Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:02,000 --> 00:00:07,000
Downloaded from
YTS.MX
2
00:00:08,000 --> 00:00:13,000
Official YIFY movies site:
YTS.MX
3
00:01:10,809 --> 00:01:12,115
It's Friday,
4
00:01:12,115 --> 00:01:15,423
and it is, of course,
the Muslim prayer day.
5
00:01:15,423 --> 00:01:18,513
Everyone's off,
except for the skeleton staff
6
00:01:18,513 --> 00:01:20,645
at the Bangladeshi Bank,
7
00:01:20,645 --> 00:01:24,562
including Zubair Bin Huda,
who is the duty manager.
8
00:01:27,870 --> 00:01:31,395
He's part of
the elite team of employees
9
00:01:31,395 --> 00:01:35,095
who run
the SWIFT banking system,
10
00:01:35,095 --> 00:01:38,663
which is a highly secure
banking system
11
00:01:38,663 --> 00:01:41,318
that sends money
around the world.
12
00:01:43,538 --> 00:01:47,281
Now, Bin Huda goes,
as he does every day,
13
00:01:47,281 --> 00:01:49,152
to the SWIFT printer
14
00:01:49,152 --> 00:01:53,374
to check up on the transactions
from the day before.
15
00:01:53,374 --> 00:01:56,159
There are usually printouts
16
00:01:56,159 --> 00:01:58,422
of transactions
that came in overnight.
17
00:01:58,422 --> 00:02:02,774
The SWIFT software would print
out a ledger every single day,
18
00:02:02,774 --> 00:02:06,952
an audit trace of every single
transaction that occurred
19
00:02:06,952 --> 00:02:08,693
on paper.
20
00:02:08,693 --> 00:02:11,392
But when they came in
on February 5th morning,
21
00:02:11,392 --> 00:02:12,871
as they usually do,
22
00:02:12,871 --> 00:02:15,744
they found there were
no SWIFT messages at all.
23
00:02:15,744 --> 00:02:20,009
In fact, the printer's
shut down. It won't work.
24
00:02:20,009 --> 00:02:21,358
They try and turn it on.
25
00:02:21,358 --> 00:02:25,188
Nothing will kick it
back into life.
26
00:02:25,188 --> 00:02:28,148
He assumes it was simply
a technical error,
27
00:02:28,148 --> 00:02:30,193
shrugs, goes home for the night,
28
00:02:30,193 --> 00:02:32,282
comes back in
on Saturday morning
29
00:02:32,282 --> 00:02:34,502
to check the system again.
30
00:02:35,677 --> 00:02:36,939
The next day,
31
00:02:36,939 --> 00:02:40,160
they somehow manually
get the printer to work.
32
00:02:40,160 --> 00:02:42,466
This deputy head manager
walks in the room,
33
00:02:42,466 --> 00:02:46,122
the printer starts working, and
these weird messages come out.
34
00:02:46,122 --> 00:02:49,560
The printer
starts spewing out
35
00:02:49,560 --> 00:02:51,736
all of these transactions,
36
00:02:51,736 --> 00:02:56,306
including individual requests
to the Fed in New York
37
00:02:56,306 --> 00:02:59,353
for $1 billion.
38
00:03:01,268 --> 00:03:04,880
At that moment,
it's panic stations.
39
00:03:44,789 --> 00:03:50,230
When I was growing up,
the biggest crime in Britain
40
00:03:50,230 --> 00:03:52,319
ever recorded
was the Great Train Robbery.
41
00:03:52,319 --> 00:03:56,366
It was an extraordinary thing.
They stole about £2.5 million.
42
00:03:56,366 --> 00:03:58,760
That's about $4 million.
43
00:03:58,760 --> 00:04:04,244
And that story
ran literally for 30 years.
44
00:04:05,245 --> 00:04:06,768
Four million dollars.
45
00:04:07,856 --> 00:04:10,293
What you're about to hear
46
00:04:10,293 --> 00:04:14,036
is the story of an attempt
to steal...
47
00:04:15,037 --> 00:04:17,518
a billion dollars
48
00:04:18,475 --> 00:04:20,434
It's told by world-leading
49
00:04:20,434 --> 00:04:23,959
cybersecurity and legal experts
and journalists:
50
00:04:23,959 --> 00:04:26,309
the very people
who uncovered the facts
51
00:04:26,309 --> 00:04:27,919
and threaded them together
52
00:04:27,919 --> 00:04:32,489
to reveal how dangerous the
world of cybercrime is today.
53
00:04:49,898 --> 00:04:53,336
So, there are four big threats
54
00:04:53,336 --> 00:04:57,471
to the world
and to the human race.
55
00:04:57,471 --> 00:04:59,603
One of them
we've just experienced,
56
00:04:59,603 --> 00:05:01,736
that's the pandemic.
57
00:05:01,736 --> 00:05:04,826
Then you've got weapons
of mass destruction.
58
00:05:04,826 --> 00:05:08,220
You've got climate change.
59
00:05:08,220 --> 00:05:13,965
But barrelling down towards us
before those is cyber.
60
00:05:24,498 --> 00:05:25,934
This is the possibility
61
00:05:25,934 --> 00:05:30,068
of our overdependency
on network technologies
62
00:05:30,068 --> 00:05:34,943
being undermined, either by
malfunctioning of the system...
63
00:05:34,943 --> 00:05:36,597
New problems are emerging
64
00:05:36,597 --> 00:05:39,164
the day after an Amazon
web service outage.
65
00:05:39,164 --> 00:05:42,254
Massive and mysterious,
a global outage...
66
00:05:42,254 --> 00:05:45,214
...or by a targeted attack.
67
00:05:45,214 --> 00:05:47,129
More than a thousand companies
68
00:05:47,129 --> 00:05:49,305
have been crippled
by this attack so far.
69
00:05:49,305 --> 00:05:52,264
Sounds like we're looking
at a 2022 with more hacks,
70
00:05:52,264 --> 00:05:53,570
more lost money.
71
00:05:59,924 --> 00:06:04,233
So, when I started hunting
hackers in the early 1990s...
72
00:06:05,452 --> 00:06:07,671
our enemy was really simple.
73
00:06:07,671 --> 00:06:10,152
All the malware,
all the viruses,
74
00:06:10,152 --> 00:06:13,111
all the attacks were
done by teenage boys.
75
00:06:13,111 --> 00:06:15,462
What will your parents think?
76
00:06:17,594 --> 00:06:20,815
I've been doing this job
for two decades now.
77
00:06:24,253 --> 00:06:25,472
When we first started,
78
00:06:25,472 --> 00:06:27,909
the people writing viruses
and malware
79
00:06:27,909 --> 00:06:29,476
were doing it for fun,
80
00:06:29,476 --> 00:06:32,392
to get their name in lights,
to say, "Look what I can do."
81
00:06:32,392 --> 00:06:34,655
No flash, please.
82
00:06:34,655 --> 00:06:37,788
When I started analysing
viruses, they looked like this.
83
00:06:37,788 --> 00:06:41,052
Malware was still spread
on floppy disks.
84
00:06:41,052 --> 00:06:44,708
They were spreading at the speed
of people travelling the world
85
00:06:44,708 --> 00:06:47,102
and carrying the viruses
with them.
86
00:06:47,102 --> 00:06:50,540
Michelangelo has
proven less harmful than feared.
87
00:06:50,540 --> 00:06:53,108
All the stuff you've got
in there you may really want,
88
00:06:53,108 --> 00:06:54,414
it's just gone?
89
00:06:54,414 --> 00:06:56,459
Then the internet came around,
and suddenly,
90
00:06:56,459 --> 00:06:59,331
malware outbreaks could
go around the world in seconds.
91
00:06:59,331 --> 00:07:00,942
For the last 36 hours,
92
00:07:00,942 --> 00:07:04,685
the ILOVEYOU virus has been
creating havoc around the world.
93
00:07:04,685 --> 00:07:08,166
Experts have reason to worry.
The first attack, July 19th,
94
00:07:08,166 --> 00:07:11,648
infected about 300,000
systems in nine hours.
95
00:07:11,648 --> 00:07:14,129
First of all, the guys who
make a living doing security
96
00:07:14,129 --> 00:07:16,044
and are trying to protect themselves
97
00:07:16,044 --> 00:07:19,569
are scared shitless of you,
because you can just ruin 'em.
98
00:07:19,569 --> 00:07:20,875
After the period of time
99
00:07:20,875 --> 00:07:22,529
where hackers
were just doing things for fun,
100
00:07:22,529 --> 00:07:26,010
some of them realised that they
could use it to make money.
101
00:07:28,535 --> 00:07:31,668
Prior to, like, the 2000s...
102
00:07:31,668 --> 00:07:35,716
cyber was primarily around
a disruption of websites...
103
00:07:36,630 --> 00:07:38,893
defacement of a webpage.
104
00:07:38,893 --> 00:07:42,505
Just as we got around 2000,
the dot-com boom, the explosion,
105
00:07:42,505 --> 00:07:44,376
we started into
what would become
106
00:07:44,376 --> 00:07:46,161
financially motivated hackers.
107
00:07:46,161 --> 00:07:49,033
This really flourished,
especially in Eastern European,
108
00:07:49,033 --> 00:07:53,124
Russia, CIS bloc countries.
109
00:07:53,124 --> 00:07:55,953
This was the time
of gangster capitalism,
110
00:07:55,953 --> 00:08:00,001
when everyone's world in Eastern
Europe was falling apart,
111
00:08:00,001 --> 00:08:02,612
where organised crime and...
112
00:08:02,612 --> 00:08:05,528
former members of
the intelligence services
113
00:08:05,528 --> 00:08:09,314
were taking hold
of the economy.
114
00:08:10,881 --> 00:08:14,276
So you had a lot of young people
in the 1990s
115
00:08:14,276 --> 00:08:17,932
who were very good
mathematicians, physicists,
116
00:08:17,932 --> 00:08:20,282
computer scientists,
117
00:08:20,282 --> 00:08:23,503
who simply took
the logic and the morality
118
00:08:23,503 --> 00:08:26,593
of gangster capitalism online.
119
00:08:30,074 --> 00:08:32,163
Virus writers
were writing viruses
120
00:08:32,163 --> 00:08:33,817
to infect Windows computers,
121
00:08:33,817 --> 00:08:36,951
and those computers were then
sold to email spammers,
122
00:08:36,951 --> 00:08:39,954
who were using those machines
to send Viagra spam
123
00:08:39,954 --> 00:08:42,652
or what have you,
basically making money.
124
00:08:42,652 --> 00:08:44,436
And that changed everything.
125
00:08:48,789 --> 00:08:51,574
People at that time
began to use online banking,
126
00:08:51,574 --> 00:08:54,621
and they began to steal people's
online banking credentials,
127
00:08:54,621 --> 00:08:57,275
from there, also get
credit card numbers,
128
00:08:57,275 --> 00:08:59,408
and use that
to basically transfer funds.
129
00:08:59,408 --> 00:09:02,672
Just in hundreds of dollars at
a time from these individuals.
130
00:09:02,672 --> 00:09:05,893
They eventually realised
that going after individuals
131
00:09:05,893 --> 00:09:07,198
was much more difficult
132
00:09:07,198 --> 00:09:10,288
than just going after
the banks themselves.
133
00:09:10,288 --> 00:09:11,942
Get into databases,
134
00:09:11,942 --> 00:09:14,423
those databases held
credit card numbers.
135
00:09:14,423 --> 00:09:17,600
Take those numbers and then
sell them on the black market.
136
00:09:19,341 --> 00:09:23,345
Originally, the internet
was set up at the Pentagon...
137
00:09:25,042 --> 00:09:29,003
just to be able to share
resources between computers.
138
00:09:32,136 --> 00:09:35,226
And it was really never
designed to have
139
00:09:35,226 --> 00:09:38,490
banking attached to it,
140
00:09:38,490 --> 00:09:41,711
critical infrastructure
attached to it.
141
00:09:41,711 --> 00:09:44,366
It was really designed
for availability.
142
00:09:44,366 --> 00:09:47,108
It was never designed
for security.
143
00:09:48,500 --> 00:09:50,502
Whereas in the early 1990s
144
00:09:50,502 --> 00:09:53,505
when there was only 30,000
people connected to it
145
00:09:53,505 --> 00:09:56,813
and several hundred systems,
we've moved to a system
146
00:09:56,813 --> 00:09:59,947
which essentially is the
backbone of global finance.
147
00:10:01,339 --> 00:10:04,560
The fact that
it's able to do that...
148
00:10:04,560 --> 00:10:07,432
the fact that it's able
to sustain currently between
149
00:10:07,432 --> 00:10:10,392
15 and 20 percent
of GDP globally
150
00:10:10,392 --> 00:10:12,742
tells us something about
just how important
151
00:10:12,742 --> 00:10:14,918
this infrastructure is.
152
00:10:14,918 --> 00:10:17,094
Why did people move
into the internet
153
00:10:17,094 --> 00:10:18,661
to seek economic opportunity?
154
00:10:18,661 --> 00:10:21,621
Because that's where the
economic opportunity was,
155
00:10:21,621 --> 00:10:23,579
untethered by norms,
156
00:10:23,579 --> 00:10:25,799
untethered
by national boundaries,
157
00:10:25,799 --> 00:10:28,497
and essentially limited
only by the creativity
158
00:10:28,497 --> 00:10:30,194
that these individuals had.
159
00:10:40,814 --> 00:10:43,817
The user nagged
the Federal Reserve Bank
160
00:10:43,817 --> 00:10:48,386
with 35 payment instructions
worth $951 million.
161
00:10:48,386 --> 00:10:50,867
We'd just never heard
of such a thing before.
162
00:10:50,867 --> 00:10:53,043
We'd been investigating cybercrime
163
00:10:53,043 --> 00:10:55,567
for a couple of decades
at that point.
