9. North Korea’s CIA: Inside Kim’s Crime Family (Ep 1) - The Rest Is Classified

Summary5 min read

Summary of "The Rest Is Classified" - Episode 9: "North Korea’s CIA: Inside Kim’s Crime Family"

Release Date: January 1, 2025

In the inaugural episode of "The Rest Is Classified," hosts David McCloskey, a former CIA analyst and spy novelist, and Gordon Carrera, a veteran security correspondent, delve into the shadowy world of North Korean espionage. Titled "North Korea’s CIA: Inside Kim’s Crime Family," this episode uncovers the intricate mechanisms behind one of the most audacious cyber heists in history—the attempted robbery of the Central Bank of Bangladesh by North Korean operatives.

1. The Central Bank of Bangladesh Cyber Heist

The episode opens with a chilling recount of a spear phishing email sent to employees of the Central Bank of Bangladesh. Gordon Carrera recites the malicious message, designed to appear as a job application:

[01:13] Gordon Carrera: "I am Russell Alam. I'm extremely excited about the idea of becoming a part of your company..."

This email was a precursor to what would become the largest bank heist ever attempted. If successful, the operation would have marked one of history's most significant financial crimes.

2. North Korean Intelligence Services as Organized Crime

David McCloskey and Russell Alam discuss the unique nature of North Korea's intelligence operations, likening them to organized crime syndicates rather than traditional espionage agencies:

[02:07] Russell Alam: "It's a heist performed on the Central bank of Bangladesh by the North Korean security services... a story about security services... that effectively operate like the Mafia."

This comparison highlights the ruthless efficiency and criminal undertones of North Korea's intelligence activities, which prioritize financial gain to support the regime.

3. The Profile of Park Jin Hook

Central to the heist is Park Jin Hook, alleged to be one of the masterminds behind the Bangladesh bank robbery. However, North Korea denies his existence:

[04:39] Russell Alam: "But the North Koreans deny that anyone by that name even exists. And so, you know, he is sort of the shadowy face of the robbery."

Park's background is meticulously detailed, tracing his rise from a promising student to a key figure in North Korea's Reconnaissance General Bureau (RGB):

[05:13] David McCloskey: "He's born on August 15th of 1984... Growing up in this kind of totalitarian system..."

Park's exceptional mathematical abilities earned him a place at the elite Kimchaek University of Technology, a feeder institution for the RGB:

[13:05] David McCloskey: "He is probably spotted very young as being in the upper crust of his cohort in math."

4. Formation of the Reconnaissance General Bureau (RGB)

The RGB emerged from a reorganization of North Korea's intelligence services during the transition of power from Kim Jong Il to Kim Jong Un. Described as a "piratical organization," the RGB's aggressive tactics include high-profile assassinations and kidnappings:

[16:23] David McCloskey: "... the Enemy Collapse Sabotage Bureau, which at CIA we did not have anything bordering that name."

Gordon Carrera emphasizes the RGB's divergence from conventional spy agencies:

[16:36] Russell Alam: "It is very aggressive and its resume proves that."

5. North Korean Society and the Songbun System

The discussion shifts to North Korea's rigid social classification system, Songbun, which categorizes citizens based on loyalty to the regime. This system plays a pivotal role in Park's ascent within North Korean society:

[11:08] David McCloskey: "It's called songbun."

Russell Alam explains how this classification affects individuals' opportunities and standing:

[11:22] David McCloskey: "It's a system in North Korea that essentially sorts people into shades of loyalty..."

Park's elite education and positions within the RGB are seen as strategic moves to secure his and his family's standing within this hierarchy.

6. Technical Aspects of the Heist: Malware and SWIFT System

A significant portion of the episode delves into the technical intricacies of the Bangladesh bank heist. The North Korean operatives employed sophisticated malware such as Nest Egg and Sierra Charlie to gain and maintain access to the bank's systems:

[38:04] David McCloskey: "They're using something called Sierra Charlie to then hop from infected machines to more..."

Their ultimate goal was to infiltrate the SWIFT system (Society for Worldwide Interbank Financial Telecommunication), the global platform banks use to transfer funds:

[39:16] Gordon Carrera: "...the key is that they're going for something called SWIFT, which is the mechanism used for banks to move money internationally."

The meticulous planning spanned nearly a year, showcasing North Korea's patience and technical prowess:

[41:15] David McCloskey: "And so on Thursday 4th February, 2016, that groundwork is laid."

7. North Korea’s Cyber Operations and Global Impact

The episode broader explores North Korea's extensive cybercriminal activities, estimating that hacking may account for up to a third of the country's GDP. Operations include ransomware attacks, theft from cryptocurrency exchanges, and more:

[31:18] David McCloskey: "Maybe responsible for a third of North Korea's GDP."

The infamous Sony Pictures attack is highlighted as a politically motivated act, demonstrating the RGB's willingness to engage in high-stakes cyber warfare:

[33:08] Russell Alam: "Sony was releasing that film, The Interview... they hacked Sony Pictures and steal and release their emails."

8. Consequences and Conclusions

As the episode concludes, the hosts reflect on the audacity and scale of North Korea's cyber operations. Gordon Carrera likens the heist to a meticulously planned movie plot, emphasizing the strategic depth involved:

[36:03] David McCloskey: "This is an operation being run by the RGB... not a quick hack but a prolonged espionage effort."

The episode sets the stage for future discussions, teasing the unfolding of the heist and its ramifications on global cybersecurity.

Notable Quotes:

Russell Alam [02:07]: "It's a heist performed on the Central bank of Bangladesh by the North Korean security services... a story about security services... that effectively operate like the Mafia."
Gordon Carrera [27:10]: "We're back with the story of this amazing cyber heist... a boom town in a strange way."
Russell Alam [34:30]: "They are going after banks from Vietnam to Mexico to Taiwan and Bangladesh."

Conclusion

Episode 9 of "The Rest Is Classified" provides an in-depth examination of North Korea's evolution into a formidable cyber power. Through the lens of the Central Bank of Bangladesh heist, listeners gain insight into the intricate blend of espionage, organized crime, and technological sophistication that defines North Korea's approach to securing resources for its regime. The hosts adeptly weave technical details with geopolitical context, offering a comprehensive overview suitable for both seasoned security enthusiasts and general audiences.

