Imagine that you are a low-paid worker in India who is offered one day to become an extra in a Bollywood film, writes the BBC. your role? Go to an ATM and withdraw some money.
In 2018, several men in the state of Maharashtra thought they were signing up for a role in a film, but were actually money mules raising money for an ambitious operation.
The operation was carried out over the weekend and focused on Cosmos Co-operative bank (India), which is headquartered in Pune. On a quiet Saturday afternoon, employees at the bank’s head office received a series of alarming messages from Visa in the United States, alerting them to thousands of ATM withdrawals by people using Cosmos Bank cards. When the Cosmos team audited their own systems, they did not notice any anomalous transactions.
About half an hour later, just in case, they allowed Visa to stop all transactions on Cosmos bank cards. But it was too late. More than 14 million dollars were withdrawn.
It was a crime that was impressive in its scope and careful timing. ATMs from 28 different countries were involved, including the US, UK, United Arab Emirates and Russia. Everything happened in just two hours and 13 minutes – like an unusual global flash mob.
Eventually, researchers will trace its origin: a group of hackers who have committed such crimes before, apparently at the behest of the North Korean state
Before they got the bigger picture, investigators in Maharashtra were stunned to see CCTV footage of dozens of men walking up to ATMs, inserting bank cards and stuffing bills into bags.
“We were not aware of such a network of money mules,” says Inspector General Brijesh Singh, who led the investigation.
The network had a manager who monitored ATM transactions in real time on a laptop, Singh says. Using CCTV footage as well as mobile phone data from areas near ATMs, Indian investigators were able to arrest 18 suspects. Now most of them are in prison awaiting trial.
Among those detained are a waiter, a driver and a cobbler. Another had a diploma in pharmacy. “They were gentle people,” he says.
Investigators believe that the secretive and isolated state of North Korea is behind the theft.
North Korea is one of the poorest countries in the world, but much of its limited resources go into developing nuclear weapons and ballistic missiles, activities banned by the UN Security Council.
Since coming to power 11 years ago, North Korean leader Kim Jong Un has overseen an unprecedented campaign of weapons testing, including four nuclear tests and several provocative attempts to test and launch intercontinental ballistic missiles.
US authorities believe the North Korean government is using a group of elite hackers to break into banks and financial institutions around the world to steal the money it needs to keep its economy afloat and fund its weapons program.
Dubbed the Lazarus Network, the hackers are believed to be part of North Korea’s powerful military intelligence unit.
The Lazarus Group was accused of trying to steal $1 billion from Bangladesh’s central bank in 2016 and masterminding the WannaCry cyber attack.
North Korea strongly denies the existence of the Lazarus Group and all allegations of state hacking attacks.
To rob Cosmos Bank, hackers used a technique known as “jackpotting” — so named because the ATM dispenses money as if you’d won the jackpot on a slot machine. The bank’s systems were first hacked in the classic way: through a phishing email opened by an employee who infected the computer network with malware. Once inside, the hackers hacked a piece of software called an ATM switch that sends a message to the bank to confirm a cash withdrawal.
This gave hackers the ability to allow their accomplices to withdraw money from ATMs anywhere in the world. The only thing they couldn’t change was the maximum amount for each draw, so they needed a lot of cards and a lot of people on the field.
In preparation for the attack, they worked with accomplices to create “cloned” ATM cards – using real bank details to create duplicate cards.
The British security company BAE Systems immediately suspected that this was the work of the Lazarus Group. He had been following them for months and knew they were going to attack an Indian bank. They just didn’t know what it would be like
US and South Korean authorities estimate that North Korea has up to 7,000 trained hackers. They are unlikely to all operate from within a country where few people have access to the Internet, making it difficult to hide user activity. Instead, they are often sent abroad.
Ryu Hyun-woo, a former North Korean diplomat and one of the oldest defectors from the regime, spoke about how hackers operate abroad.
In 2017, he worked at the North Korean embassy in Kuwait, helping to oversee the employment of approximately 10,000 North Koreans in the region. At the time, many were working in construction in the Persian Gulf and, like all North Korean workers, were forced to hand over most of their wages to the regime.
He said his office received daily calls from a North Korean manager who managed 19 hackers who lived and worked in cramped quarters in Dubai. “That’s really all they need: a computer connected to the Internet,” he said.
The US authorities called them “the world’s leading bank robbers”, using “keyboards, not guns”.
Full story on BBC
Photo source: Fotokitas, Dreamstime.com
Source: Hot News
Ashley Bailey is a talented author and journalist known for her writing on trending topics. Currently working at 247 news reel, she brings readers fresh perspectives on current issues. With her well-researched and thought-provoking articles, she captures the zeitgeist and stays ahead of the latest trends. Ashley’s writing is a must-read for anyone interested in staying up-to-date with the latest developments.