164
00:10:55,567 --> 00:10:57,700
You see cyber criminals go in,
165
00:10:57,700 --> 00:11:01,748
and they try to transfer a few
hundred thousands of dollars,
166
00:11:01,748 --> 00:11:05,055
maybe a million,
a couple of million.
167
00:11:05,055 --> 00:11:09,059
But conducting a cyber-attack
to try to steal one billion?
168
00:11:09,059 --> 00:11:13,020
That was an order of magnitude
that we had never seen before.
169
00:11:13,020 --> 00:11:14,674
It was clear from early on
170
00:11:14,674 --> 00:11:18,112
that it was one of the biggest
cyber heists in the world.
171
00:11:18,112 --> 00:11:20,505
When we first started
hearing rumours
172
00:11:20,505 --> 00:11:23,813
about something affecting
SWIFT network,
173
00:11:23,813 --> 00:11:26,424
I didn't understand
how big it was.
174
00:11:26,424 --> 00:11:28,122
But when we started realising
175
00:11:28,122 --> 00:11:30,646
this is at a completely
different scale,
176
00:11:30,646 --> 00:11:32,561
it just blew my mind.
177
00:11:46,314 --> 00:11:47,445
Once they realised
178
00:11:47,445 --> 00:11:49,578
that the money actually
was really gone,
179
00:11:49,578 --> 00:11:51,623
then the panic began to set in.
180
00:11:51,623 --> 00:11:56,890
They lost $81 million instantly
to a bank in the Philippines.
181
00:11:56,890 --> 00:11:59,980
They see the $81 million
has already gone
182
00:11:59,980 --> 00:12:05,855
and that nearly $900 million
extra has been requested.
183
00:12:08,815 --> 00:12:13,254
They basically try to figure out
what to do next.
184
00:12:13,254 --> 00:12:15,865
They have no idea what to do.
185
00:12:15,865 --> 00:12:19,129
They hunted for ways to contact
the New York Fed.
186
00:12:20,957 --> 00:12:23,655
Desperate calls are made
by them.
187
00:12:27,834 --> 00:12:29,749
And it goes
to an answering machine.
188
00:12:29,749 --> 00:12:31,751
You've reached
the Federal Reserve Bank...
189
00:12:31,751 --> 00:12:33,622
Because it's Saturday
in New York,
190
00:12:33,622 --> 00:12:36,016
and nobody's picking
up the phone.
191
00:12:36,016 --> 00:12:39,106
- Please call back...
- It's a complete shitshow.
192
00:12:39,106 --> 00:12:43,153
Total disorganisation,
at both ends, I would stress.
193
00:12:45,503 --> 00:12:49,246
The New York Times Magazine
was planning a true-crime issue,
194
00:12:49,246 --> 00:12:50,421
and my editor came to me
195
00:12:50,421 --> 00:12:52,902
and asked I was interested
in doing it.
196
00:12:54,251 --> 00:12:55,600
I looked into it a bit.
197
00:12:55,600 --> 00:12:58,125
There definitely were
some intriguing elements,
198
00:12:58,125 --> 00:12:59,779
and made me pay attention.
199
00:13:02,129 --> 00:13:04,435
The Federal Reserve
has pretty much
200
00:13:04,435 --> 00:13:07,177
depended on the SWIFT
banking system,
201
00:13:07,177 --> 00:13:11,878
and since there has rarely
been a hack, if ever,
202
00:13:11,878 --> 00:13:14,837
of the SWIFT banking system...
203
00:13:14,837 --> 00:13:18,058
the Federal Reserve
has never instituted
204
00:13:18,058 --> 00:13:20,800
any sort of 24-7 hotline.
205
00:13:22,540 --> 00:13:26,501
Eventually, they get
hold of somebody at SWIFT,
206
00:13:26,501 --> 00:13:28,155
and SWIFT says,
207
00:13:28,155 --> 00:13:29,765
"Just shut the whole lot down
208
00:13:29,765 --> 00:13:32,507
until we know
what's going on here."
209
00:13:32,507 --> 00:13:36,163
Badrul Khan decides before he
can actually make that decision,
210
00:13:36,163 --> 00:13:39,166
he has to talk to the deputy
governor of the bank,
211
00:13:39,166 --> 00:13:40,820
which he does.
212
00:13:40,820 --> 00:13:43,823
Deputy governor doesn't want to
take the decision upon himself,
213
00:13:43,823 --> 00:13:47,435
so he talks to the governor.
And guess what.
214
00:13:47,435 --> 00:13:50,655
The governor says,
"It's probably a mistake.
215
00:13:50,655 --> 00:13:52,614
We won't shut it down."
216
00:13:56,009 --> 00:13:58,750
Work week begins
at the Bangladesh Bank
217
00:13:58,750 --> 00:14:00,187
on Sunday morning,
218
00:14:00,187 --> 00:14:02,972
and it's then that the general
manager of the bank
219
00:14:02,972 --> 00:14:05,845
comes in and begins to take
stock of what had happened.
220
00:14:05,845 --> 00:14:07,411
They're running out of options.
221
00:14:07,411 --> 00:14:11,111
They're not sure what to do.
Fed is still closed in New York.
222
00:14:11,111 --> 00:14:13,200
They go through
all the SWIFT material,
223
00:14:13,200 --> 00:14:16,072
discover that most of
the money has gone
224
00:14:16,072 --> 00:14:18,205
to the bank in Manila.
225
00:14:18,205 --> 00:14:21,164
And these desperate
messages are sent out:
226
00:14:21,164 --> 00:14:22,600
"Stop the transactions.
227
00:14:22,600 --> 00:14:25,168
Hold that money. Do not
allow it to be withdrawn.
228
00:14:25,168 --> 00:14:27,127
It's our money.
It's been stolen."
229
00:14:28,650 --> 00:14:30,260
But there's a problem.
230
00:14:30,260 --> 00:14:32,219
Five, four,
231
00:14:32,219 --> 00:14:35,135
three, two, one!
232
00:14:35,135 --> 00:14:37,920
Happy New Year!
233
00:14:41,924 --> 00:14:43,795
It's Chinese New Year,
234
00:14:43,795 --> 00:14:46,929
and the Rizal Commercial Bank
is closed.
235
00:14:51,673 --> 00:14:56,199
The thieves chose
a sequence of days...
236
00:14:56,199 --> 00:15:00,638
from Friday, Saturday,
Sunday and Monday,
237
00:15:00,638 --> 00:15:03,815
when one or another
of the three countries
238
00:15:03,815 --> 00:15:06,557
that would be communicating
with one another
239
00:15:06,557 --> 00:15:09,169
was shut down for a holiday.
240
00:15:15,566 --> 00:15:17,612
You've got to hand it
to these guys.
241
00:15:17,612 --> 00:15:19,005
They knew it.
242
00:15:19,005 --> 00:15:21,703
They knew that if they did it
over that weekend,
243
00:15:21,703 --> 00:15:23,966
with the Friday,
the Muslim holiday,
244
00:15:23,966 --> 00:15:27,187
the Sunday and the Saturday,
everything closed in New York,
245
00:15:27,187 --> 00:15:30,538
and the Monday,
Chinese New Year.
246
00:15:32,322 --> 00:15:37,110
They've got four days
to get the heist done.
247
00:15:37,110 --> 00:15:39,373
This is really classy planning.
248
00:15:41,375 --> 00:15:45,422
In that respect,
it was really an ingenious plan.
249
00:15:45,422 --> 00:15:49,426
It's kind of like a great film
director in a malevolent way,
250
00:15:49,426 --> 00:15:53,082
planning out, you know,
a very complex film.
251
00:15:56,433 --> 00:15:58,131
The country of Bangladesh
252
00:15:58,131 --> 00:16:01,873
is the 170th poorest country
in the world.
253
00:16:01,873 --> 00:16:04,267
One billion dollars
is huge to them.
254
00:16:04,267 --> 00:16:06,356
When we talk
about cyber-attacks,
255
00:16:06,356 --> 00:16:08,054
they're not just zeros and ones.
256
00:16:08,054 --> 00:16:10,186
We're not just talking
about people
257
00:16:10,186 --> 00:16:13,755
moving around zeros and ones,
deleting zeros and ones.
258
00:16:15,539 --> 00:16:18,107
One billion dollars
to Bangladesh
259
00:16:18,107 --> 00:16:21,545
potentially means that people
starve in the country.
260
00:16:21,545 --> 00:16:25,245
These things have potential
serious repercussions.
261
00:16:27,725 --> 00:16:30,206
The Bangladesh Bank
heist was significant
262
00:16:30,206 --> 00:16:34,297
because it showed how fragile
global banking was as a whole.
263
00:16:36,169 --> 00:16:40,260
Banks don't just operate
as single isolated entities.
264
00:16:40,260 --> 00:16:42,784
They're part of a system.
265
00:16:42,784 --> 00:16:45,482
And that system is vulnerable.
266
00:16:47,702 --> 00:16:52,402
The US Federal Reserve holds
trillions of dollars in accounts
267
00:16:52,402 --> 00:16:55,579
kept by central banks
all around the world.
268
00:16:55,579 --> 00:16:59,279
Its computer security systems
are state of the art, making it
269
00:16:59,279 --> 00:17:03,587
one of the most difficult
financial institutions to hack.
270
00:17:07,287 --> 00:17:10,551
The criminals realise
that it can't get into
271
00:17:10,551 --> 00:17:14,076
the network system of the Fed,
272
00:17:14,076 --> 00:17:17,906
but the Fed has to talk
to other central banks
273
00:17:17,906 --> 00:17:19,777
around the world,
274
00:17:19,777 --> 00:17:23,390
and this is
where they find a flaw.
275
00:17:25,305 --> 00:17:27,437
The criminals turn
their attention
276
00:17:27,437 --> 00:17:30,440
to the banks'
communication systems.
277
00:17:31,963 --> 00:17:35,402
Every day, the Fed places
thousands of transactions
278
00:17:35,402 --> 00:17:39,058
on behalf of the central banks
that hold US dollar reserves
279
00:17:39,058 --> 00:17:40,320
at the Fed.
280
00:17:40,320 --> 00:17:42,757
The Federal Reserve
has pretty much depended
281
00:17:42,757 --> 00:17:45,107
on the SWIFT banking system
282
00:17:45,107 --> 00:17:48,067
to get its instructions
about transfers.
283
00:17:48,067 --> 00:17:51,026
SWIFT sends money
around the world
284
00:17:51,026 --> 00:17:52,941
to thousands of member banks.
285
00:17:52,941 --> 00:17:57,946
It's the main way that banks
dispatch money to one another.
286
00:17:59,165 --> 00:18:01,602
SWIFT allows you
to transfer money
287
00:18:01,602 --> 00:18:02,777
from one bank to another,
288
00:18:02,777 --> 00:18:04,561
no matter where you are
in the world.
289
00:18:04,561 --> 00:18:07,347
Make international
wire transfers.
290
00:18:07,347 --> 00:18:11,568
The whole banking system
is integrated,
291
00:18:11,568 --> 00:18:15,659
and they depend
above all else on SWIFT,
292
00:18:15,659 --> 00:18:21,143
the international transaction
mechanisms, to work.
293
00:18:21,143 --> 00:18:23,319
What it means is,
all it takes
294
00:18:23,319 --> 00:18:28,803
is a single weak link
to bring down the whole network.
295
00:18:30,370 --> 00:18:33,373
So although the target
is the Fed,
296
00:18:33,373 --> 00:18:37,725
they are looking for a bank
with which the Fed communicates,
297
00:18:37,725 --> 00:18:42,338
which holds a lot
of its reserves in New York.
298
00:18:42,338 --> 00:18:44,123
But it's a long way away,
299
00:18:44,123 --> 00:18:48,562
in a distant time zone
from the Fed,
300
00:18:48,562 --> 00:18:51,304
and it's likely to have
301
00:18:51,304 --> 00:18:56,396
patchy security systems in place
in its computer network.
302
00:18:58,963 --> 00:19:00,791
My colleagues in Dhaka,
303
00:19:00,791 --> 00:19:04,012
they were chasing it
for a long time.
304
00:19:04,012 --> 00:19:07,450
It was a robbery of a scale
that we hadn't heard of.
305
00:19:09,235 --> 00:19:11,585
The first thought
that came to my mind was,
306
00:19:11,585 --> 00:19:14,631
because it was the
Bangladeshi Central Bank,
307
00:19:14,631 --> 00:19:17,243
I thought the hackers found it
308
00:19:17,243 --> 00:19:19,549
somehow easier to target it.
309
00:19:19,549 --> 00:19:21,377
Because it was Bangladesh,
310
00:19:21,377 --> 00:19:24,424
I suspected they would
be more vulnerable
311
00:19:24,424 --> 00:19:26,774
to cyber-attacks as such.
312
00:19:28,515 --> 00:19:31,344
"Hmm. A Bangladeshi bank.
313
00:19:31,344 --> 00:19:33,998
Probably doesn't have
the same level of security
314
00:19:33,998 --> 00:19:36,218
and if they do,
it's probably one or two people,
315
00:19:36,218 --> 00:19:40,222
not a team of 6,000
working on it.
316
00:19:41,136 --> 00:19:42,355
Let's go for it."
317
00:19:42,355 --> 00:19:44,661
These attackers
weren't just skilled
318
00:19:44,661 --> 00:19:45,923
in breaching networks,
319
00:19:45,923 --> 00:19:47,838
figuring out how
to get into an organisation.
320
00:19:47,838 --> 00:19:52,016
They had to study that
SWIFT software deeply.
321
00:19:52,016 --> 00:19:55,194
This attack happened
well before that February 5th,
322
00:19:55,194 --> 00:19:56,847
when the bank employee walked in
323
00:19:56,847 --> 00:19:59,894
and saw that printer hadn't
printed out the audit jobs
324
00:19:59,894 --> 00:20:01,939
and couldn't figure out
what was going on.
325
00:20:01,939 --> 00:20:04,812
This attack started more
than a year prior to that.
326
00:20:04,812 --> 00:20:07,293
These attackers had been
working for months
327
00:20:07,293 --> 00:20:09,120
in the build-up until that day.