Loading summary

Transcript432 lines

[00:00]
Gordon Carrera
Foreign this episode is brought to you by our new friends at NordVPN. Now, David, what do you find useful about Nord?
[00:10]
David McCloskey
Well, I really like NordVPN's Threat Protection Pro, which is an incredibly powerful and effective antivirus tool. It is integrated directly into the NordVPN app and allows you to browse safely and smoothly while also protecting you from phishing and other cyber threats.
[00:26]
Gordon Carrera
It can often be hard to distinguish fake websites from real ones or phishing texts that appear to be real. But Threat Protection Pro will prevent you from accessing these dangerous things. So NordVPN is actually the first and only VPN app to receive the certification that their anti phishing software is reliable.
[00:45]
David McCloskey
So to stay secure online, you should take advantage of our exclusive NordVPN discount. All you need to do is go to nordvpn.com restisclassified when you sign up, you can receive a bonus four months on top of your plan and there is absolutely no risk with Nord's 30 day money back guarantee. The link is also in the episode description box.
[01:13]
Gordon Carrera
I am Russell Alam. I'm extremely excited about the idea of becoming a part of your company and I'm hoping that you will give me an opportunity to present my case in further detail in a perfect personal interview. Here is a link to my resume and cover letter. Thank you in advance for your time and consideration. Welcome to the Rest is classified. I'm Gordon Carrera. That was the text of what's called a spear phishing email, a targeted email sent to employees of the Central bank of Bangladesh by cyber operatives of the North Korean government. They were the nose under the tent of the largest cyber heist ever attempted. If successful, it would have been one of the biggest bank robberies in history.
[01:57]
Russell Alam
Well, that's right.
[01:58]
David McCloskey
I'm David McCloskey and Gordon.
[02:00]
Russell Alam
I think we're going to talk today about something that maybe doesn't immediately seem like a spy story.
[02:08]
David McCloskey
It's a bank robbery.
[02:09]
Russell Alam
It's a heist performed on the Central bank of Bangladesh by the North Korean security services. And I think what is so fascinating about this story is that it is a bank robbery. And that's just exciting. But at a deeper level, it's also a story about security services, you know, espionage agencies that effectively operate. Like the Mafia, right?
[02:36]
David McCloskey
Like an organized crime syndicate. Because underneath all of this, and behind.
[02:41]
Russell Alam
That very horribly worded email is North.
[02:45]
David McCloskey
Korea's foreign intelligence service out there trying.
[02:49]
Russell Alam
To run a bank robbery, which I think, you know, we tend to think about. And a lot of the Spy stories.
[02:55]
David McCloskey
That we talk about in this show.
[02:57]
Russell Alam
Are, you know, we think about Moscow.
[02:59]
David McCloskey
Rules, we think about the world of John Le Carre. We think about spy agencies that are out there trying to collect information.
[03:06]
Russell Alam
The North Koreans, as we'll see, they kind of don't operate that way.
[03:10]
Gordon Carrera
So it's a kind of mix of Ocean's Eleven, the heist movie with James Bond, a bit of a blending of the two we're going to try and do with this story.
[03:17]
David McCloskey
That's right.
[03:18]
Russell Alam
You know, it's interesting.
[03:19]
David McCloskey
North Korean.
[03:20]
Russell Alam
And by the way, inside CIA, the.
[03:22]
David McCloskey
North Korean security services were referred to as NORCs. The NORCs.
[03:28]
Russell Alam
The North Korean security.
[03:29]
Gordon Carrera
I've never heard that before.
[03:30]
Russell Alam
I've only heard.
[03:31]
David McCloskey
Now, not North Korean people, but the services, the intelligence agencies.
[03:36]
Gordon Carrera
Right.
[03:36]
Russell Alam
Were always called the NORCs.
[03:39]
Gordon Carrera
So people are working on the NORCs. You're a NORC specialist.
[03:42]
David McCloskey
Exactly.
[03:43]
Russell Alam
And the fundamental thing that North Korea watchers and the guys and girls who.
[03:49]
David McCloskey
Target North Koreans at CIA would say.
[03:50]
Russell Alam
Is you can't think about these guys like they're a normal intelligence service. You've got to think about them like they're an organized crime syndicate. And really, North Korean covert action is bank robbery, as we'll see, you know, a push for cash for, you know, a family for the Kim regime that runs North Korea. And I think maybe, Gordon, because the.
[04:14]
David McCloskey
Robbers tend to be more interesting than.
[04:17]
Russell Alam
The victims in heist movies, maybe we start there.
[04:20]
Gordon Carrera
We don't want to turn the materials, but equally, it's not quite like, you know, Brad Pitt and George Clooney at Ocean's Eleven, these characters, but they are kind of the more interesting ones. So. Yeah, the robbers.
[04:31]
David McCloskey
Exactly.
[04:32]
Russell Alam
So the robbers. And a fundamental piece of this is.
[04:35]
David McCloskey
We actually don't know a lot about.
[04:36]
Russell Alam
The individual robbers that pulled this off.
[04:40]
David McCloskey
Right.
[04:40]
Russell Alam
We have a name of one of them, a guy by the name of Park Jin Hook. And by the way, it might not even be his real name, because, as you know, he's. He's featured in an FBI affidavit. There's a picture of him sort of.
[04:54]
David McCloskey
Scowling out there on the Internet.
[04:56]
Russell Alam
But the North Koreans deny that anyone by that name even exists. And so, you know, he is sort of the shadowy face of the robbery.
[05:06]
David McCloskey
Right.
[05:07]
Russell Alam
And he is one of the hackers.
[05:09]
David McCloskey
Responsible for the digital side of this heist.
[05:12]
Russell Alam
Now, a little bit about Park Jin Hyuk.
[05:14]
David McCloskey
He's born on August 15th of 1984.
[05:17]
Russell Alam
Although North Koreans, interestingly enough, don't celebrate their own birthdays, only that of the leader. And he's born into a North Korea that's really on kind of the edge of calamity.
[05:28]
David McCloskey
He's growing up in this kind of totalitarian system that has been run by Kim Il sung since the 1940s.
[05:36]
Russell Alam
And, you know, a couple, I think, key points here about the North Korea that Park grows up in. One is he's growing up in the shadow of the Korean War, okay?
[05:46]
David McCloskey
Even though we're 30 plus years removed.
[05:48]
Russell Alam
By the time he's born, park would.
[05:50]
David McCloskey
Know this as the victorious Fatherland Liberation War. And it was a war in which.
[05:54]
Russell Alam
The US dropped more conventional bombs on North Korea than in any part of.
[05:58]
David McCloskey
The Pacific theater, rather that they had in World War II.
[06:00]
Russell Alam
So it is a place that is utterly devastated during the war, so much so that the U.S. air Force had.
[06:06]
David McCloskey
Complained that it run out of things to bomb.
[06:08]
Russell Alam
And it is a place.
[06:09]
David McCloskey
And I think a critical piece of this is this history of juche ideology.
