure those responsible for the attack do not go unpunished".
This is a rare public admission, but privately, law enforcement and government officials believe they know which state sponsored the attack.
Reuters was informed by a ‘Washington official” that investigators believe North Korea to be behind the attack. The Wall Street Journal has previously reported that US prosecutors were looking to accuse North Korea of the heist, along with Chinese middlemen.
The Bangladesh Central Bank was robbed of $81 million (£65 million) in February last year. The heist, which was one of the largest in history, was pulled off with series of fraudulent money orders made through the Society for Worldwide Interbank Financial Telecommunication. It was only a misspelling in an order that alerted security and stopped even more money being stolen.
The money was then exfiltrated into a number of accounts in Asia before disappearing into the Philippines gambling industry.
The heist was quickly followed by a number of similar heists on banks in Ecuador, Vietnam and Ukraine in which the robbers made off with similarly large amounts using the same fraudulent money orders.
Malware analysts at Symantec found links between this string of robberies and the 2012 hack on Sony Pictures. The public recognition of North Korea's involvement started here.
In response to the release of a movie that lambasted North Korea's leader, the theory goes, the small Asian despotism launched an all-out cyber-attack on Sony Pictures. The ensuing leak exposed thousands of internal files, tranches of personal data and embarrassing private emails.
The attack was initially claimed by a group calling itself the Global Guardians of Peace. Behind the attack, lay the ‘Lazarus group'. The outfit has been connected with a string of attacks in South Korea over the past decade.
It has been the private and occasionally less private belief of many within security, intelligence and international relations that North Korea was behind the attacks, in an effort to circumvent crushing international sanctions against the country and bolster its dwindling finances.
Nigel Inkster, director of future conflict and cybersecurity at the International Institute for Security Studies, told SC Media UK that though the initial thought was that the heist might have been carried out by a criminal group, there is a growing sense that “this may be part of a wider North Korean strategy because it marries to facets of the North Korean state that we have come to be familiar with”.
Aside from the links to the Sony attacks, said Inkster, it's well known that “North Korea diplomatic missions are involved in any criminal activity that will raise money for the state”.
The government has for a long time been identifying the country's best and brightest and sent them overseas to Russia, China and even India for advanced training in cyber-offense.
State sponsored criminal operations, like the Bangladesh Central Bank job, allow North Korea to fund itself, added Inkster: “They are the subject of quite heavy sanctions. If anything those sanctions are set to get worse and running sophisticated ballistic missile and nuclear programmes aren't cheap.”There have been no arrests so far, but reports suggest that authorities are close. The owner of a Philippines casino told the US Senate he accepted millions of dollars from two Chinese men, whose job it was to launder the money from Bangladesh to the Philippines. Philippines police have also filed charges against several who are believed to be connected to laundering the money.