328
00:20:09,120 --> 00:20:11,253
It is a mistake
for people to think
329
00:20:11,253 --> 00:20:13,560
that this was something
that happened overnight.
330
00:20:13,560 --> 00:20:15,649
It is a mistake
for people to think
331
00:20:15,649 --> 00:20:18,956
that this happened in a month,
or two months or three months.
332
00:20:18,956 --> 00:20:21,394
It is a slow,
methodical approach,
333
00:20:21,394 --> 00:20:25,528
because it's a business,
all right? You build it.
334
00:20:32,274 --> 00:20:35,146
Bank robberies used to be
something that happened
335
00:20:35,146 --> 00:20:37,497
in the real world.
336
00:20:37,497 --> 00:20:40,630
Now they only happen
in the online world.
337
00:20:42,806 --> 00:20:46,767
If you would try to steal
$100 million in banknotes,
338
00:20:46,767 --> 00:20:49,160
that would be, like,
ten trucks full of notes.
339
00:20:49,160 --> 00:20:51,511
If you drive ten trucks
full of notes out of the bank,
340
00:20:51,511 --> 00:20:54,035
someone would notice.
341
00:20:54,035 --> 00:20:57,299
But when you do the same thing
online, no one notices anything.
342
00:20:57,299 --> 00:21:01,042
Every movie you've ever seen
of them breaking into a bank
343
00:21:01,042 --> 00:21:03,436
is them doing it
over a bank holiday
344
00:21:03,436 --> 00:21:05,394
or something of that nature.
345
00:21:05,394 --> 00:21:07,222
Same concept here.
346
00:21:12,096 --> 00:21:15,361
This isn't Matthew Broderick
sitting in front of a computer,
347
00:21:15,361 --> 00:21:17,450
like War Games
back in the 1980s,
348
00:21:17,450 --> 00:21:19,321
some kid in their basement.
349
00:21:21,105 --> 00:21:24,370
These are
criminal organisations.
350
00:21:24,370 --> 00:21:26,023
Each person has a skill set.
351
00:21:26,023 --> 00:21:29,070
It's kind of like that
Ocean's Eleven-type thing.
352
00:21:30,593 --> 00:21:33,074
You know,
"This guy could crack the bank,
353
00:21:33,074 --> 00:21:35,337
this guy could do
the surveillance cameras,
354
00:21:35,337 --> 00:21:37,774
this is the getaway,
this is the conman."
355
00:21:37,774 --> 00:21:39,559
You all have a role to play,
356
00:21:39,559 --> 00:21:42,301
and you need everybody
to execute their role
357
00:21:42,301 --> 00:21:44,085
to the best of their abilities
358
00:21:44,085 --> 00:21:46,870
for you to be
successful and get it out.
359
00:21:48,742 --> 00:21:53,007
So how do you pull off
a heist of this magnitude?
360
00:21:53,007 --> 00:21:58,317
It takes the right crew of
highly skilled specialists.
361
00:21:58,317 --> 00:22:03,191
And it all starts not with ones
and zeros, but with people.
362
00:22:07,151 --> 00:22:10,590
Cybercrime is about
gaining credentials
363
00:22:10,590 --> 00:22:12,635
to gain access,
364
00:22:12,635 --> 00:22:15,421
stealing the keys.
365
00:22:15,421 --> 00:22:19,816
The social engineer
is critical to a hack.
366
00:22:19,816 --> 00:22:22,253
It's how you get in,
and you get in
367
00:22:22,253 --> 00:22:26,388
not through digital means,
you get in through human means.
368
00:22:26,388 --> 00:22:28,956
It's to do with psychology.
369
00:22:31,306 --> 00:22:35,528
The criminals have to ensnare
one of the employees
370
00:22:35,528 --> 00:22:38,052
of the Bangladeshi Bank,
371
00:22:38,052 --> 00:22:41,882
beginning by going through
their social media profiles
372
00:22:41,882 --> 00:22:44,711
and looking
for suitable targets.
373
00:22:45,929 --> 00:22:48,932
Our relationship
with the computer
374
00:22:48,932 --> 00:22:51,848
is one of perceived intimacy;
375
00:22:51,848 --> 00:22:54,373
that when we're using
a computer,
376
00:22:54,373 --> 00:22:57,767
no one else can see
what we're doing, we believe,
377
00:22:57,767 --> 00:23:00,379
and it's just us and the screen.
378
00:23:02,119 --> 00:23:05,819
And if we were to read
an email from a friend,
379
00:23:05,819 --> 00:23:08,909
we tend to believe it
at face value.
380
00:23:12,216 --> 00:23:15,219
They found
close to three dozen employees.
381
00:23:15,219 --> 00:23:18,832
And they constructed
a simple spear-phish email:
382
00:23:18,832 --> 00:23:21,748
an email message that pretended
to be from a guy
383
00:23:21,748 --> 00:23:24,446
named Rasal Alam.
384
00:23:24,446 --> 00:23:26,056
And Rasal Alam said,
385
00:23:26,056 --> 00:23:28,581
"Hey, I just wanna
work at your company.
386
00:23:28,581 --> 00:23:31,410
Here's a résumé attached.
Have a look."
387
00:23:31,410 --> 00:23:34,108
And it turned out
that they mailed that
388
00:23:34,108 --> 00:23:36,893
to about 36 different employees,
and three of them
389
00:23:36,893 --> 00:23:39,722
opened that attachment
connected to that email.
390
00:23:40,984 --> 00:23:42,333
It was a zip file,
391
00:23:42,333 --> 00:23:44,640
and the zip file contained
just a document inside.
392
00:23:44,640 --> 00:23:47,295
They opened up the document
and it was his résumé.
393
00:23:47,295 --> 00:23:50,733
It was a résumé for Rasel Ahlam,
who wanted to work at the bank,
394
00:23:50,733 --> 00:23:52,996
but unbeknownst
to those individuals,
395
00:23:52,996 --> 00:23:56,826
also contained
malicious code inside.
396
00:23:56,826 --> 00:23:58,741
We can look at any data breach,
397
00:23:58,741 --> 00:24:01,222
and the root cause
has either been
398
00:24:01,222 --> 00:24:03,311
a technical problem
399
00:24:03,311 --> 00:24:05,400
or a people problem.
400
00:24:05,400 --> 00:24:08,229
And the technical problems
can be really hard
401
00:24:08,229 --> 00:24:10,536
and really expensive
and really slow to fix,
402
00:24:10,536 --> 00:24:12,581
but at least we can fix them.
403
00:24:12,581 --> 00:24:16,150
But in the end, we have
no patch for human brains.
404
00:24:17,804 --> 00:24:22,243
There's no way to fix the people
who do stupid mistakes.
405
00:24:22,243 --> 00:24:23,723
When attackers try to send
406
00:24:23,723 --> 00:24:27,030
these spear-phishing emails,
they try to do two things.
407
00:24:27,030 --> 00:24:30,512
They try to look very normal.
It was just a résumé.
408
00:24:30,512 --> 00:24:31,818
They try to fly under the radar,
409
00:24:31,818 --> 00:24:33,515
to look as legitimate
as possible.
410
00:24:33,515 --> 00:24:37,476
And the second is they often
try to use enticing techniques.
411
00:24:43,612 --> 00:24:47,050
New dangers tonight from
the Love Bug computer virus,
412
00:24:47,050 --> 00:24:49,966
this time disguised
as a friendlier email.
413
00:24:49,966 --> 00:24:53,579
The first internet virus
that went around the world
414
00:24:53,579 --> 00:24:57,887
in less than 48 hours was
called the ILOVEYOU virus.
415
00:24:57,887 --> 00:25:00,499
And already,
business interruption costs
416
00:25:00,499 --> 00:25:03,676
are estimated at more than
a billion dollars.
417
00:25:03,676 --> 00:25:06,592
You would be sitting
there working away,
418
00:25:06,592 --> 00:25:08,507
and then suddenly,
in your inbox,
419
00:25:08,507 --> 00:25:12,554
you get an email which says,
"I love you."
420
00:25:12,554 --> 00:25:15,252
And it could well be
that this is a person
421
00:25:15,252 --> 00:25:17,820
who you've always
held a torch for.
422
00:25:17,820 --> 00:25:20,344
And so, of course,
you're very excited,
423
00:25:20,344 --> 00:25:24,087
and you press on the link,
and then you're doomed.
424
00:25:24,087 --> 00:25:26,873
What happens is,
the virus infects your machine
425
00:25:26,873 --> 00:25:29,963
and proceeds to email everyone
you've ever emailed.
426
00:25:29,963 --> 00:25:32,618
The end result of that
is the mail servers
427
00:25:32,618 --> 00:25:33,706
get bogged down,
428
00:25:33,706 --> 00:25:36,143
and the only way
to solve the problem
429
00:25:36,143 --> 00:25:39,276
is to shut the servers down,
hence the interruption.
430
00:25:39,276 --> 00:25:42,323
The ILOVEYOU virus
was one of the first viruses
431
00:25:42,323 --> 00:25:45,065
that had really
worldwide impact.
432
00:25:47,110 --> 00:25:49,722
It was still a virus
written by a guy
433
00:25:49,722 --> 00:25:52,594
that just wanted to get
his name in lights.
434
00:25:52,594 --> 00:25:53,813
He wanted to see his virus
435
00:25:53,813 --> 00:25:55,597
travel around the world
a little bit
436
00:25:55,597 --> 00:25:57,381
and maybe get
in the news somewhere,
437
00:25:57,381 --> 00:25:59,819
and then him be able to say,
"Oh, I wrote that."
438
00:25:59,819 --> 00:26:03,083
Mr de Guzman hardly
seemed to comprehend the chaos
439
00:26:03,083 --> 00:26:05,041
inflicted on
the world's computers.
440
00:26:05,041 --> 00:26:08,610
But what happened was, it
spread so quickly and so fast,
441
00:26:08,610 --> 00:26:11,265
it brought down email
all over the world,
442
00:26:11,265 --> 00:26:13,920
and having email go down
was monumental.
443
00:26:13,920 --> 00:26:17,358
Experts say that the ILOVEYOU
virus could end up costing
444
00:26:17,358 --> 00:26:21,580
the world economy $10 billion
in lost work time.
445
00:26:21,580 --> 00:26:25,627
It became the first sign to show
that we relied on the internet.
446
00:26:25,627 --> 00:26:29,196
The internet was the basis for
our financial transactions,
447
00:26:29,196 --> 00:26:31,154
for the way we do business.
448
00:26:32,460 --> 00:26:33,635
I would talk to people
449
00:26:33,635 --> 00:26:35,332
and remind them
and educate them and say,
450
00:26:35,332 --> 00:26:36,899
"Look, you can't just click
451
00:26:36,899 --> 00:26:39,380
on any attachment
that comes to you in an email."
452
00:26:39,380 --> 00:26:42,818
I remember talking to a guy
about the Anna Kournikova virus
453
00:26:42,818 --> 00:26:45,995
that purported to be nude
pictures of Anna Kournikova.
454
00:26:45,995 --> 00:26:48,955
And he told me, he said,
"Yeah, I knew it was a virus.
455
00:26:48,955 --> 00:26:52,088
I thought it was probably
a virus. But what if it wasn't?
456
00:26:52,088 --> 00:26:53,960
What if it really was
nude pictures?
457
00:26:53,960 --> 00:26:55,788
So I double-clicked on it."
458
00:26:56,919 --> 00:26:58,399
People just don't realise
459
00:26:58,399 --> 00:27:02,055
what clicking on that
attachment means.
460
00:27:02,055 --> 00:27:06,102
Cyber criminals and hackers
realised a long time ago
461
00:27:06,102 --> 00:27:09,018
that your username and password,
462
00:27:09,018 --> 00:27:11,804
particularly to
your email account,
463
00:27:11,804 --> 00:27:15,285
could get them into your
stock brokerage account,
464
00:27:15,285 --> 00:27:18,201
to your online
banking account,
465
00:27:18,201 --> 00:27:23,903
to send phishing emails
to other contacts.
466
00:27:23,903 --> 00:27:27,994
If you protect
yourself properly,
467
00:27:27,994 --> 00:27:31,214
the chances are
you won't be a victim
468
00:27:31,214 --> 00:27:35,218
of what one would call
"drive-by hacking".
469
00:27:35,218 --> 00:27:39,483
If, however, you're being
specifically targeted
470
00:27:39,483 --> 00:27:42,965
by a hacking group,
they will follow that trace.
471
00:27:43,879 --> 00:27:45,533
And they will get you.
472
00:27:48,449 --> 00:27:53,280
Now, we know that at least three
members of the Bangladeshi Bank
473
00:27:53,280 --> 00:27:56,587
were targeted by this after
the social engineer
474
00:27:56,587 --> 00:27:58,981
had scanned
all of their social media,
475
00:27:58,981 --> 00:28:00,722
and at least three of them
476
00:28:00,722 --> 00:28:04,073
opened the letter
and took the bait.
477
00:28:04,073 --> 00:28:06,249
Once that code
began executing
478
00:28:06,249 --> 00:28:08,295
on those bank employees'
computers,
479
00:28:08,295 --> 00:28:10,906
it would reach out back
to the attackers
480
00:28:10,906 --> 00:28:13,866
and tell them that
these machines are now infected
481
00:28:13,866 --> 00:28:15,302
and give them full control,
482
00:28:15,302 --> 00:28:18,044
as if they were sitting
in front of the keyboard,
483
00:28:18,044 --> 00:28:21,134
just like those employees.
484
00:28:21,134 --> 00:28:23,745
There was malware
in the system
485
00:28:23,745 --> 00:28:26,574
that was actually
copying screenshots,
486
00:28:28,358 --> 00:28:33,450
copying keystrokes of employees,
and no one knew.
487
00:28:33,450 --> 00:28:35,801
They've got
their foot in the door.
488
00:28:35,801 --> 00:28:38,760
This is the essential
first step.