[06:12]
Russell Alam
Which is this kind of self reliance, this idea of really a kind of.
[06:17]
David McCloskey
Hermit place that is going to produce.
[06:19]
Russell Alam
Everything itself and be totally insulated from.
[06:23]
David McCloskey
The rest of the world.
[06:24]
Gordon Carrera
Closed off from the rest of the world. Yeah.
[06:26]
David McCloskey
And so by the time park is a toddler, though, this is starting to change.
[06:30]
Russell Alam
The Soviet Union, a primary sort of backer of North Korea, is collapsing and.
[06:36]
David McCloskey
There'S succession planning underway. The torch is being passed from Kim.
[06:39]
Russell Alam
Il Sung to Kim Jong Il, his son. That happens when park is 10 in 1994. And then there's a massive, and of course, most of our listeners are probably aware of this, a massive famine they call the arduous march that really ravages the country in the mid-90s. And park, you know, if he's not part of kind of the top upper.
[07:01]
David McCloskey
Upper crust in North Korean society, he probably saw some of this as, as a child.
[07:06]
Russell Alam
You know, he would have grown up in a world where there's a huge.
[07:08]
David McCloskey
Number of street urchins who are out.
[07:10]
Russell Alam
Orphaned by starving parents.
[07:12]
David McCloskey
Maybe a half million to up to 2 million North Koreans die.
[07:15]
Russell Alam
And meantime, the Kim family, they're living the high life.
[07:20]
David McCloskey
Interestingly enough, the Kim family's sushi chef, who's a Japanese cook and actually has.
[07:25]
Russell Alam
Come out and made a bunch of comments about this time and said that.
[07:28]
David McCloskey
During the 90s, the Kims ate rice.
[07:29]
Russell Alam
Produced in a very special area of the country. They had female workers that actually picked.
[07:33]
David McCloskey
Each grain one by one to ensure.
[07:35]
Russell Alam
The size was the same.
[07:36]
David McCloskey
And actually, for two years during the.
[07:38]
Russell Alam
Famine, Kim Jong Il was the world's.
[07:40]
David McCloskey
Largest Buyer of Hennessy cognac, and he was importing about a million dollars of cognac every year.
[07:47]
Gordon Carrera
So it's a country where people are starving literally on the streets and hundreds of thousands are dying, and the elite is very wealthy. And I think it's also around this time where they're starting to look at nuclear weapons, aren't they? And ballistic missiles and starting to get more aggressive in their posture towards the West.
[08:04]
David McCloskey
Well, that's right.
[08:05]
Russell Alam
And all of that. And this will be a critical thread for how we end up robbing the.
[08:12]
David McCloskey
Central bank of Bangladesh.
[08:13]
Russell Alam
But they need hard currency to support these programs. Right, the weapons program. It's not cheap. It's also not cheap to support really.
[08:22]
David McCloskey
Kind of an elite structure in North.
[08:24]
Russell Alam
Korea that is critical to keeping the family in power. And I think, you know, this is in essence why we see a spy.
[08:33]
David McCloskey
Service become essentially the mob.
[08:36]
Russell Alam
Right, Is because it's all about money. And in fact, there's a, you know, a great kind of tagline about North Korea is.
[08:41]
David McCloskey
The best way to understand it is, is as North Korea Incorporated, this guy John park has popularized this idea of.
[08:47]
Russell Alam
It in an autocratic. It's all about, you know, money to buy sort of elite support.
[08:53]
David McCloskey
Right. You don't get tossed. You tend to not get tossed by people power. You tend to get tossed by coups.
[08:59]
Russell Alam
Right. Other elites who decide they want to toss you.
[09:02]
Gordon Carrera
So in other words, you need the money to buy off and to build your weapons, and you've got no revenue from exports or anything else that you can rely on.
[09:12]
Russell Alam
Yeah, precisely. And so, you know, by the time park is a boy, the North Koreans have already started to kind of dip their toes into this world of really.
[09:22]
David McCloskey
Crime to support the state. Right.
[09:25]
Russell Alam
There's actually a scheme in the 1980s.
[09:28]
David McCloskey
Called super dollars in which North Korea.
[09:30]
Russell Alam
Of course, you know, Soviet Union collapsing.
[09:32]
David McCloskey
Hard currency needs are high.
[09:34]
Russell Alam
They say, okay, well, how do we.
[09:36]
David McCloskey
Make up for a hard currency shortage? Let's just counterfeit US Dollars.
[09:40]
Russell Alam
And so the North Koreans actually acquire.
[09:42]
David McCloskey
A press from the Italian firm that.
[09:45]
Russell Alam
Makes the same press used by the US Treasury. You can buy one, they go out and buy one.
[09:50]
Gordon Carrera
Seems strange, you can buy a printing press to make money, but there you go.
[09:52]
Russell Alam
There's an Italian firm that makes them. They went out and bought a press.
[09:55]
David McCloskey
They acquired $1 bills and then bleached them. So they had the right paper.
[10:01]
Russell Alam
And then they actually got a special.
[10:03]
David McCloskey
Color changing ink for sort of counterfeit prevention. Right.
[10:07]
Russell Alam
So they made the bills and then.
[10:08]
David McCloskey
They tweaked Them, of course, to look like American hundred dollar bills, and then.
[10:11]
Russell Alam
Started to pump these out and would.
[10:13]
David McCloskey
Just sell them at a discount off.
[10:15]
Russell Alam
Of the face value out in the black market. Other sources of income, of course, all disreputable. Meth, contraband, cigarettes, birth control pills, Viagra, which I don't have any firsthand knowledge.
[10:28]
David McCloskey
Of, but they say it's way more potent and has tons more side effects than the actual pharmaceutical Viagra.
[10:34]
Russell Alam
So they are out there on the black market just basically engaged in any amount of kind of illicit trade to.
[10:41]
David McCloskey
Earn money for the regime.
[10:43]
Gordon Carrera
Right. And I mean, do we know how much money they're raising, where it's all going? It just goes to the family, does it, and to the regime to keep them in place?
[10:51]
David McCloskey
Well, yeah, I think it goes to military programs, it goes to the family.
[10:54]
Russell Alam
I mean, it goes into buying off.
[10:57]
David McCloskey
Other potential rivals or sort of, you know, elites inside the system.
[11:01]
Russell Alam
And this idea, though, of kind of a rigid social structure is also really key to our story because there's a.
[11:09]
David McCloskey
System in North Korea that essentially sorts.
[11:11]
Russell Alam
People into shades of loyalty, right? There's kind of a class system that.
[11:16]
David McCloskey
Our bank robber park is navigating as he comes of age.
[11:21]
Russell Alam
And really this class system, there are.
[11:23]
David McCloskey
Actually a number of permutations, dozens and.
[11:25]
Russell Alam
Dozens, but there are basically three.
[11:28]
David McCloskey
You're either loyal, wavering, or hostile.
[11:31]
Russell Alam
And some defectors call this tomatoes, apples and grapes.
[11:35]
David McCloskey
Tomatoes are red, communist to the core. Apples need re education, and the grapes.
