Last August, Pune-based Cosmos Bank was hit by a cyber-attack in which miscreants hacked the server and transferred over Rs 94 crore to overseas accounts in just two days.
According a recent report by a United Nations Security Council panel of experts, the Democratic People's Republic of Korea (DPRK) was behind the attack. This is reportedly the first such study by any agency confirming this linkage.
"The Panel notes a trend in the Democratic People's Republic of Korea's evasion of financial sanctions of using cyberattacks to illegally force the transfer of funds from financial institutions and cryptocurrency exchanges," read the report. Talking about the Cosmos Bank attack, in which crores were withdrawn in more than 14,000 simultaneous ATM withdrawals in 28 countries as well as in additional transfers to an account belonging to a Hong Kong-based company using SWIFT, it added that on October 2, 2018, "the United States responded to these attacks by issuing a 'FASTCash Campaign' alert" for North Korea.
The report broadly examined and analysed information regarding the implementation of the UN sanctions imposed on the Democratic People's Republic of Korea (DPRK) for its nuclear weapons programme, focussing particularly on incidents of non-compliance. It also offers a series of recommendations to assist Member States and the Security Council in addressing implementation challenges and shortcomings of the sanctions.
According to the panel, since 2016, the country has become an increasingly sophisticated actor in cyberattacks for financial gain, with tools and tactics steadily improving. According to them, the Cosmos attack was "a more advanced, well-planned and highly coordinated operation that bypassed three main layers of defence contained in International Criminal Police Organization (INTERPOL) banking/ATM attack mitigation guidance". Not only were the actors able to compromise the SWIFT network in the Cosmos case to transfer the funds to other accounts, but they simultaneously compromised internal bank processes to bypass transaction verification procedures and order worldwide transfers.
"It is absolutely possible that the attacks originated from North Korea and withdrawals happened elsewhere across 31 countries. It is a well-oiled syndicate," Milind Kale, chairman, Cosmos Bank, told The Times of India. Established in 1906, the Cosmos Bank is one of the oldest cooperative banks in India. Kale added that investigations by the cyber cell in Pune were at advanced stages and that they were very close to getting to the mastermind.
The Pune police to date has recovered about Rs 8 lakh from people who withdrew money from the ATMs and has reportedly arrested 12 persons - mostly money mules - from various cities. The department also claimed to have received positive response from 18 of the 28 countries it wrote to concerning the heist. "We shall take cognisance of the report once we access it from the appropriate authorities," Deputy Commissioner of Police (EOW), Sambhaji Kadam, told the daily.
Significantly, the 378-page report also noted that in addition to attacks on fiat currency North Korea has also carried out cyber-attacks involving cryptocurrencies since the latter made it easier for the country to evade sanctions.
After all, Bitcoins and its brethren are not only harder to trace but can also be laundered many times and are independent from government regulation. "According to one estimate, the Democratic People's Republic of Korea carried out at least five successful attacks against cryptocurrency exchanges in Asia between January 2017 and September 2018, resulting in a total loss of $571 million," it added.