489
00:28:38,760 --> 00:28:42,677
The first layer of security
has been breached.
490
00:28:48,639 --> 00:28:52,339
And the digger, the person who
is getting deeper and deeper
491
00:28:52,339 --> 00:28:54,558
into the computer network,
492
00:28:54,558 --> 00:28:58,258
has to be a very
advanced hacker.
493
00:28:58,258 --> 00:29:02,958
This is when you need
a real professional.
494
00:29:02,958 --> 00:29:05,656
They're like ghosts.
Nobody can see them,
495
00:29:05,656 --> 00:29:10,009
but they're mapping every
single bit of that network.
496
00:29:11,967 --> 00:29:13,577
In the Bank of Bangladesh,
497
00:29:13,577 --> 00:29:16,145
you had computers that are all
interconnected to each other,
498
00:29:16,145 --> 00:29:19,279
and they're connected
using what's called a switch.
499
00:29:19,279 --> 00:29:23,022
In your average bank, that has
a good security program,
500
00:29:23,022 --> 00:29:25,676
those switches are
what's called segmented.
501
00:29:25,676 --> 00:29:27,591
So each of those switches
only allow
502
00:29:27,591 --> 00:29:30,290
a certain number of computers
to talk to each other
503
00:29:30,290 --> 00:29:32,814
rather than every computer
to talk to each other.
504
00:29:32,814 --> 00:29:35,382
But in the case of
the Bank of Bangladesh,
505
00:29:35,382 --> 00:29:38,559
in the back-office network, they
were using these very cheap,
506
00:29:38,559 --> 00:29:42,084
literally $10 switches
that didn't do any segmentation.
507
00:29:42,084 --> 00:29:45,348
Every computer was potentially
connected to each other.
508
00:29:45,348 --> 00:29:48,308
Basically,
it's a cost-cutting exercise.
509
00:29:48,308 --> 00:29:53,530
But that cost-cutting exercise
was what the digger needed.
510
00:29:53,530 --> 00:29:55,489
Those attackers
began to do
511
00:29:55,489 --> 00:29:58,231
what we call a lateral traverse
across the network,
512
00:29:58,231 --> 00:30:01,147
search for other computers
to infect,
513
00:30:01,147 --> 00:30:03,062
look for credentials.
514
00:30:04,585 --> 00:30:06,848
Whenever you log
into a computer,
515
00:30:06,848 --> 00:30:08,676
your credentials are cached.
516
00:30:08,676 --> 00:30:11,331
They're put into the memory
of the computer.
517
00:30:11,331 --> 00:30:14,290
Attackers are able
to filter through that memory
518
00:30:14,290 --> 00:30:16,640
and find used usernames
and passwords.
519
00:30:16,640 --> 00:30:19,469
They don't always know
what they're for,
520
00:30:19,469 --> 00:30:22,385
so they try to collect as many
credentials as they can
521
00:30:22,385 --> 00:30:25,432
and see, "What computers can
I see from this computer?",
522
00:30:25,432 --> 00:30:27,608
and just begin to use them
over and over again
523
00:30:27,608 --> 00:30:28,652
and just try them.
524
00:30:31,264 --> 00:30:32,613
Eventually, they hop on
525
00:30:32,613 --> 00:30:35,050
and are able to connect
to another computer.
526
00:30:35,050 --> 00:30:36,312
They get onto that one.
527
00:30:36,312 --> 00:30:38,271
It's still not what
they're interested in,
528
00:30:38,271 --> 00:30:40,664
but they're able to find more
usernames and passwords
529
00:30:40,664 --> 00:30:42,405
and try those
on all the other computers
530
00:30:42,405 --> 00:30:44,190
they can see
from that advantage point.
531
00:30:44,190 --> 00:30:48,020
That's how they move across
the network over and over again.
532
00:30:48,020 --> 00:30:50,544
They would delete
all traces of themselves
533
00:30:50,544 --> 00:30:52,894
as they moved
across the network,
534
00:30:52,894 --> 00:30:55,636
ultimately jumping from
computer to computer
535
00:30:55,636 --> 00:30:57,681
until they found
the SWIFT terminal,
536
00:30:57,681 --> 00:31:00,815
their ultimate goal in order
to make wire transfers
537
00:31:00,815 --> 00:31:02,817
out of the Bank of Bangladesh.
538
00:31:04,993 --> 00:31:06,777
It takes a long time.
539
00:31:06,777 --> 00:31:10,172
They're there for months.
This is an ongoing process.
540
00:31:10,172 --> 00:31:14,220
If at any moment they're
discovered to be in there,
541
00:31:14,220 --> 00:31:18,137
then the whole
operation is finished.
542
00:31:22,141 --> 00:31:24,056
With the Bangladeshi Bank heist,
543
00:31:24,056 --> 00:31:27,276
you basically have two
operations running in parallel.
544
00:31:27,276 --> 00:31:29,670
You have an offline operation
going on,
545
00:31:29,670 --> 00:31:32,238
which is to do with
the money laundering.
546
00:31:36,895 --> 00:31:38,940
It's the fence's responsibility
547
00:31:38,940 --> 00:31:43,902
to set up
the recipient accounts.
548
00:31:43,902 --> 00:31:46,382
They're gonna end up
with cold, hard cash,
549
00:31:46,382 --> 00:31:48,080
and they need individuals
on the ground
550
00:31:48,080 --> 00:31:50,909
to pick up that cash
and move it.
551
00:31:53,172 --> 00:31:54,434
And so, in May of 2015,
552
00:31:54,434 --> 00:31:56,871
before they'd even got
into the SWIFT terminal,
553
00:31:56,871 --> 00:31:59,656
they were able to recruit
a Chinese individual
554
00:31:59,656 --> 00:32:03,312
to go to the Philippines and
open up four bank accounts there
555
00:32:03,312 --> 00:32:05,227
at a bank called RCBC.
556
00:32:05,227 --> 00:32:08,883
You have to make sure
those people inside the bank
557
00:32:08,883 --> 00:32:10,711
in the Philippines
558
00:32:10,711 --> 00:32:12,974
have been properly corrupted
559
00:32:12,974 --> 00:32:17,674
and properly instructed
as to what their role is.
560
00:32:17,674 --> 00:32:20,068
The fence opens up
these accounts,
561
00:32:20,068 --> 00:32:22,592
puts $500 in each of them,
562
00:32:22,592 --> 00:32:25,726
and then they just go to sleep
for nine months.
563
00:32:28,598 --> 00:32:31,950
These attackers were
inside the Bank of Bangladesh
564
00:32:31,950 --> 00:32:34,822
for a full year,
which is incredible.
565
00:32:41,307 --> 00:32:43,265
They actually got
onto that SWIFT terminal
566
00:32:43,265 --> 00:32:44,788
exactly one year later...
567
00:32:47,617 --> 00:32:50,229
on January 29th, 2016.
568
00:32:55,495 --> 00:32:58,019
In any bank,
you have different employees.
569
00:32:58,019 --> 00:33:01,414
You have back-office employees,
administrative employees,
570
00:33:01,414 --> 00:33:04,330
but you also have computers
that are connected
571
00:33:04,330 --> 00:33:07,159
directly to
financial transactions.
572
00:33:07,159 --> 00:33:11,076
And only users who have specific
access to those machines
573
00:33:11,076 --> 00:33:12,555
are allowed to use them.
574
00:33:12,555 --> 00:33:15,036
When we talk about the case of
the Bank of Bangladesh,
575
00:33:15,036 --> 00:33:18,605
there was a single computer
that had credentials
576
00:33:18,605 --> 00:33:20,085
from a shared employee.
577
00:33:20,085 --> 00:33:23,218
You had an employee that
would use that SWIFT terminal,
578
00:33:23,218 --> 00:33:26,830
but also had their own computer
in the normal back-office area.
579
00:33:26,830 --> 00:33:29,355
Once they got onto
that employee's computer,
580
00:33:29,355 --> 00:33:31,052
they were able to jump across.
581
00:33:31,052 --> 00:33:34,969
They waited. They basically
did a recon on the system.
582
00:33:34,969 --> 00:33:36,579
They crawled around.
583
00:33:36,579 --> 00:33:39,756
They looked and tried to fully
understand how this worked,
584
00:33:39,756 --> 00:33:43,804
how SWIFT worked, how each bank
employee would make a request
585
00:33:43,804 --> 00:33:47,155
into the SWIFT system,
where it would go,
586
00:33:47,155 --> 00:33:49,244
how to direct that to branches
587
00:33:49,244 --> 00:33:52,117
where they had set up
these accounts.
588
00:33:52,117 --> 00:33:55,729
And in this case, it was just
very simple and very clever.
589
00:33:58,166 --> 00:34:00,342
The thief is
not so much someone
590
00:34:00,342 --> 00:34:03,302
who is physically
taking out the money
591
00:34:03,302 --> 00:34:05,695
and stuffing it into a bag.
592
00:34:05,695 --> 00:34:07,610
They're making sure
593
00:34:07,610 --> 00:34:12,572
that every bit on the system
is coordinated.
594
00:34:12,572 --> 00:34:16,228
There are all sorts of things
to get right
595
00:34:16,228 --> 00:34:21,494
before that fatal moment
when the request is made.
596
00:34:21,494 --> 00:34:24,105
Everything has to be
597
00:34:24,105 --> 00:34:26,716
really, really
precisely coordinated
598
00:34:26,716 --> 00:34:29,937
to get all the timing right.
You've got four days.
599
00:34:29,937 --> 00:34:31,547
You can't afford a slip-up.
600
00:34:31,547 --> 00:34:34,333
When the attackers
got into the SWIFT terminal
601
00:34:34,333 --> 00:34:38,728
on January 29th of 2016,
they paused for about five days
602
00:34:38,728 --> 00:34:41,079
to get their malicious
software ready
603
00:34:41,079 --> 00:34:43,168
that allowed them
to cover their tracks
604
00:34:43,168 --> 00:34:45,257
when they were on
that SWIFT terminal.
605
00:34:45,257 --> 00:34:48,173
They decided to wait
until February 4th.
606
00:34:48,173 --> 00:34:49,826
And this is no accident.
607
00:34:52,960 --> 00:34:55,702
They have chosen
a long weekend
608
00:34:55,702 --> 00:34:58,574
due to holidays in different
parts of the world.
609
00:34:58,574 --> 00:35:01,186
That means,
instead of the usual two days
610
00:35:01,186 --> 00:35:02,535
they have to get away with it
611
00:35:02,535 --> 00:35:04,841
before alarms
start going off everywhere,
612
00:35:04,841 --> 00:35:07,931
they've got four days.
It's brilliant.
613
00:35:09,498 --> 00:35:11,935
February 4th, 2016,
was a Thursday.
614
00:35:11,935 --> 00:35:14,634
That's the last day of
the working week in Bangladesh.
615
00:35:14,634 --> 00:35:16,940
In Bangladesh, they work
from Sunday to Thursday.
616
00:35:16,940 --> 00:35:19,421
So, at some point late
in the afternoon,
617
00:35:19,421 --> 00:35:22,685
the SWIFT transaction operator
in the Bangladeshi Bank
618
00:35:22,685 --> 00:35:24,687
logs off his terminal.
619
00:35:28,778 --> 00:35:30,476
But three hours later,
620
00:35:30,476 --> 00:35:33,435
the thief logs into
that terminal
621
00:35:33,435 --> 00:35:35,829
and starts to impersonate him.
622
00:35:35,829 --> 00:35:38,919
They logged into that SWIFT
terminal at 8:36 p.m.,
623
00:35:38,919 --> 00:35:41,051
after they believed,
or really knew,
624
00:35:41,051 --> 00:35:44,403
that all the bank employees
had gone home for the weekend.
625
00:35:44,403 --> 00:35:48,233
And they put forward
35 different wire transactions
626
00:35:48,233 --> 00:35:52,280
from that SWIFT terminal,
totalling $951 million,
627
00:35:52,280 --> 00:35:55,631
almost $1 billion,
completely unheard of.
628
00:35:58,678 --> 00:36:02,029
Ten hours
behind Bangladesh,
629
00:36:02,029 --> 00:36:03,813
New York is waking up.
630
00:36:04,945 --> 00:36:07,252
The first thing
that the Fed sees
631
00:36:07,252 --> 00:36:09,297
is 35 requests
632
00:36:09,297 --> 00:36:13,214
for almost the entire holdings
of the Bangladeshi Bank.
633
00:36:13,214 --> 00:36:17,523
Usually, it's figures of sort
of $300,000, $500,000.
634
00:36:17,523 --> 00:36:19,525
They want almost a billion!
635
00:36:19,525 --> 00:36:23,746
The operator, perhaps
unsurprisingly, rejects it,
636
00:36:23,746 --> 00:36:26,488
sends it back to Bangladesh.
637
00:36:26,488 --> 00:36:28,751
But he rejects it not because
638
00:36:28,751 --> 00:36:32,581
this is an absolutely crazy
amount of money,
639
00:36:32,581 --> 00:36:36,585
but because the requests
are wrongly formatted.
640
00:36:36,585 --> 00:36:39,153
As much research
that they had done,
641
00:36:39,153 --> 00:36:41,851
they didn't really understand
how to fill out
642
00:36:41,851 --> 00:36:43,331
those SWIFT transfers.
643
00:36:43,331 --> 00:36:45,942
They were missing what's called
an intermediate bank.
644
00:36:45,942 --> 00:36:48,162
New York Federal Reserve
replied to them,
645
00:36:48,162 --> 00:36:50,469
via the SWIFT system,
back to their computer
646
00:36:50,469 --> 00:36:52,688
that they were sitting
in front of, virtually,
647
00:36:52,688 --> 00:36:56,475
saying, "Hey, these transactions
are missing information."
648
00:36:56,475 --> 00:36:58,520
They think on their feet.
649
00:36:58,520 --> 00:37:02,829
They reformat the requests,
send them back...