[11:40]
Russell Alam
Of course, are totally hopeless. And so your position is really determined kind of by your family line and by your proximity to the leader. Really.
[11:51]
David McCloskey
It's called songbun.
[11:52]
Russell Alam
And actually, yeah, there's 50 plus categories of this, but they all sort of.
[11:55]
David McCloskey
Feed into those three classes above.
[11:57]
Russell Alam
And critical to park and his rise.
[12:02]
David McCloskey
Is that a way to advance in.
[12:05]
Russell Alam
A system that is apolitical is by being really, really good at math. That is a way to improve your.
[12:12]
David McCloskey
Songban, your position in sort of North Korean society.
[12:15]
Gordon Carrera
So park, and we should say here that a lot of what we know about him and really about this whole story comes from a brilliant book called the Lazarus Heist by Jeff White. Yeah, Jeff, great journalist friend of mine who's done the real original research on this. But we think he comes from a normal family, don't we? Not really part of the elite.
[12:35]
Russell Alam
We don't know. You know, he's probably not in the upper upper crust, but he's also, you know, at one sort of key thing that we think about North Korean hackers and I think we tend to apply kind of a Western view of hacking as being this thing that teenagers do.
[12:53]
David McCloskey
In their basements, you know, and then might go get some education or might.
[12:57]
Russell Alam
Start a business, but it's kind of this organic roundup thing. And that is not how it happens in the North Korean system.
[13:06]
David McCloskey
This is not a cyber army recruited.
[13:08]
Russell Alam
Out of, you know, parents basements.
[13:10]
David McCloskey
Right. He is probably spotted at a young age for his proclivity in math. This is during the turmoil of the 1990s.
[13:18]
Russell Alam
He's probably spotted very young as being in the upper crust of his cohort in math.
[13:23]
David McCloskey
And he's sorted into a high school for gifted children.
[13:26]
Russell Alam
There would have been highly structured access.
[13:29]
David McCloskey
To the Internet in this environment. And he goes to a very elite.
[13:35]
Russell Alam
School called the Kimchik University of Technology.
[13:38]
David McCloskey
And he graduates from that school in the early 2000s.
[13:41]
Russell Alam
Now, a word on the school is this is basically a feeder into the military and security services. Right.
[13:47]
Gordon Carrera
So is this hacker school? Is this for maths whizzes? So if you're a maths whiz, you get plucked out of wherever you are in the education system and put into this fast stream, the kind of equivalent of Oxford and Cambridge, but for hackers, where they think they can make use of you and that's the skill set they want.
[14:01]
Russell Alam
That's right.
[14:02]
David McCloskey
And I think in the American context.
[14:03]
Russell Alam
I mean, this is probably like, you know, he's going to Stanford or mit, and then because there isn't a sort of option of I want to go work in Silicon Valley or go work for the nsa, it's not sort of how it works in the North Korean context.
[14:15]
Gordon Carrera
He doesn't have any choice. Does he have any choice in this?
[14:17]
David McCloskey
He's got really no choice.
[14:19]
Russell Alam
And I mean, interestingly though, I think.
[14:21]
David McCloskey
We could take a lens on this.
[14:23]
Russell Alam
Story in which the North Koreans are.
[14:25]
David McCloskey
A bit cartoonish and kind of incompetent, Right.
[14:27]
Russell Alam
But in reality, his university, Kim Jaek University of Technology, it actually often outperformed American and Chinese and yes, Gordon, even British, you know, academic institutions in what's.
[14:41]
David McCloskey
Called the International Collegiate programming contest.
[14:44]
Russell Alam
In 2019, Parkes Alma Mater placed eighth in this ICPC ahead of Oxford, Cambridge, Harvard, Stanford. So we are talking about a kind of math and technical wizardry that is actually quite good and is competitive internationally. And this is the world that he comes out of. But of course, as we said, he's being directed in sort of this progression. And where does he go? And this is where our kind of hacker tale, as I think we'll Both enjoy becomes much more of a spy story because he is recruited out of.
[15:23]
David McCloskey
Kimchaek University into the Reconnaissance General Bureau, which is North Korea's spy service.
[15:30]
Russell Alam
And so I think we should set up kind of North Korean spying a little bit here.
[15:35]
David McCloskey
And it is unclear we should say sort of when and how park joins.
[15:39]
Russell Alam
But at some point he is pulled.
[15:41]
David McCloskey
From university into a cyber group that's.
[15:43]
Russell Alam
Operating under the rgb.
[15:46]
David McCloskey
Now, the RGB is a relatively new organization.
[15:50]
Russell Alam
It's set up kind of out of a reorganization of North Korea's intelligence and security services that happens in the tail.
[15:58]
David McCloskey
End of Kim Jong Il's reign.
[16:01]
Russell Alam
You scratch under the surface here and we don't have a lot of hard information, but it's probably the case that this reorg is all part of succession planning as he's trying to pass, you.
[16:10]
David McCloskey
Know, sort of the torch over to.
[16:12]
Russell Alam
His son Kim Jong Un. And the RGB is what I would describe as a very piratical organization, Gordon. This is not MI6 out there, knife.
[16:23]
David McCloskey
And fork set, wining and dining with diplomats and collecting information from cocktail parties.
[16:30]
Russell Alam
Right, right.
[16:31]
Gordon Carrera
It's not regular, just collecting information, diplomatic intelligence. It's a bit more aggressive than that.
[16:36]
Russell Alam
It is very aggressive and its resume proves that. I mean, a couple points here, they're responsible. The sort of predecessor organizations to it are responsible for kidnapping Japanese citizens and.
[16:48]
David McCloskey
Rendering them to North Korea to teach Japanese. They sank a South Korean ship in 2010 with a mini sub, killing 46 sailors. And they also assassinated Kim Jong Un's.
[17:00]
Russell Alam
Half brother in the airport in Kuala.
[17:03]
David McCloskey
Lumpur with a nerve agent, actually convincing two women to smear the agents on.
[17:10]
Russell Alam
His face, killing him.
[17:11]
Gordon Carrera
Now this is a particularly crazy story because I remember this one vividly well.
[17:16]
Russell Alam
And Gordon, did you cover the assassination story?
[17:19]
Gordon Carrera
