On Tuesday, National Security Agency deputy director Rick Ledgett was asked by an Aspen Institute roundtable moderator whether he believed nation states were currently in the business of robbing banks, to which Ledgett replied in the affirmative.
While Ledgett never mentioned North Korea by name, he noted that Symantec researchers had long ago suggested that the software used to pull off the 2016 theft of those Bangladeshi millions was similar to that used in the 2014 hack of Sony Pictures, which US security agencies have attributed to North Korea.
On Wednesday, the Wall Street Journal reported that the US Department of Justice was preparing charges that would accuse North Korea of pulling off the Bangladeshi heist, allegedly with the help of Chinese middlemen. The US is involved due to the fact that the Bangladeshi accounts were held in the Federal Reserve Bank of New York.
The hackers originally attempted to steal nearly $1b but their plot unraveled after Federal Reserve officials smelled a rat, in part due to lazy spelling errors in the digital transfer requests, which were made to appear as if coming from the Bangladeshi central bank.
Most of the stolen money was transferred to Philippine banks and financial services companies before being funneled through local casinos and junket operators. One of those junket operators later accused two Chinese agents of being responsible for bringing the money into the Philippines.
Neither the DOJ nor any other US security agency has so far commented on the WSJ reports, so it’s unknown whether charges will be filed against individual North Korean officials.
The reports come hot on the heels of new US federal legislation intended to tighten financial sanctions on North Korea over the regime’s provocative missile tests. The proposed Korea Interdiction and Modernization of Sanctions Act includes language targeting North Korea’s illegal online gambling operations, which reportedly earn the regime over $860m per year.