650
00:37:02,829 --> 00:37:06,006
and hold their breath
to see what happens.
651
00:37:06,006 --> 00:37:08,574
They ultimately corrected
34 of them.
652
00:37:08,574 --> 00:37:09,879
They had forgotten one.
653
00:37:09,879 --> 00:37:12,230
The one did have
the intermediate bank
654
00:37:12,230 --> 00:37:13,448
went to Deutsche Bank.
655
00:37:13,448 --> 00:37:15,581
That order was for $20 million
656
00:37:15,581 --> 00:37:19,802
to a charity called the Shalika
Foundation in Sri Lanka.
657
00:37:19,802 --> 00:37:22,109
But they had made
a typo as well,
658
00:37:22,109 --> 00:37:25,417
and they had misspelled
"foundation" as "fandation".
659
00:37:25,417 --> 00:37:27,680
And so Deutsche Bank
saw that typo
660
00:37:27,680 --> 00:37:29,856
and questioned it and, again,
661
00:37:29,856 --> 00:37:32,293
held that transaction
due to that typo.
662
00:37:34,643 --> 00:37:36,863
We use that
as the poster child
663
00:37:36,863 --> 00:37:40,083
for why you need
to learn how to spell.
664
00:37:40,083 --> 00:37:43,783
Otherwise, you can lose
$20 million.
665
00:37:43,783 --> 00:37:47,265
Ultimately, when
they return the other 34...
666
00:37:48,570 --> 00:37:50,268
Bingo.
667
00:37:50,268 --> 00:37:52,487
The operator approves them.
668
00:37:52,487 --> 00:37:55,795
Four of them went through.
669
00:37:55,795 --> 00:38:00,495
The green light is given.
The heist is on.
670
00:38:00,495 --> 00:38:03,629
Those four went through
to those bank accounts
671
00:38:03,629 --> 00:38:06,066
in the Philippines
that had been opened
672
00:38:06,066 --> 00:38:07,589
more than six months earlier.
673
00:38:07,589 --> 00:38:10,636
And they were able
to transfer out $81 million
674
00:38:10,636 --> 00:38:12,638
to the bank in the Philippines.
675
00:38:34,181 --> 00:38:37,837
Ultimately, they were about
to transfer $1 billion
676
00:38:37,837 --> 00:38:39,534
from the Bank of Bangladesh,
677
00:38:39,534 --> 00:38:42,494
but they didn't want
anyone to find out.
678
00:38:47,847 --> 00:38:51,459
They began to cover
their tracks.
679
00:38:51,459 --> 00:38:53,200
Normally, as a bank employee,
680
00:38:53,200 --> 00:38:55,071
you'll load up
the SWIFT software,
681
00:38:55,071 --> 00:38:57,944
you'll see on the screen
all the latest transactions,
682
00:38:57,944 --> 00:38:59,598
you can make transactions.
683
00:38:59,598 --> 00:39:04,342
And so the attackers deleted all
records of those transactions.
684
00:39:07,083 --> 00:39:08,563
But it's not just digital.
685
00:39:08,563 --> 00:39:13,002
In the world of finance,
everything must be a hard copy.
686
00:39:13,002 --> 00:39:16,005
And the attackers
knew that as well.
687
00:39:20,575 --> 00:39:23,622
Every SWIFT transaction
that takes place
688
00:39:23,622 --> 00:39:28,975
is immediately printed out
locally in the Bangladeshi Bank.
689
00:39:28,975 --> 00:39:31,978
So that printer cannot
be working
690
00:39:31,978 --> 00:39:34,676
when the heist is going on.
691
00:39:34,676 --> 00:39:37,549
The attackers hijacked
all of those print jobs,
692
00:39:37,549 --> 00:39:40,421
replaced all of those
print jobs with zeros
693
00:39:40,421 --> 00:39:43,555
so that nothing would
come out of the printer.
694
00:39:43,555 --> 00:39:48,516
Now, the other 30
wire transactions sat around.
695
00:39:48,516 --> 00:39:51,867
And, ultimately,
the attackers waited,
696
00:39:51,867 --> 00:39:54,261
and they waited...
697
00:39:54,261 --> 00:39:58,874
And they logged out at
3:59 a.m. Bangladesh time.
698
00:39:58,874 --> 00:40:01,442
Potentially, they thought
that in New York,
699
00:40:01,442 --> 00:40:03,096
the business day ended
at five p.m.,
700
00:40:03,096 --> 00:40:04,924
and they weren't gonna hear
any more.
701
00:40:04,924 --> 00:40:06,882
The New York Fed
had actually stopped
702
00:40:06,882 --> 00:40:08,449
the rest of the transactions,
703
00:40:08,449 --> 00:40:11,931
because the address for
the bank in the Philippines
704
00:40:11,931 --> 00:40:15,804
was on Jupiter Street.
J-U-P-I-T-E-R.
705
00:40:15,804 --> 00:40:20,853
Right, now this is when
the story gets really weird.
706
00:40:20,853 --> 00:40:24,857
In a totally unrelated incident
two years earlier,
707
00:40:24,857 --> 00:40:28,469
we have a Greek shipping
magnate, Dimitris Cambis,
708
00:40:28,469 --> 00:40:32,038
and he is buying eight tankers.
709
00:40:32,038 --> 00:40:35,258
What Dimitris knew,
but not many other people,
710
00:40:35,258 --> 00:40:39,872
was that the money
for these eight oil tankers
711
00:40:39,872 --> 00:40:41,917
came from Iran,
712
00:40:41,917 --> 00:40:45,660
and Iran was under US sanctions.
713
00:40:45,660 --> 00:40:48,358
Someone in the US
caught wind of the fact
714
00:40:48,358 --> 00:40:51,710
that the Iranians were
financing Mr Cambis.
715
00:40:51,710 --> 00:40:55,017
His company was put on
the sanctions watch list,
716
00:40:55,017 --> 00:40:58,325
and his company
was called Jupiter Seaways.
717
00:41:00,675 --> 00:41:02,590
It was just their bad luck
718
00:41:02,590 --> 00:41:05,201
that they designated
the money transfers
719
00:41:05,201 --> 00:41:11,338
to go to the Jupiter branch
of the Rizal Bank in Manila.
720
00:41:11,338 --> 00:41:15,211
As the transfers were being sent
out from the New York Reserve
721
00:41:15,211 --> 00:41:16,996
to the Philippines,
722
00:41:16,996 --> 00:41:20,956
the Jupiter name was caught
by the computer system.
723
00:41:20,956 --> 00:41:23,916
It halted these transactions.
724
00:41:23,916 --> 00:41:26,484
The Fed had to take
a second look.
725
00:41:26,484 --> 00:41:28,790
They stopped it
because they realised,
726
00:41:28,790 --> 00:41:31,184
"Wait, we have somewhere
in the order 35 transactions
727
00:41:31,184 --> 00:41:33,229
coming from
the Bank of Bangladesh,
728
00:41:33,229 --> 00:41:37,407
adding up to $1 billion?
You know, this isn't usual."
729
00:41:37,407 --> 00:41:40,062
So they held them
and sent a message back,
730
00:41:40,062 --> 00:41:41,890
asking for confirmation.
731
00:41:44,589 --> 00:41:47,766
Had the attackers waited
just one more hour,
732
00:41:47,766 --> 00:41:50,595
they could have replied to them
via the SWIFT system,
733
00:41:50,595 --> 00:41:53,206
saying these transactions
were not a mistake.
734
00:41:53,206 --> 00:41:55,295
Ultimately,
the Bank of Bangladesh
735
00:41:55,295 --> 00:41:57,253
might have lost
much, much more.
736
00:41:57,253 --> 00:42:01,344
So far, they managed
to get $81 million.
737
00:42:01,344 --> 00:42:05,435
But, boy, did they come close
to hitting the jackpot.
738
00:42:05,435 --> 00:42:07,655
Just under $1 billion
739
00:42:07,655 --> 00:42:11,572
was very, very nearly
stolen from this bank.
740
00:42:22,061 --> 00:42:25,194
The next day,
the bank employees came in,
741
00:42:25,194 --> 00:42:26,587
and the printer wasn't working,
742
00:42:26,587 --> 00:42:28,937
because they installed
their malicious code
743
00:42:28,937 --> 00:42:30,722
to prevent that from happening.
744
00:42:30,722 --> 00:42:32,637
Ultimately,
those bank employees
745
00:42:32,637 --> 00:42:34,900
didn't get it fixed
until February 6,
746
00:42:34,900 --> 00:42:36,554
which would have been a Sunday.
747
00:42:38,251 --> 00:42:41,297
When the printer started,
all these messages came out,
748
00:42:41,297 --> 00:42:42,908
messages from the Fed asking,
749
00:42:42,908 --> 00:42:46,041
"What are these 30 transactions?
Did you mean to make these?"
750
00:42:46,041 --> 00:42:48,304
That triggered
the Bank of Bangladesh
751
00:42:48,304 --> 00:42:51,003
to realise something
had gone wrong.
752
00:42:51,003 --> 00:42:53,658
It was very clear
that they were in deep,
753
00:42:53,658 --> 00:42:57,357
such that the bank manager...
This is the Bank of Bangladesh,
754
00:42:57,357 --> 00:43:00,534
the federal bank, the national
bank of the country,
755
00:43:00,534 --> 00:43:04,103
did not notify the leaders,
756
00:43:04,103 --> 00:43:07,236
the government of Bangladesh.
He kept it under wraps.
757
00:43:07,236 --> 00:43:10,544
He notified someone he knew
who knew about security.
758
00:43:10,544 --> 00:43:12,372
"Get on a plane,
get to Bangladesh.
759
00:43:12,372 --> 00:43:14,940
I need you to look at
these computer systems."
760
00:43:20,467 --> 00:43:22,948
Initially, the governor
and his whole team
761
00:43:22,948 --> 00:43:24,166
were quite perplexed.
762
00:43:24,166 --> 00:43:27,343
They didn't quite know
what had happened.
763
00:43:27,343 --> 00:43:30,216
So they thought that
some money had been routed
764
00:43:30,216 --> 00:43:33,045
to a wrong account;
it would come back.
765
00:43:36,309 --> 00:43:39,921
I get this strange phone call
from the governor's office
766
00:43:39,921 --> 00:43:42,707
asking me if I would
drop everything
767
00:43:42,707 --> 00:43:45,274
and come to Dhaka, Bangladesh.
768
00:43:49,061 --> 00:43:51,237
So I assembled a team...
769
00:43:52,107 --> 00:43:53,892
and we flew down.
770
00:43:57,896 --> 00:44:02,596
When we arrived there, we met
with the Bangladesh Bank team.
771
00:44:02,596 --> 00:44:06,121
And that's when I discovered
all the horrifying details
772
00:44:06,121 --> 00:44:08,471
of what had actually happened.
773
00:44:12,388 --> 00:44:15,217
They decide,
"Let's look at the CCTV.
774
00:44:15,217 --> 00:44:17,393
What's that going to tell us?"
775
00:44:17,393 --> 00:44:20,309
There were eight
hours' worth of tapes
776
00:44:20,309 --> 00:44:23,138
that had to be gone through.
777
00:44:23,138 --> 00:44:26,054
Your gut instinct is,
you have a malicious insider.
778
00:44:26,054 --> 00:44:27,708
A physical person had to go in,
779
00:44:27,708 --> 00:44:30,842
log into that machine
and try to make these transfers,
780
00:44:30,842 --> 00:44:34,715
because this attack
hadn't happened before.
781
00:44:34,715 --> 00:44:37,631
They had a SWIFT room,
which was locked.
782
00:44:37,631 --> 00:44:39,938
And typically when
the SWIFT operators
783
00:44:39,938 --> 00:44:43,724
needed to do something on SWIFT,
they had to go into the room,
784
00:44:43,724 --> 00:44:47,467
sit in that chair and terminal,
785
00:44:47,467 --> 00:44:52,037
and there was only
one shadow we could find.
786
00:44:52,037 --> 00:44:54,779
We eventually decided
it was the person
787
00:44:54,779 --> 00:44:58,391
sweeping the place after hours.
788
00:45:00,741 --> 00:45:04,310
They were saying, "How could
somebody process the transaction
789
00:45:04,310 --> 00:45:05,964
when there was nobody there?"
790
00:45:05,964 --> 00:45:10,577
I mean, even after the payment
instructions had been sent,
791
00:45:10,577 --> 00:45:15,408
they had no idea for a very long
time what was happening.
792
00:45:15,408 --> 00:45:19,412
They didn't think it was a hack.
They had no traces of a hack.
793
00:45:19,412 --> 00:45:22,632
But they watched eight hours of
that footage over that weekend
794
00:45:22,632 --> 00:45:25,635
and realised there was
no one at that computer.
795
00:45:25,635 --> 00:45:26,941
Nothing.
796
00:45:26,941 --> 00:45:29,248
They had no idea that
the Bank of Bangladesh
797
00:45:29,248 --> 00:45:31,859
had been breached by hackers.
798
00:45:31,859 --> 00:45:35,384
Only after we see these things
happen over and over again,
799
00:45:35,384 --> 00:45:39,171
we realise that cyber
has such capabilities.
800
00:45:44,045 --> 00:45:47,440
Bangladesh was a bit of
a bombshell for all of us.
801
00:45:49,311 --> 00:45:52,097
Hackers and most cybercrime,
802
00:45:52,097 --> 00:45:54,055
it's like smash-and-grab crime.
803
00:45:54,055 --> 00:45:56,492
Quickly grab something
and monetise it
804
00:45:56,492 --> 00:45:58,103
as swiftly as you can.
805
00:45:58,103 --> 00:46:01,236
You know, storm a bank
with shotguns, blow a safe,
806
00:46:01,236 --> 00:46:03,978
fill some bags with cash.
807
00:46:03,978 --> 00:46:06,024
Cybercrime...
808
00:46:06,024 --> 00:46:09,418
It doesn't lend itself well
to long conspiracy
809
00:46:09,418 --> 00:46:11,856
and lots of investigation
and investment
810
00:46:11,856 --> 00:46:13,596
into understanding your target.