Yeah, so I covered it. But then there's another strange reason why I remember it so well is that a few years later I was asked to be a consultant on a TV drama which is called Killing Eve, which is all about assassinations. And they asked me to come up with a list of ways of killing people for the character, for the character, the so called kill list. And I remember thinking, well, the thing to do is to draw them from real life. So one of the cases I looked at and I recommended that they look at was I wrote up this particular, particular assassination. So I think if you look in the first series, there's one involving a perfume bottle and an assassin somewhere. And I think that comes originally from, from this airport scheme because, I mean, I think there's Some. Some CCTV of this happening. And Kim Jong Un's half brother is in the airport and one woman walks up to him and sprays something and another puts a cloth on his face. And I think it's a binary agent. So the combination of those two things creates VX and. Which then kills him. And then when they interview the women, they say, we thought we were doing a prank for tv. I mean, they were told they're going to get paid $100. And I think that the guy they were doing it to was supposedly in on it and it was all for some TV show that they had to do this. And in the end, they've become kind of assassins in the middle of an airport. I mean, it's a crazy operation, but I guess the point is it gives you some sense of how far they're willing to go and what they're willing to do. If you're the North Koreans, I mean, this is outside of what most normal spy agencies would do.
[18:47]
Russell Alam
It is. I think we could imagine the Russian. Some combination of the Russian services doing this. You know, I mean, it's not unheard of, of course, for a. Yeah, you know, the Iranians target, you know, defectors.
[18:59]
David McCloskey
And sort of disloyal elites abroad.
[19:02]
Russell Alam
So killing opponents, political opponents, using a spy service to do that is not unusual. But I would say that the risk tolerance that the RGB seems to have is different from a lot of other.
[19:15]
David McCloskey
Spy services, including those that are maybe.
[19:17]
Russell Alam
A bit more rogue or piratical. I mean, literally, one of the subgroups inside the RGB is called the Enemy Collapse Sabotage Bureau, which at CIA we did not have anything bordering that name. I don't know, Gordon, does.
[19:31]
David McCloskey
Does MI6 have anything along those lines?
[19:34]
Gordon Carrera
I think if they did, they take the signs down. When you went round the. I don't think you'd walk past an office called the Enemy Collapse Sabotage Bureau. Although it does sound a bit like what Special Operations Executive were like in World War II, though, which is basically going around blowing things up and bombing them. I mean, that's. That's.
[19:49]
Russell Alam
Yeah, I guess when the RGB would bring in, you know, foreign liaison, maybe the enemy collapsed Sabotage Borough, the little nameplate outside says, like, technology group 204.
[19:58]
David McCloskey
Or something more anodyne.
[20:00]
Gordon Carrera
Yeah.
[20:00]
Russell Alam
So the cyber capabilities, though, that becomes so critical to this bank heist that we're talking about live inside the sixth.
[20:08]
David McCloskey
Bureau of the rgb, which is their sort of technical bureau.
[20:11]
Russell Alam
Now, interestingly, there's a whole bunch of different bureaus, Enemy collapse, sabotage being one of them.
[20:16]
David McCloskey
This story, though, Gordon, is a story about luck and gambling, too, which is little tease for folks here because we're.
[20:21]
Russell Alam
Going to spend some time in casinos as this rolls on. There's no fourth bureau inside the RGB because four is a very unlucky number.
[20:30]
David McCloskey
And I'll also note that most of the places in Vegas, like hotels, don't have a fourth floor.
[20:35]
Gordon Carrera
Really.
[20:36]
Russell Alam
Yeah, there's tremendous. Because so much of the gaming, both in Asia and in Vegas, is done.
[20:42]
David McCloskey
By Asians who come to game.
[20:44]
Russell Alam
Right. Chinese or otherwise, who might come to Vegas to game.
[20:47]
David McCloskey
The whole environment really caters to these.
[20:50]
Russell Alam
Kind of superstitious gambling practices.
[20:52]
David McCloskey
And four is a very, very unlucky number. You will never have a pool in.
[20:56]
Russell Alam
Vegas that is four feet deep or.
[20:59]
David McCloskey
That has four in the depth.
[21:00]
Gordon Carrera
Wow.
[21:01]
Russell Alam
You will not see it because it's very unlucky.
[21:03]
David McCloskey
Anyway, we have to do a trip.
[21:04]
Gordon Carrera
To find out, right?
[21:06]
David McCloskey
Exactly.
[21:07]
Russell Alam
Exactly. I think we need to take a rest as classified research trip, Gordon, around.
[21:11]
Gordon Carrera
The pools of Vegas.
[21:12]
David McCloskey
The number of cyber officers inside the.
[21:15]
Russell Alam
Reconnaissance General Bureau, we don't really know. It's probably somewhere up to 6 or 7,000.
[21:22]
David McCloskey
So it's not small.
[21:23]
Russell Alam
I mean, it's a large number of people.
[21:25]
David McCloskey
And again, we know park, we have.
[21:28]
Russell Alam
A picture of him, but a lot.
[21:31]
David McCloskey
In fact, most of what we know.
[21:32]
Russell Alam
About these guys, and they're all guys, is through the code that they write. You know, so there's a tendency, when you talk about North Korean cyber banditry.
[21:43]
David McCloskey
There'S a bunch of technical kind of.
[21:45]
Russell Alam
Names for these different pockets of the.
[21:48]
David McCloskey
Organization that are deploying malware, deploying code as part of these attacks. And they all have different names, you.
[21:54]
Russell Alam
Know, Lazarus Group, Hidden Cobra, Beagle Boys.
[21:58]
David McCloskey
You know, that kind of makes, again, it has this weird tendency of making.
[22:01]
Russell Alam
It all kind of sound like a bunch of tech, you know, nerds. Right. And all these names are, of course, given by Western kind of cybersecurity watchers.
[22:09]
David McCloskey
Right, who name the code effectively.
[22:11]
Russell Alam
So parc. And I think this is a key point is because he's coming from this or in this organization that is extremely aggressive.
[22:19]
David McCloskey
It's extremely brutal.
[22:20]
Russell Alam
It is predominantly, if not entirely male.
[22:23]
David McCloskey
And the people who look at the.
[22:25]
Russell Alam
Code say it's simple, it's practical, and it's brutal. So park is in this organization now. He is working in Pyongyang. But at some point, there's some digital dust where we start to learn a little bit about him. And it is because in 2011, he's.
[22:43]
David McCloskey
Sent to China to Work as a.
[22:45]
Russell Alam
Developer for something called Chosun Expo, which.
[22:48]
David McCloskey
Is basically a front organization for the rgb.
[22:51]
Gordon Carrera
Now, isn't this interesting that the North Koreans have an outpost or a front in China from which they do some of their hacking? Should we be surprised at that, that the Chinese allow that or tolerate it?
[23:03]
Russell Alam
Yeah, well, I mean, it is practical, you think, you know, broader access to the Internet.
[23:08]
David McCloskey
Of course, you don't have to use.
[23:11]
Russell Alam
North Korean IP addresses, you know, from.
[23:14]
Gordon Carrera
From China, so you can mask where you're coming from.
[23:17]
Russell Alam
Yeah, it's kind of a. It is an outpost, I think, is the right way to think about it, because a lot of what park is.
[23:24]
David McCloskey
Doing in this period. He also gets married, by the way.
[23:27]
Russell Alam
Lucky guy.
[23:28]
David McCloskey
He gets married in September after he goes to China. He refers to his fiance as comrade.
