NORTH KOREA LINKED TO ATTACKS ON BANKS

From NYT Dealbook:

Security researchers have tied several online breaches at Asian banks to North Korea, Nicole Perlroth and Michael Corkery report in DealBook. The digital security firm Symantec said that in three recent attacks, the thieves used a rare piece of code that had been seen in only two previous cases – the hacking attack on Sony Pictures in 2014 and attacks on banks and media companies in South Korea the year before.

Symantec researchers said the evidence linked an attack at a bank in the Philippines last October with attacks on Tien Phong Bank in Vietnam in December and another in February that resulted in the theft of $81 million from the central bank of Bangladesh.

Eric Chien, a security researcher at Symantec who found the code used across the attacks, said it was the first time that a nation had used online attacks for financial gain.

The attacks raised alarm bells because the thieves gained access to Swift, which is considered the world’s most secure payment messaging system. It is used by 11,000 banks and companies to move money between countries, making it a tempting target. Swift itself had warned of a coordinated assault on banks, although it stressed that it was the banks’ connections to its networks, rather than the network itself, that were breached.

The possibility that Pyongyang had turned to digital theft was not surprising. North Korea’s economy has been ravaged by sanctions and food shortages. Its gross domestic product was estimated to be $12 billion to $40 billion, compared with South Korea’s $1.4 trillion.

“If you presume it’s North Korea, $1 billion is almost 10 percent of their G.D.P.,” Mr. Chien said. “This is not small change for them.”

There is no evidence to date that the thieves have gone after large American or European banks, though new possible attacks are being reported weekly. Last week, evidence emerged that Banco del Austro, an Ecuadorean bank, was infiltrated by hackers who were able to sneak into the Swift network.

FireEye, the security firm investigating the intrusion on Bangladesh’s central bank, is looking at several more undisclosed cases where banks’ systems were compromised, The Wall Street Journal reports, citing a person familiar with the matter. The suspected attacks involved eight other banks, all of which are in Asia.

Analysts worry that the breaches could hold back global finance; larger banks may become reluctant or even refuse to transact with smaller banks in the developing world unless they have assurances that their networks would not be compromised.