811
00:46:13,596 --> 00:46:15,903
I mean, you couldn't
do Bangladesh
812
00:46:15,903 --> 00:46:19,037
unless you really understood
the internal workings
813
00:46:19,037 --> 00:46:21,909
of the central bank
and all the actors involved.
814
00:46:21,909 --> 00:46:24,607
That's not something
that freelance hackers
815
00:46:24,607 --> 00:46:26,827
really are good at.
816
00:46:26,827 --> 00:46:29,917
That requires a level of
investment into resources
817
00:46:29,917 --> 00:46:34,095
and frankly intelligence
that has to be sustained.
818
00:46:34,095 --> 00:46:38,012
To organise something
of that complexity
819
00:46:38,012 --> 00:46:40,841
and for it not to be noticed
820
00:46:40,841 --> 00:46:43,539
by the intelligence agencies
of the state
821
00:46:43,539 --> 00:46:46,020
where that is being planned
822
00:46:46,020 --> 00:46:50,285
would be very,
very difficult indeed.
823
00:46:50,285 --> 00:46:53,419
These hackers went in
and looked at the zeros and ones
824
00:46:53,419 --> 00:46:55,725
in the software
and reverse engineered it,
825
00:46:55,725 --> 00:46:58,380
turned it back into
understandable code.
826
00:46:58,380 --> 00:47:00,905
That's not something
that happens overnight.
827
00:47:00,905 --> 00:47:02,384
It was pretty clear
828
00:47:02,384 --> 00:47:04,865
that this isn't just
normal criminals.
829
00:47:04,865 --> 00:47:07,128
This has to be something bigger.
830
00:47:10,044 --> 00:47:13,961
Once attackers have gained
access to their target network,
831
00:47:13,961 --> 00:47:16,007
they want to stay undetected.
832
00:47:18,487 --> 00:47:20,968
And we've seen many
interesting examples
833
00:47:20,968 --> 00:47:23,014
of how exactly this is done.
834
00:47:26,278 --> 00:47:27,801
What exactly happened
835
00:47:27,801 --> 00:47:30,195
at the Natanz nuclear facility
last week?
836
00:47:30,195 --> 00:47:32,806
It's a question people in Iran
around the world
837
00:47:32,806 --> 00:47:35,461
have been asking
since a fire was reported
838
00:47:35,461 --> 00:47:38,856
at Iran's main uranium
enrichment facility on Thursday.
839
00:47:38,856 --> 00:47:41,902
We're used to Trojans
and viruses on the internet,
840
00:47:41,902 --> 00:47:43,338
but this is the first worm
841
00:47:43,338 --> 00:47:46,907
designed to damage
the physical world.
842
00:47:46,907 --> 00:47:51,042
In 2010, attackers created
a piece of malicious software
843
00:47:51,042 --> 00:47:55,350
that was designed to infiltrate
Iran's nuclear programme,
844
00:47:55,350 --> 00:47:57,004
to get into their centrifuges,
845
00:47:57,004 --> 00:47:59,050
in particular,
get onto computers
846
00:47:59,050 --> 00:48:00,921
that controlled
their centrifuges.
847
00:48:00,921 --> 00:48:04,142
Iran says it will
retaliate against any country
848
00:48:04,142 --> 00:48:06,884
that conducts cyber-attacks
on its nuclear sites.
849
00:48:06,884 --> 00:48:09,538
The intention
was to spin the centrifuges
850
00:48:09,538 --> 00:48:12,150
of Iran's nuclear capabilities
out of control,
851
00:48:12,150 --> 00:48:14,152
make the centrifuges explode
852
00:48:14,152 --> 00:48:15,414
and push them ten years back
853
00:48:15,414 --> 00:48:17,372
in the uranium enrichment programme.
854
00:48:17,372 --> 00:48:18,721
As a piece of malware,
855
00:48:18,721 --> 00:48:21,768
it was 40 times larger
than any piece of malware
856
00:48:21,768 --> 00:48:24,336
that had ever been
encountered before.
857
00:48:24,336 --> 00:48:28,514
It would have taken
the most advanced,
858
00:48:28,514 --> 00:48:30,995
brilliant computer engineers
859
00:48:30,995 --> 00:48:34,085
years and years of human
working hours
860
00:48:34,085 --> 00:48:35,956
to produce this.
861
00:48:35,956 --> 00:48:38,089
Why was it so big?
862
00:48:38,089 --> 00:48:42,310
Because it needed
to cover itself up.
863
00:48:44,834 --> 00:48:47,794
The attackers
were actually recording
864
00:48:47,794 --> 00:48:52,320
the network traffic,
the normal network traffic,
865
00:48:52,320 --> 00:48:55,062
and then playing it back
to the sensors
866
00:48:55,062 --> 00:48:58,848
when they started modifying the
operations of the centrifuges
867
00:48:58,848 --> 00:49:00,720
they were trying to break.
868
00:49:04,463 --> 00:49:06,900
This is the equivalent of,
in the real world,
869
00:49:06,900 --> 00:49:09,903
recording the CCTV footage
from a security camera
870
00:49:09,903 --> 00:49:12,166
and then playing it back
to the camera
871
00:49:12,166 --> 00:49:14,125
when you're doing
something bad.
872
00:49:14,125 --> 00:49:16,301
That's what Stuxnet was doing.
873
00:49:16,301 --> 00:49:18,042
And in the Bangladesh heist,
874
00:49:18,042 --> 00:49:20,218
they were doing
something similar.
875
00:49:20,218 --> 00:49:22,872
Once they made
their transactions,
876
00:49:22,872 --> 00:49:26,311
they wanted to make sure no one
realised they had happened.
877
00:49:26,311 --> 00:49:29,053
They were actually falsifying
the information
878
00:49:29,053 --> 00:49:30,576
about transactions.
879
00:49:30,576 --> 00:49:33,405
The recording of the
transactions were being done
880
00:49:33,405 --> 00:49:34,972
both in electronic format,
881
00:49:34,972 --> 00:49:38,540
but also falsifying the data
being sent to the printers,
882
00:49:38,540 --> 00:49:41,021
which actually looked like
everything was fine.
883
00:49:41,021 --> 00:49:44,242
So you find out how
you're being tracked,
884
00:49:44,242 --> 00:49:46,984
and then you try
to cover your tracks.
885
00:49:46,984 --> 00:49:48,246
Stuxnet did that.
886
00:49:48,246 --> 00:49:50,770
The Bangladeshi heist
did it as well.
887
00:49:53,207 --> 00:49:56,950
Once that money
arrived in the Philippines,
888
00:49:56,950 --> 00:50:00,519
they needed to change
that money into cold, hard cash.
889
00:50:00,519 --> 00:50:02,912
Right now, it's still in
digital ones and zeros,
890
00:50:02,912 --> 00:50:05,437
just a transaction that said
the money has moved
891
00:50:05,437 --> 00:50:06,829
from the Bank of Bangladesh
892
00:50:06,829 --> 00:50:10,094
to these accounts at RCBC.
Four accounts.
893
00:50:10,094 --> 00:50:13,532
The thieves had to
get it out of the Philippines,
894
00:50:13,532 --> 00:50:15,621
make it disappear.
895
00:50:15,621 --> 00:50:18,450
So how were they going
to do that?
896
00:50:18,450 --> 00:50:20,843
There is one industry
in the Philippines
897
00:50:20,843 --> 00:50:23,237
where there is absolutely
no oversight,
898
00:50:23,237 --> 00:50:27,241
where it's a cash-only business.
There are no records, no names.
899
00:50:27,241 --> 00:50:29,113
That is the casino industry.
900
00:50:41,125 --> 00:50:43,257
When we talk about
laundering funds,
901
00:50:43,257 --> 00:50:45,955
we're talking about
taking dirty, illicit funds,
902
00:50:45,955 --> 00:50:49,481
running them through
a legal business
903
00:50:49,481 --> 00:50:52,049
so that if I came
to you and said,
904
00:50:52,049 --> 00:50:55,400
"Hey, where'd you get
that $81 million?",
905
00:50:55,400 --> 00:51:00,318
you could have a paper trail
to show that you won it back.
906
00:51:00,318 --> 00:51:03,103
The hard part
is not stealing the money.
907
00:51:03,103 --> 00:51:06,628
The hard part is moving the
money into a form you can use
908
00:51:06,628 --> 00:51:08,152
without getting caught.
909
00:51:10,241 --> 00:51:15,202
And one method we've seen
for quite a while is gambling.
910
00:51:15,202 --> 00:51:17,074
It was very clear that,
911
00:51:17,074 --> 00:51:20,251
if, at all, there was a place
for you to do that,
912
00:51:20,251 --> 00:51:22,166
it would have been
the Philippines,
913
00:51:22,166 --> 00:51:25,038
because the casinos
are not regulated at all.
914
00:51:27,171 --> 00:51:30,304
It's like a lot of
high-flying gamblers
915
00:51:30,304 --> 00:51:33,307
who'd kind of fly to Manila,
916
00:51:33,307 --> 00:51:37,050
crowd these numerous casinos
in Manila,
917
00:51:37,050 --> 00:51:38,399
lots of money coming in.
918
00:51:38,399 --> 00:51:41,315
People don't question
that kind of money.
919
00:51:41,315 --> 00:51:42,795
I mean, you know...
920
00:51:42,795 --> 00:51:44,753
"Well, as long as
it's coming to us,
921
00:51:44,753 --> 00:51:47,887
we don't bother too much
about where it is coming from."
922
00:51:49,323 --> 00:51:52,283
The thieves knew
if they could get that money
923
00:51:52,283 --> 00:51:55,547
into the casinos,
it would essentially be lost.
924
00:51:56,809 --> 00:51:58,115
What happened was,
925
00:51:58,115 --> 00:52:00,421
the manager from
the Philippines bank,
926
00:52:00,421 --> 00:52:03,381
she was the one who'd opened
those four accounts
927
00:52:03,381 --> 00:52:05,557
using fraudulent IDs.
928
00:52:05,557 --> 00:52:09,952
She got the money withdrawn from
the bank in the Philippines.
929
00:52:11,563 --> 00:52:12,955
From there, it started to go
930
00:52:12,955 --> 00:52:14,566
through something
called Philrem.
931
00:52:14,566 --> 00:52:18,004
It's a bit like a Western Union
in the Philippines,
932
00:52:18,004 --> 00:52:20,180
transferred into pesos.
933
00:52:20,180 --> 00:52:22,487
I don't know
if you've ever used
934
00:52:22,487 --> 00:52:24,010
Philippine pesos before,
935
00:52:24,010 --> 00:52:28,057
but that's one hell
of a lot of pesos, $22 million.
936
00:52:28,057 --> 00:52:33,454
In fact,
it's over one million banknotes.
937
00:52:33,454 --> 00:52:35,630
They actually had
to request that cash
938
00:52:35,630 --> 00:52:38,981
to come from a sister
branch location,
939
00:52:38,981 --> 00:52:40,853
that arrived in boxes.
940
00:52:40,853 --> 00:52:44,422
The bank manager was seen by
one of the other bank employees
941
00:52:44,422 --> 00:52:47,599
collecting those boxes
and literally going outside
942
00:52:47,599 --> 00:52:49,862
and loading them up
into a Lexus.
943
00:52:50,993 --> 00:52:53,344
And that money
was driven away.
944
00:52:59,785 --> 00:53:03,702
So, we're talking stacks
of bills carried in vans
945
00:53:03,702 --> 00:53:07,227
to the Solaire Casino
right by the airport.
946
00:53:07,227 --> 00:53:10,448
It allows the Chinese gamblers
to come off the plane.
947
00:53:10,448 --> 00:53:13,320
Five minutes, they're on
the floor playing baccarat.
948
00:53:16,410 --> 00:53:19,979
The money goes to this place.
It's wheeled in wheelbarrows
949
00:53:19,979 --> 00:53:24,113
across the casino floor
up to this guarded escalator.
950
00:53:35,255 --> 00:53:38,215
There's so much
physical cash involved,
951
00:53:38,215 --> 00:53:41,305
they've enlisted their
own crew of gamblers
952
00:53:41,305 --> 00:53:44,830
to launder the stolen funds.
953
00:53:44,830 --> 00:53:47,093
And they just played baccarat,
954
00:53:47,093 --> 00:53:49,617
all day long.
955
00:53:49,617 --> 00:53:51,140
They had individuals,
956
00:53:51,140 --> 00:53:54,231
mostly appeared to be Chinese
nationals that they had,
957
00:53:54,231 --> 00:53:57,538
I assume, hired to take
those funds and launder them.
958
00:53:57,538 --> 00:54:01,499
You change that cash
into casino chips,
959
00:54:01,499 --> 00:54:03,152
play a few games,
960
00:54:03,152 --> 00:54:04,937
cash in the chips.
961
00:54:04,937 --> 00:54:10,595
And when you get that cash back,
that is then laundered.
962
00:54:10,595 --> 00:54:13,119
And this wouldn't
have been unusual.
963
00:54:13,119 --> 00:54:15,513
This was the Chinese lunar week.
964
00:54:15,513 --> 00:54:18,298
That would've been very common
for individuals,
965
00:54:18,298 --> 00:54:20,561
high rollers, to come
into the Philippines
966
00:54:20,561 --> 00:54:22,868
and play at the casinos
during that time.
967
00:54:22,868 --> 00:54:26,611
Spending $22 million in
a casino over a weekend,
968
00:54:26,611 --> 00:54:28,569
let's face it, could be fun.
969
00:54:32,878 --> 00:54:36,708
Doing this story
and trying to figure out
970
00:54:36,708 --> 00:54:40,407
where in history
to sort of place this thing.
971
00:54:40,407 --> 00:54:43,323
Was this the biggest
heist of all time?
972
00:54:43,323 --> 00:54:47,327
No, but it certainly looked
to be the biggest cyber heist
973
00:54:47,327 --> 00:54:50,243
of a bank in history.