[23:32]
Russell Alam
In the written communications and actually does.
[23:35]
David McCloskey
Go back to North Korea for the wedding.
[23:36]
Russell Alam
But really what he's doing, again, it's the beginnings of. Of what will become the. The heist. But he's just making money, you know, he's. He's making online games and writing the.
[23:48]
David McCloskey
Code for them and then selling them games.
[23:51]
Gordon Carrera
So he's a developer. He's a software developer.
[23:53]
Russell Alam
Yeah, exactly. And, you know, you think from the North Korean standpoint, here's a guy who's.
[23:58]
David McCloskey
Probably one of their most promising cyber recruits. He's come out of this elite organization.
[24:03]
Russell Alam
Or elite university, and he's working for the rgb.
[24:07]
David McCloskey
This is a bit of like his.
[24:08]
Russell Alam
First kind of field expedition. You know, in some ways, it's a field posting to learn how the Internet works, you know, to really understand.
[24:17]
Gordon Carrera
Right.
[24:17]
David McCloskey
To do reconnaissance, in effect, on the open Internet, which is not something he.
[24:21]
Russell Alam
Would have done even in his university days in North Korea.
[24:26]
Gordon Carrera
Because we should be clear that in North Korea, access to the Internet is really limited. I think there's 1% of people have access to it, and what access there is is very tightly controlled. So park has been honing his skills as a software developer, maybe even a hacker. I think that's a great place to take a break before we take him back to Pyongyang to a boom town of meth, pet dogs, plastic surgery, and flashy real estate, all paid for by the Proceeds of Crime.
[25:02]
Russell Alam
This episode is brought to you by.
[25:03]
David McCloskey
Our new friends at NordVPN. Now, Gordon, you have been a NORDVPN user for over a year now. Why do you like them so much?
[25:11]
Gordon Carrera
So many reasons, David. But one particular feature that I love is with just one subscription, you can keep multiple devices Safe. Up to 10 at once with the NordVPN app. I've got lots of laptops and phones at home home that I use for my work and my personal life and I can keep them all safe with just one subscription.
[25:29]
David McCloskey
You can also protect unlimited devices on your router by using NordVPN, which means that it is perfect for keeping your family safe online when they're using social media, email, banking online, or really anything for that matter.
[25:41]
Gordon Carrera
If you want to ensure that you're safe online, you should take advantage of our exclusive NordVPN discount. All you need to do is go to nordvpn.com restisclassified and when you sign up you can receive a bonus four months on on top of your subscription plan and there's no risk with Nord's 30 day money back guarantee. The link is also in the Episode.
[26:04]
David McCloskey
Description box Exclusively on AMC and AMC Plus.
[26:09]
Alexandra Daddario
There's a black cloud that hangs over our family. Anne Rice's Mayfair Witches Return. Slasher's out there hunting Mayfair women.
[26:17]
David McCloskey
You're gonna have a battle on your hands.
[26:19]
Alexandra Daddario
Starring Alexandra Daddario. I'm gonna take care of it, of him. Surrender to the darkness. It's not a sin to kill the devil. Anne Rice's Mayfair Witches new season January 5th exclusively on AMC and AMC. This episode is brought to you by Dutch Bros. Get stoked for all the holly jolly vibes this season at Dutch Bros. Stay cozy with returning winter faves. Hazelnut truffle mocha and candy cane mocha. Plus the new Winter Shimmer Rebel energy drink blends up sweet cream and blue razz flavor with soft top and shimmer sprinks to keep those spirits energized all winter long. Download the Dutch Bros app to find your nearest shop. Order ahead and start earning rewards.
[27:10]
Gordon Carrera
We're back with the story of this amazing cyber heist and David we're in Pyongyang, which I guess may be contrary to what people might expect, is a bit of a boom town in a strange way.
[27:22]
Russell Alam
Gordon My mental model of Pyongyang was massive military parades. You know, very organized, sort of choreographed, kind of big stadiums full of people weeping for the Dear Leader or frankly a famine, you know, a famine ravaged place. And I think the Pyongyang of 2014 that park comes back to is that Kim Jong Un, of course, Rocket man, you know, as Trump famously called him, is now the North Korean leader. And Pyongyang is undergoing massive changes, which I think, you know, park, he's kind of this shadowy figure here because we don't know a lot about him, but I have to think that he's not unaffected by the change in leadership and.
[28:10]
David McCloskey
Frankly, by the fact that Pyongyang is.
[28:12]
Russell Alam
Now, as you said, a boomtown. I mean, you know, Kim, in his first speech marking his grandfather's 100th birthday.
[28:20]
David McCloskey
Says North Koreans will never have to.
[28:23]
Russell Alam
Tighten their belts again. And there is a massive loosening going.
[28:27]
David McCloskey
On in Pyongyang in this era of restrictions on private enterprise.
[28:31]
Russell Alam
There's a massive increase in the number of government approved markets. The population, of course, is still, I.
[28:38]
David McCloskey
Think you could say, undernourished. But it is not a famine, right?
[28:41]
Russell Alam
People are not dying from hunger. The economy is growing. As you teased before the break, there's.
[28:46]
David McCloskey
A tremendous amount of recreational meth usage in North Korea.
[28:50]
Russell Alam
And Kim Jong Un's nickname is Nan Oogi.
[28:54]
David McCloskey
The person who shares, lots of people are making money under him.
[28:59]
Russell Alam
It's also going to him. Most of it is going upward, but, you know, the individual is actually given opportunities to make some cash in the chem economy.
[29:09]
Gordon Carrera
So if you're a person on the make, if you're this young program at park, you're seeing a bit of that boom town life, and you think you've got a shot at being part of it, effectively by having been selected as a. As a hacker. I mean, you've got a route, a road into perhaps wealth or maybe not, if not the top elite, but into this world, I think so.
[29:30]
Russell Alam
I mean, a little bit of speculation here on Park's psychology, I think would be warranted because you got to think this is a guy who has probably improved his family standing significantly by working for the rgb. He's gone to one of the best.
[29:47]
David McCloskey
Schools in the country, right?
[29:49]
Russell Alam
So he is a sort of upwardly.
[29:52]
David McCloskey
Mobile member of the elite. He spent time abroad. Very few North Koreans do that, even if it's just across the border in China.
[29:58]
Russell Alam
And he is in this gold rush kind of Pyongyang, where it's not just working for, you know, an extra ration of rice or anything like that. I mean, he has the opportunity for.
[30:14]
David McCloskey
Some real, you know, conspicuous consumption.
[30:16]
Russell Alam
You know, I mean, more than 10%.
[30:18]
David McCloskey
Of North Koreans have cell phones now.
[30:20]
Russell Alam