974
00:54:50,243 --> 00:54:54,378
And over the next few days,
I just remember
975
00:54:54,378 --> 00:54:58,425
calling up my sources
at Symantec
976
00:54:58,425 --> 00:55:00,993
and a couple other
cybersecurity firms
977
00:55:00,993 --> 00:55:04,257
and getting in touch with
a guy named Eric Chien.
978
00:55:06,085 --> 00:55:09,131
We have all kinds of
sensors sitting on networks
979
00:55:09,131 --> 00:55:10,785
and computers
all over the world.
980
00:55:10,785 --> 00:55:14,136
Any time some sort of
cyber criminal, some attacker,
981
00:55:14,136 --> 00:55:18,053
is trying to breach a computer,
they're leaving traces behind.
982
00:55:19,577 --> 00:55:23,537
Every attack
has a signature.
983
00:55:23,537 --> 00:55:25,104
If you look at it long enough,
984
00:55:25,104 --> 00:55:27,454
if you study it,
if you work it long enough,
985
00:55:27,454 --> 00:55:29,717
you can understand
the way they do things.
986
00:55:29,717 --> 00:55:31,284
The way they state something,
987
00:55:31,284 --> 00:55:34,461
the way they code
a particular way,
988
00:55:34,461 --> 00:55:39,901
the methodology of the attack,
the step-by-step approaches.
989
00:55:39,901 --> 00:55:42,904
It might be considered
like Sherlock Holmesian
990
00:55:42,904 --> 00:55:44,384
to come up with this idea.
991
00:55:44,384 --> 00:55:46,778
"Because he walks
with a gait this way,
992
00:55:46,778 --> 00:55:48,954
and he does this..."
But it is true.
993
00:55:48,954 --> 00:55:53,262
We see those signatures.
We see those patterns.
994
00:55:54,220 --> 00:55:56,004
What we discovered was,
995
00:55:56,004 --> 00:55:59,443
by looking at the artefacts
that these attackers had used,
996
00:55:59,443 --> 00:56:01,880
the malicious binaries
they had used,
997
00:56:01,880 --> 00:56:03,185
the code inside of it,
998
00:56:03,185 --> 00:56:05,753
as well as the email accounts
that they used
999
00:56:05,753 --> 00:56:07,929
to send the initial
spear-phishing messages,
1000
00:56:07,929 --> 00:56:12,499
we were able to map this back
to an attacker back in 2014.
1001
00:56:15,415 --> 00:56:18,505
Sony Pictures is mainly housed
in Culver City.
1002
00:56:18,505 --> 00:56:20,507
And in 2014,
1003
00:56:20,507 --> 00:56:24,598
Sony Pictures went down,
which was unheard of.
1004
00:56:24,598 --> 00:56:26,078
On that day in November,
1005
00:56:26,078 --> 00:56:28,559
people would have come in,
tried to swipe their badge
1006
00:56:28,559 --> 00:56:30,778
and not even be able
to get into the office.
1007
00:56:30,778 --> 00:56:32,780
They get
into the building finally
1008
00:56:32,780 --> 00:56:35,957
and then they discover that
nothing else is working either.
1009
00:56:35,957 --> 00:56:40,005
Printers aren't working,
computers aren't working.
1010
00:56:40,005 --> 00:56:43,225
People who had laptops
connected to the network
1011
00:56:43,225 --> 00:56:44,966
would have immediately seen
1012
00:56:44,966 --> 00:56:47,926
skulls and crossbones
show up on their screens,
1013
00:56:47,926 --> 00:56:51,016
scrolling with scary
Halloween-type music
1014
00:56:51,016 --> 00:56:52,496
playing in the background.
1015
00:56:52,496 --> 00:56:55,716
And it said,
"Hacked by the GOP."
1016
00:56:55,716 --> 00:56:58,980
Guardians of the Peace.
1017
00:56:58,980 --> 00:57:02,027
A mysterious crew of hackers,
1018
00:57:02,027 --> 00:57:05,987
also known as the Lazarus Group.
1019
00:57:05,987 --> 00:57:08,120
We'd call them
the Lazarus Group.
1020
00:57:08,120 --> 00:57:09,251
They've been responsible
1021
00:57:09,251 --> 00:57:11,123
for many, many attacks
over the years.
1022
00:57:11,123 --> 00:57:13,342
You know, political statements
1023
00:57:13,342 --> 00:57:15,954
and bringing down some
websites in South Korea
1024
00:57:15,954 --> 00:57:20,306
and also the White House in the
United States and the Pentagon.
1025
00:57:20,306 --> 00:57:23,875
Now, at this point,
the penny has dropped.
1026
00:57:23,875 --> 00:57:26,007
Sony has been hacked.
1027
00:57:26,007 --> 00:57:28,662
The hack attack
has had a devastating effect
1028
00:57:28,662 --> 00:57:31,491
on the entertainment company,
with an avalanche of leaks
1029
00:57:31,491 --> 00:57:34,189
revealing personal information
of employees
1030
00:57:34,189 --> 00:57:37,497
and salacious email exchanges
of A-list celebrities.
1031
00:57:37,497 --> 00:57:40,500
They ultimately compromised
Sony Pictures Network,
1032
00:57:40,500 --> 00:57:43,851
got inside
and wiped 10,000 computers.
1033
00:57:43,851 --> 00:57:45,592
On top of that,
they actually stole
1034
00:57:45,592 --> 00:57:48,682
all kinds of documents
and emails from Sony Pictures.
1035
00:57:48,682 --> 00:57:50,815
The hack
on Sony Pictures
1036
00:57:50,815 --> 00:57:53,382
is rocking Hollywood's
very foundation;
1037
00:57:53,382 --> 00:57:56,037
the industry,
warts and all, exposed.
1038
00:57:56,037 --> 00:57:59,258
Initially, we had no link
between the SWIFT attack
1039
00:57:59,258 --> 00:58:01,956
and the Sony Pictures attack.
1040
00:58:01,956 --> 00:58:04,481
But when we were looking
at the malware,
1041
00:58:04,481 --> 00:58:06,395
we found an interesting detail.
1042
00:58:06,395 --> 00:58:09,573
There was a component
called an indexing manager,
1043
00:58:09,573 --> 00:58:13,011
which was saving the logs
during the SWIFT attack
1044
00:58:13,011 --> 00:58:15,492
into an encrypted file.
1045
00:58:15,492 --> 00:58:18,538
The file was encrypted
with a really long key,
1046
00:58:18,538 --> 00:58:22,063
and when we just
googled for the key,
1047
00:58:22,063 --> 00:58:25,284
we found that the same key, exactly,
1048
00:58:25,284 --> 00:58:30,594
was used 18 months earlier
in the Sony Pictures attack.
1049
00:58:31,769 --> 00:58:34,119
This was
the moment we realised
1050
00:58:34,119 --> 00:58:36,077
the Bangladeshi SWIFT attack
1051
00:58:36,077 --> 00:58:39,733
was probably perpetrated
by the Lazarus Group.
1052
00:58:40,691 --> 00:58:42,301
So, who is Lazarus?
1053
00:58:42,301 --> 00:58:43,781
Well, from what we know,
1054
00:58:43,781 --> 00:58:46,740
they're a trans-global
criminal organisation
1055
00:58:46,740 --> 00:58:51,571
that's been trained
at a nation-state level.
1056
00:58:51,571 --> 00:58:55,444
The nation states really started
coming in on a criminal side...
1057
00:58:57,055 --> 00:58:59,231
when sanctions started.
1058
00:58:59,231 --> 00:59:02,277
When we start limiting
the capability of a nation
1059
00:59:02,277 --> 00:59:05,411
to get cash, and we up
the methodology
1060
00:59:05,411 --> 00:59:07,979
to monitor
the way they're getting cash,
1061
00:59:07,979 --> 00:59:11,025
they turn to different approaches.
1062
00:59:11,025 --> 00:59:13,898
So if you're a country
that's under sanction
1063
00:59:13,898 --> 00:59:17,162
and your ability to get funds
has been compromised,
1064
00:59:17,162 --> 00:59:20,121
you may be motivated to
go to the Lazarus Group
1065
00:59:20,121 --> 00:59:23,429
to fix your problem.
1066
00:59:23,429 --> 00:59:25,649
It's like a job for them.
It is a job for them.
1067
00:59:25,649 --> 00:59:27,694
They get recruited.
It's a nine-to-five job.
1068
00:59:27,694 --> 00:59:30,958
They come in, and each
of them has their specialties.
1069
00:59:30,958 --> 00:59:32,351
They have managers,
1070
00:59:32,351 --> 00:59:35,223
they have targets that
they're told to go after.
1071
00:59:35,223 --> 00:59:37,356
When you talk about
nation states,
1072
00:59:37,356 --> 00:59:39,619
obviously,
for your average nation state,
1073
00:59:39,619 --> 00:59:42,927
most cyber offensive campaigns
are under the military.
1074
00:59:42,927 --> 00:59:45,712
It's very similar to how
a military organisation
1075
00:59:45,712 --> 00:59:49,020
would be organised for their
cyber offensive campaigns.
1076
00:59:49,020 --> 00:59:51,457
There is a hotel,
for example, in China
1077
00:59:51,457 --> 00:59:53,590
where they've taken over
multiple floors
1078
00:59:53,590 --> 00:59:55,635
where they essentially
have dormitories.
1079
00:59:55,635 --> 00:59:59,073
They go to sleep in that hotel,
they eat in that hotel,
1080
00:59:59,073 --> 01:00:01,423
and they don't come
out of that hotel.
1081
01:00:01,423 --> 01:00:04,078
They just move from
one room to another,
1082
01:00:04,078 --> 01:00:05,863
hack all day and night.
1083
01:00:08,039 --> 01:00:10,650
And the Lazarus Group
is thought to be made up
1084
01:00:10,650 --> 01:00:13,392
of these state-trained hackers.
1085
01:00:18,745 --> 01:00:21,226
What's amazing about cyber,
1086
01:00:21,226 --> 01:00:23,794
when you talk about
nation states,
1087
01:00:23,794 --> 01:00:27,319
is the cost to entry
is extremely low.
1088
01:00:27,319 --> 01:00:29,713
We have nation states
who have been
1089
01:00:29,713 --> 01:00:33,194
trying to create
nuclear missiles,
1090
01:00:33,194 --> 01:00:35,066
tried to create
a nuclear programme.
1091
01:00:35,066 --> 01:00:36,981
Places like Iran, for example.
1092
01:00:36,981 --> 01:00:41,507
The dollars it costs to do so,
it's extraordinary.
1093
01:00:41,507 --> 01:00:44,684
But if you want to build
a cyber offensive campaign,
1094
01:00:44,684 --> 01:00:46,991
you get two, three,
four, five guys
1095
01:00:46,991 --> 01:00:50,472
and potentially threaten
to disable the power grid
1096
01:00:50,472 --> 01:00:52,039
in some country.
1097
01:00:52,039 --> 01:00:54,476
When you talk about
trying to rob a bank
1098
01:00:54,476 --> 01:00:57,175
or produce illicit drugs
and sell them,
1099
01:00:57,175 --> 01:00:59,830
the amount of people
required on the ground,
1100
01:00:59,830 --> 01:01:01,266
the amount of connections,
1101
01:01:01,266 --> 01:01:03,442
and for the dollars
that you would receive,
1102
01:01:03,442 --> 01:01:04,922
is nothing compared to,
1103
01:01:04,922 --> 01:01:07,446
"Let's get three guys,
break into a bank
1104
01:01:07,446 --> 01:01:10,667
and potentially
transfer $1 billion."
1105
01:01:16,063 --> 01:01:20,502
Back in the VIP room
of the Solaire Casino in Manila,
1106
01:01:20,502 --> 01:01:24,942
the money-laundering operation
is in full flight.
1107
01:01:26,683 --> 01:01:29,729
They just spend hours
upon hours gambling away,
1108
01:01:29,729 --> 01:01:31,296
collecting chips.
1109
01:01:31,296 --> 01:01:33,733
They transfer those chips
back into cold, hard currency.
1110
01:01:33,733 --> 01:01:36,693
You put a hundred
gamblers into the VIP lounge
1111
01:01:36,693 --> 01:01:40,784
playing cash, so maybe the house
has a one or two percent margin.
1112
01:01:40,784 --> 01:01:43,743
But all the rest is untraceable
money that they walk out with.
1113
01:01:43,743 --> 01:01:46,006
What's interesting
about these individuals,
1114
01:01:46,006 --> 01:01:47,704
they weren't interested
in winning.
1115
01:01:47,704 --> 01:01:50,184
They were just interested
in playing.
1116
01:01:50,184 --> 01:01:51,620
If you lose the money,
1117
01:01:51,620 --> 01:01:53,405
the money doesn't go
to the casino,
1118
01:01:53,405 --> 01:01:54,928
it goes to the other players.
1119
01:01:54,928 --> 01:01:58,410
So you can play the table
where the other players are,
1120
01:01:58,410 --> 01:01:59,846
your partners.
1121
01:01:59,846 --> 01:02:02,196
Then you can lose
the dirty money on purpose,
1122
01:02:02,196 --> 01:02:04,024
moving the money
to your partners.
1123
01:02:04,024 --> 01:02:05,678
Now it's cashed out.
1124
01:02:05,678 --> 01:02:09,073
Now it looks like it came from a
great win in a poker tournament
1125
01:02:09,073 --> 01:02:11,640
instead of being stolen
from somewhere.
1126
01:02:11,640 --> 01:02:14,513
So, casinos are a good way
of laundering money.
1127
01:02:14,513 --> 01:02:17,342
Real-world criminals have
done that for decades.
1128
01:02:17,342 --> 01:02:20,606
Online criminals
are doing it today.
1129
01:02:20,606 --> 01:02:23,740
They played for a whole week,
that whole lunar week,
1130
01:02:23,740 --> 01:02:25,698
every day, like workers,
1131
01:02:25,698 --> 01:02:28,309
nine to five, essentially,
in that casino.