And, you know, pet dogs. There's status symbols that would have been absolutely unthinkable a generation earlier. And I got to think that park thinks I want to get me some of that. I mean, that's got to play a.
[30:34]
David McCloskey
Role in his psychology here.
[30:35]
Gordon Carrera
But this is a country which is not exporting much, and yet it seems to be importing all these luxury goods and other things you've been talking about. And it needs money. So where is the money coming from? That's the obvious question. What's supporting the North Korean economy?
[30:50]
Russell Alam
That's right. Well, and it's crime in many respects, you know. How is it being paid? Well, the North Koreans call this the secret war. And this is what park is going.
[31:02]
David McCloskey
To become an elite soldier in the midst of.
[31:05]
Russell Alam
So there is to pay for all of this, a massive uptick in cybercrime in the first kind of decade of Kim's rule. Now, some estimates actually have the hacking.
[31:18]
David McCloskey
Maybe responsible for a third of North Korea's gdp.
[31:23]
Russell Alam
So it is a massive, I mean.
[31:24]
Gordon Carrera
That'S an astonishing figure.
[31:26]
David McCloskey
It's an astonishing figure, right?
[31:27]
Russell Alam
It's, it's insane.
[31:28]
Gordon Carrera
So a third of your. Of the country's income is coming from international crime.
[31:33]
Russell Alam
International crime, exactly. So this is, you know, in some respects, park is part of one of the biggest businesses, you know, in, in North Korea. And I do just, I want to return for a second to sort of put the scale of the consumption, you know, in context because we're of course talking about a Pyongyang, where, I mean.
[31:53]
David McCloskey
That money is going to support two.
[31:54]
Russell Alam
Or three bedroom apartment in Pyongyang is like, like $80,000. The official government salary is four bucks per month. So again, how do you bridge that gap? Kim, the leader, he's got 33 homes.
[32:07]
David McCloskey
28 are linked to private railway stations.
[32:10]
Russell Alam
His main compound covers five square miles.
[32:12]
David McCloskey
He renovated recently.
[32:13]
Russell Alam
Gordon, you'll be happy to know the.
[32:15]
David McCloskey
Price tag of the renovations was a cool $175 million, although of course, it's.
[32:19]
Russell Alam
Hard to verify that. So the money is to do this.
[32:22]
David McCloskey
Is coming from, from this crime.
[32:24]
Russell Alam
Now some of these attacks, of course, are political in nature. The RGB is attempting to gain an.
[32:31]
David McCloskey
Advantage over its adversaries.
[32:33]
Russell Alam
So it's, it's trying to get, you know, IP from Western aerospace and defense.
[32:38]
David McCloskey
Firms, things like that, right?
[32:40]
Gordon Carrera
Yeah.
[32:40]
Russell Alam
So stealing commercial, stealing commercial secrets, something that quote, unquote, normal espionage agencies do.
[32:45]
David McCloskey
The world over, Right.
[32:46]
Russell Alam
But a lot of the crime is just pure cash, right?
[32:50]
David McCloskey
They go after cryptocurrency exchanges.
[32:53]
Russell Alam
There's been multiple billions of dollars raised from those kind of attacks over the past six or seven years. There's ransomware attacks against health care organizations.
[33:03]
David McCloskey
Very famously, there was the attack against Sony Pictures.
[33:06]
Russell Alam
Right. Entertainment, if you remember this one where Sony.
[33:09]
Gordon Carrera
I remember this.
[33:09]
Russell Alam
Sony was releasing that film, the Interview, which ends with a Sort of. I don't think it's actually.
[33:15]
David McCloskey
He's actually named Kim Jong Un, but.
[33:16]
Russell Alam
It'S obviously Kim Jong Un and he's.
[33:18]
David McCloskey
Explodes in a fireball.
[33:20]
Russell Alam
It's set to Katy Perry music.
[33:22]
Gordon Carrera
And they got really upset about that, didn't they? Because the idea of a comedy film making fun of their leader and him being assassinated by, I think visiting journalists caused them enough upset to hack Sony Pictures and steal and release their emails.
[33:36]
David McCloskey
And threaten 911 style attacks on theaters.
[33:39]
Russell Alam
That showed the film for good measure.
[33:42]
Gordon Carrera
You don't have any concerns then about us doing a podcast on North Korea that could.
[33:47]
Russell Alam
Yeah, that's actually. You're saying it too late, Gordon. We're too deep.
[33:51]
Gordon Carrera
We're doing it.
[33:52]
Russell Alam
We're in too deep.
[33:53]
Gordon Carrera
If our stablemates get hacked and their emails released, they can blame us.
[33:57]
Russell Alam
We should hope for the notoriety to land on Kim Jong Un's radar. I think that would be.
[34:02]
David McCloskey
I would welcome such reach.
[34:04]
Gordon Carrera
Be careful what you wish for, frankly.
[34:06]
Russell Alam
That Sony Pictures attack, you know, is.
[34:08]
David McCloskey
Obviously very political in nature.
[34:10]
Russell Alam
There's like a whole separate story there. Right, that could be its own. You know, they of course are going.
[34:15]
David McCloskey
After academics and other institutions to kind.
[34:18]
Russell Alam
Of solicit opinions on North Korea and.
[34:21]
David McCloskey
North Korean policy in the west and.
[34:22]
Russell Alam
Make it look like it's not actually coming from North Korea. It's going after defectors, of course. And critically, Gordon, banks.
[34:30]
David McCloskey
Right?
[34:31]
Russell Alam
They are going after banks from Vietnam to Mexico to Taiwan and Bangladesh.
[34:37]
Gordon Carrera
That's where the money is in the banks. And it's interesting, isn't it, that cybercrime offers a new world for North Korea. You know, we were talking about printing presses before and counterfeit money. I mean, that's a old fashioned way of doing it. Now online, they suddenly realize they've got this opportunity to reach into organizations and institutions around the world and try and either hold them into ransom or in the case of banks, actually steal their money and get inside it. And that seems to be their modus operandi with this one particular hack which we're going to look at. But it's more than a hack, isn't it? It's a heist. It's a proper full on Heist in 2015 where they're looking at trying to get a massive sum of money from a bank. I mean, it is extraordinary how ambitious this is and targeting Bangladesh of all places.
[35:23]
Russell Alam
That's right.
[35:24]
Gordon Carrera
Maybe Precisely because it's not the most obvious place to go for with the highest security risk.
[35:27]
Russell Alam
Well, and I think what their efforts to send these Horribly written spear phishing emails like the one you so graciously read.
[35:35]
Gordon Carrera
Yeah, that was the one I started with.
[35:36]
Russell Alam
They're not being picky about where they're sending those. Right. I mean, they're sending those out to figure out where can we get in.
[35:44]
David McCloskey
Right.
[35:44]
Russell Alam
And between the year before the Bangladesh heist really starts to unfold, there's nine.
[35:51]
David McCloskey
Bank compromises all over the world that are linked back to North Korea now.
[35:56]
Russell Alam
Not on this scale, and unsuccessful ultimately at taking money out. But this isn't someone sort of sitting.
[36:03]
David McCloskey
In Pyongyang thinking it would be great.
[36:05]
Russell Alam
To take Bangladesh down a notch.
[36:07]
David McCloskey
I mean, this is very.
[36:08]
Gordon Carrera
They're trying everywhere.
[36:09]
Russell Alam
They're trying everywhere, exactly.
[36:11]
Gordon Carrera
But what I find fascinating is it's a long running operation. This isn't just a quick, we're going to hack into it. And like you see in the movies where someone hacks into something and then, you know, presses a few buttons and withdraws of millions of dollars, this is something which is very, very well crafted in which they start out with that job seeker email that I read from right at the start where they're using that to get into the Bangladesh systems of a bank. Getting someone to click on the link to think that this is a resume from someone who wants a job and then using that access to effectively get inside the system and then understand the system. And that's a process which they spend months over, don't they? I mean, this is not quick. They are really researching and trying to understand how the bank system works and get access to the machines, get access to the networks and then look for how they can find a plan to basically steal a very large amount of money.
[37:06]
Russell Alam
Exactly. And I think here so much of.
[37:09]
David McCloskey
This story could just be one where we have a mental model of, okay.
[37:12]
Russell Alam
It'S a bunch of hackers kind of sitting in a room somewhere running this thing. But keep in mind this is going on and we don't have any sort of firsthand information on this, but this is an operation going on in being run by the rgb.
[37:29]
David McCloskey
So there is an operational chief to this. This is an espionage operation at the.
[37:34]
Russell Alam
End of the day. And park and his team, they're probably sitting in some kind of brutalist building or compound owned by the rgb.
[37:43]
David McCloskey
Probably doesn't have those hacker hostile vibes.
[37:44]
Russell Alam
It probably feels a little bit more like a barracks. And they are running reconnaissance on the.
[37:52]
David McCloskey
Central bank of Bangladesh network.
[37:54]
Russell Alam
Now.
[37:54]
David McCloskey
It's not a smash and grab job as you mentioned.
[37:57]
Russell Alam
And I think we don't want to be overly technical, Gordon, but I think I'm going to talk dirty here in.
[38:02]
David McCloskey
Code for a second.
[38:03]
Russell Alam
To give you some sense of what.
[38:05]
David McCloskey
The North Koreans are up to, they're using a piece of malware called Nest Egg, which gives them persistent access to these infected machines.
[38:12]
Russell Alam
So you picture someone literally in Central.
[38:14]
David McCloskey
Bank of Bangladesh, HR has clicked on.
[38:16]
Russell Alam
The link that Rasul Alam so graciously.
[38:20]
David McCloskey
Put into his email advertising his services. So they're getting access to these machines. Right. They're using something called Sierra Charlie to then hop from infected machines to more.
[38:30]
Russell Alam
Interesting parts of the bank because they're not ultimately interested in the hr, you know, administrator's computer. They want to get kind of into.
[38:38]
David McCloskey
More sensitive pieces of the bank that are actually responsible for transactions.
[38:42]
Russell Alam
And then they use something called Mack.
[38:44]
David McCloskey
Truck to make that hopping encrypted and critically, to make it invisible to the bank's IT staff.
[38:50]
Russell Alam
So literally, over a reconnaissance operation that.
[38:53]
David McCloskey
Takes almost a year between 2015 and.
[38:56]
Russell Alam
Early 2016, they are moving around in the bank, sort of wiping the malware from the previous machines, covering their tracks.
[39:05]
David McCloskey
And trying to get closer and closer.
[39:07]
Russell Alam
To a system that is so very technical, but that will enable them to move funds in and out of the bank.
[39:17]
Gordon Carrera
And I guess the point is, it is a bit like a heist movie where the effort is really in the reconnaissance, isn't it? Is in coming up with a plan, working out a way of hiding your tracks and being able to get out with the money. It is very similar to that. Rather than just the break in. It's no good just kind of breaking in and people seeing what you're doing. And the key is that they're going for something called swift, which is the mechanism used for banks to move money between themselves, isn't it? Internationally? And that's the key that they realized to be able to get hold of serious money for this heist.
[39:48]
Russell Alam
Yes.
[39:48]
David McCloskey
Swift, the Society for Worldwide Interbank Financial.
[39:52]
Russell Alam
Telecommunications, which is as dry as it sounds. But the North Koreans. And again, you know, I like to think of park and the software, the coders, sitting in a room, eating the North Korean equivalent of Pop Tarts, maybe. And then you've got an operational chief who is starting to think and probably.
[40:12]
David McCloskey
Conceptualizing an operation in which he says, once we get into this SWIFT system.
[40:17]
Russell Alam
How do we think about actually bringing money, bringing actual dollars into North Korea and what they come up with? And again, they've been in the Central bank of Bangladesh's computers for almost a year. By the time we get access to the SWIFT system. So they're very patient. They are looking basically to be able.
[40:40]
David McCloskey
To craft and authenticate and then send.
[40:42]
Russell Alam
Swift messages that look totally legit, that originate from Bangladesh Bank's computer system, and.
[40:50]
David McCloskey
Then to be able to destroy those digital messages so no one else inside.
[40:54]
Russell Alam
The bank would know anything is wrong.
[40:56]
David McCloskey
And what they end up doing once.
[40:57]
Russell Alam
They get access to Swift is it's very. Again, this code being sort of simple and brutal, they're able to accomplish all.
[41:05]
David McCloskey
This by getting into the Swift system source code and then just deleting a few characters.
[41:11]
Russell Alam
So it's a year of work. I mean, like, I think in all.
[41:15]
David McCloskey
Good espionage operations, the gap that you're.
[41:19]
Russell Alam
Looking toward is very small, but you've.
[41:22]
David McCloskey
Had to do a tremendous amount of.
[41:24]
Russell Alam
Legwork to kind of get to that point.
[41:27]
David McCloskey
And so on Thursday 4th February, 2016.
[41:30]
Russell Alam
That groundwork is laid. Park and his RGB comrades are in the Swift system at the Central bank of Bangladesh, and they are about to initiate one of the largest bank robberies in history.
[41:44]
Gordon Carrera
Well, David, that seems like a good place to leave it there with the RGB and Park, at least in cyber terms, walking into the vault with all those gold bars and all that bullion in front of them. And when we come back next time, we'll see how they get away with carrying out the loot. Thanks for listening to the rest is classified. See you next time.
[42:03]
Russell Alam
Goodbye.