1132
01:02:33,358 --> 01:02:36,361
Finally, the Chinese
New Year celebrations
1133
01:02:36,361 --> 01:02:37,884
have come to an end.
1134
01:02:37,884 --> 01:02:42,280
The staff at the RCBC bank
in Manila are back at work.
1135
01:02:44,369 --> 01:02:47,328
Now, the Bangladesh Bank
is still desperately trying
1136
01:02:47,328 --> 01:02:49,417
to put a stop
on any further withdrawals
1137
01:02:49,417 --> 01:02:52,159
from those accounts
in the Bank of the Philippines.
1138
01:02:52,159 --> 01:02:54,509
They've lost
$22 million already,
1139
01:02:54,509 --> 01:02:58,818
but there's still $59 million
left that they can save.
1140
01:02:58,818 --> 01:03:01,865
They're firing message
after message to Manila,
1141
01:03:01,865 --> 01:03:04,737
"Hold all transactions."
1142
01:03:04,737 --> 01:03:07,087
In the Philippines,
they got those messages.
1143
01:03:07,087 --> 01:03:08,567
They got those messages
1144
01:03:08,567 --> 01:03:10,830
as part of many other
transaction messages they got
1145
01:03:10,830 --> 01:03:12,701
that were sitting in
a printer queue
1146
01:03:12,701 --> 01:03:14,051
at the bottom of the stack,
1147
01:03:14,051 --> 01:03:16,357
and ultimately, they never
saw those messages.
1148
01:03:16,357 --> 01:03:20,797
At this point, the fence
gets in touch with the manager
1149
01:03:20,797 --> 01:03:22,799
of the bank in Jupiter Street.
1150
01:03:22,799 --> 01:03:26,672
"Can you please authorise
the transfer of $59 million?"
1151
01:03:26,672 --> 01:03:29,849
She authorises that $59 million.
1152
01:03:29,849 --> 01:03:34,114
It goes straight
to the Solaire Casino.
1153
01:03:34,114 --> 01:03:36,029
More money laundering.
1154
01:03:37,901 --> 01:03:39,424
Five hours later,
1155
01:03:39,424 --> 01:03:44,037
after increasingly urgent calls
from the Bangladesh Bank,
1156
01:03:44,037 --> 01:03:50,000
the manager finally puts a block
on all of the accounts.
1157
01:03:50,000 --> 01:03:52,829
But, really, it's too late.
1158
01:03:52,829 --> 01:03:54,831
The money's gone.
1159
01:03:59,139 --> 01:04:02,273
It's incredible when you think
what the Lazarus Group
1160
01:04:02,273 --> 01:04:05,885
was able to pull off with
just some ones and zeros.
1161
01:04:05,885 --> 01:04:07,756
They guide their bespoke malware
1162
01:04:07,756 --> 01:04:10,020
into the computer network
of a bank,
1163
01:04:10,020 --> 01:04:11,717
and then a year later,
1164
01:04:11,717 --> 01:04:15,025
they're literally washing
$100 million
1165
01:04:15,025 --> 01:04:17,331
through a casino
in the Philippines.
1166
01:04:17,331 --> 01:04:19,856
It's astonishing.
1167
01:04:19,856 --> 01:04:22,336
But what's really, really scary
1168
01:04:22,336 --> 01:04:25,687
is what happened
just a year later.
1169
01:04:27,428 --> 01:04:29,561
Now back to
the major cyber-attack,
1170
01:04:29,561 --> 01:04:34,087
the ransomware crippling 200,000
computers in 150 countries.
1171
01:04:34,087 --> 01:04:37,699
The thousands of targets all
received this ominous message
1172
01:04:37,699 --> 01:04:39,745
in English on their screens:
1173
01:04:49,276 --> 01:04:54,151
Everyone was basically locked up
with this malware
1174
01:04:54,151 --> 01:04:58,329
that we discovered had been
launched by the same attackers
1175
01:04:58,329 --> 01:05:01,158
as the Central Bank
of Bangladesh.
1176
01:05:01,158 --> 01:05:03,377
So they design this malware,
1177
01:05:03,377 --> 01:05:05,989
and then they lose
control of it entirely.
1178
01:05:05,989 --> 01:05:08,121
And that caused chaos.
1179
01:05:08,121 --> 01:05:11,385
Ambulances were
diverted to other hospitals.
1180
01:05:11,385 --> 01:05:14,823
Patients were turned away,
their operations cancelled.
1181
01:05:14,823 --> 01:05:17,696
You know,
the first sign that something
1182
01:05:17,696 --> 01:05:21,961
was seriously wrong was when
hospitals in the United Kingdom
1183
01:05:21,961 --> 01:05:24,529
started telling patients,
"Don't come."
1184
01:05:24,529 --> 01:05:28,533
That their systems had been
locked up with ransomware.
1185
01:05:28,533 --> 01:05:33,625
It's unclear if it was
accidentally released too early,
1186
01:05:33,625 --> 01:05:35,018
it appears so,
1187
01:05:35,018 --> 01:05:37,890
or if it was
designed not to work
1188
01:05:37,890 --> 01:05:41,241
and just begin wiping computers,
because it didn't matter.
1189
01:05:41,241 --> 01:05:44,157
Even if you paid them, you would
not get the decryption key.
1190
01:05:44,157 --> 01:05:45,985
They didn't have
the decryption key.
1191
01:05:45,985 --> 01:05:48,118
They couldn't decrypt your files anymore.
1192
01:05:48,118 --> 01:05:50,816
Japan, Turkey
and the Philippines
1193
01:05:50,816 --> 01:05:54,733
were also affected.
In the US, FedEx was hit.
1194
01:05:54,733 --> 01:05:59,694
That virulent virus
spiralled out of control.
1195
01:05:59,694 --> 01:06:04,047
In Germany, it attacked the
network of the Deutsche Bahn,
1196
01:06:04,047 --> 01:06:05,439
German Railway.
1197
01:06:05,439 --> 01:06:09,400
In Spain,
WannaCry hit Telefonica,
1198
01:06:09,400 --> 01:06:12,359
the biggest telecommunications company.
1199
01:06:12,359 --> 01:06:16,537
It hit the banking systems,
and ATMs didn't work.
1200
01:06:16,537 --> 01:06:21,847
This thing was hitting companies
in something like 150 countries.
1201
01:06:21,847 --> 01:06:23,588
Other targets in the US
1202
01:06:23,588 --> 01:06:26,025
include Merck Pharmaceutical
in New Jersey.
1203
01:06:26,025 --> 01:06:28,810
Even the company that makes
Oreo cookies may have been hit.
1204
01:06:28,810 --> 01:06:32,945
So, you had the health
service, you had transport,
1205
01:06:32,945 --> 01:06:36,470
you had communications,
you had the finance system,
1206
01:06:36,470 --> 01:06:37,906
and you had governance
1207
01:06:37,906 --> 01:06:42,824
all with one tiny piece
of crappy malware, WannaCry.
1208
01:06:42,824 --> 01:06:44,130
In other attacks,
1209
01:06:44,130 --> 01:06:46,002
they have to send you
a spear-phishing email,
1210
01:06:46,002 --> 01:06:48,047
trick you into double-clicking
on an attachment.
1211
01:06:48,047 --> 01:06:50,180
In this case, your computer
just had to be on,
1212
01:06:50,180 --> 01:06:51,485
connected to the internet,
1213
01:06:51,485 --> 01:06:54,053
and it would have got infected
by WannaCry.
1214
01:06:54,053 --> 01:06:57,274
It succeeded because
the crappy malware
1215
01:06:57,274 --> 01:07:00,407
was being infiltrated
into the systems
1216
01:07:00,407 --> 01:07:03,193
on the back
of a much more powerful tool
1217
01:07:03,193 --> 01:07:04,803
called EternalBlue,
1218
01:07:04,803 --> 01:07:08,459
which had been developed by
the National Security Agency
1219
01:07:08,459 --> 01:07:10,417
in the United States.
1220
01:07:10,417 --> 01:07:12,637
The thing the NSA
never wanted to talk about
1221
01:07:12,637 --> 01:07:15,640
was the fact that it was
travelling on a digital missile
1222
01:07:15,640 --> 01:07:19,426
that had been built
at its own intelligence agency.
1223
01:07:19,426 --> 01:07:22,560
They repurposed something
created by the US government,
1224
01:07:22,560 --> 01:07:24,170
leaked
by the Russian government,
1225
01:07:24,170 --> 01:07:26,825
put it into their ransomware
that allowed it to spread
1226
01:07:26,825 --> 01:07:30,742
all over the world,
any computer on at that time.
1227
01:07:30,742 --> 01:07:34,006
So one crappy piece
of malware
1228
01:07:34,006 --> 01:07:36,878
can hit every single aspect
1229
01:07:36,878 --> 01:07:39,142
of the critical national infrastructure
1230
01:07:39,142 --> 01:07:42,971
within the space
of about ten days
1231
01:07:42,971 --> 01:07:44,886
in different countries.
1232
01:07:57,508 --> 01:08:00,728
Eventually, there's a court case
after about a month.
1233
01:08:00,728 --> 01:08:03,601
There's a court case in Manila.
1234
01:08:03,601 --> 01:08:06,908
Ultimately, the bank manager
didn't want anyone to find out.
1235
01:08:06,908 --> 01:08:08,388
But when he finally got in touch
1236
01:08:08,388 --> 01:08:10,825
with the Bank
of the Philippines, they said,
1237
01:08:10,825 --> 01:08:12,827
"If you need this money returned,
1238
01:08:12,827 --> 01:08:15,700
you need to get a court order."
So he files a court order,
1239
01:08:15,700 --> 01:08:18,006
but court orders are public
in the Philippines,
1240
01:08:18,006 --> 01:08:19,573
like in many other countries.
1241
01:08:19,573 --> 01:08:22,576
A reporter spots it and realised
that this has happened,
1242
01:08:22,576 --> 01:08:25,101
publishes it in a newspaper,
and it all comes out.
1243
01:08:25,101 --> 01:08:28,016
The $81 million
money-laundering scandal
1244
01:08:28,016 --> 01:08:31,672
is now considered one of
the biggest bank heists in Asia.
1245
01:08:31,672 --> 01:08:33,805
But how exactly
did thieves steal
1246
01:08:33,805 --> 01:08:35,981
such a huge amount of money?
1247
01:08:35,981 --> 01:08:37,461
Not just known
in the Philippines
1248
01:08:37,461 --> 01:08:38,679
and the Bank of Bangladesh,
1249
01:08:38,679 --> 01:08:40,377
when the Bangladesh
government finds out
1250
01:08:40,377 --> 01:08:42,901
the bank manager has been
doing this behind the scenes,
1251
01:08:42,901 --> 01:08:44,337
but the whole world finds out.
1252
01:08:44,337 --> 01:08:46,774
And ultimately,
the Bangladesh Bank
1253
01:08:46,774 --> 01:08:48,863
needs to get assistance
from the FBI.
1254
01:08:48,863 --> 01:08:52,171
The New York Fed is involved.
The United States is involved.
1255
01:08:52,171 --> 01:08:54,304
This becomes
a whole worldwide issue
1256
01:08:54,304 --> 01:08:57,220
and begins to ripple across
the financial industry
1257
01:08:57,220 --> 01:08:58,743
that this was even possible.
1258
01:08:58,743 --> 01:09:00,527
Experts believe that hackers
1259
01:09:00,527 --> 01:09:04,183
were able to break into the
New York Federal Reserve's
1260
01:09:04,183 --> 01:09:06,403
special account for Bangladesh,
1261
01:09:06,403 --> 01:09:09,754
getting away with $81 million.
1262
01:09:09,754 --> 01:09:13,236
Now, Bangladesh's Central Bank
governor, Atiur Rahman,
1263
01:09:13,236 --> 01:09:16,935
has resigned after hackers stole
tens of millions of dollars
1264
01:09:16,935 --> 01:09:19,198
from the nation's
foreign reserves.
1265
01:09:19,198 --> 01:09:23,159
The bank was criticised for
its handling of the breach...
1266
01:09:23,159 --> 01:09:26,162
The governor was
an excellent central banker.
1267
01:09:26,162 --> 01:09:27,902
I have a lot of respect for him.
1268
01:09:27,902 --> 01:09:32,298
He was deemed one of the top
bankers by the Asia MoneyWeek.
1269
01:09:32,298 --> 01:09:34,126
And poor fellow, that time,
1270
01:09:34,126 --> 01:09:36,737
he was faced with
this sort of scenario
1271
01:09:36,737 --> 01:09:39,827
which he honestly
didn't understand.
1272
01:09:39,827 --> 01:09:42,787
He had really pushed
the financial system
1273
01:09:42,787 --> 01:09:45,529
in Bangladesh into
the 21st century.
1274
01:09:45,529 --> 01:09:48,575
He had to essentially fall
on his sword and resign
1275
01:09:48,575 --> 01:09:51,404
in disgrace,
and his career was ruined.
1276
01:09:51,404 --> 01:09:54,190
Many others at the bank
had to resign as well.
1277
01:09:54,190 --> 01:09:57,758
An emotional Maia Deguito,
the manager of the RCBC branch
1278
01:09:57,758 --> 01:10:01,153
in Jupiter Street in Makati,
insists she is innocent
1279
01:10:01,153 --> 01:10:02,763
in the face of accusations
1280
01:10:02,763 --> 01:10:05,636
she is involved in the
money-laundering scheme.
1281
01:10:05,636 --> 01:10:08,247
So far, only the branch manager
1282
01:10:08,247 --> 01:10:11,468
has been charged by the
Anti-Money Laundering Council.
1283
01:10:11,468 --> 01:10:14,384
One of the great
injustices of this whole scandal
1284
01:10:14,384 --> 01:10:17,343
is that the only person who
got convicted of anything
1285
01:10:17,343 --> 01:10:18,953
was Maia Deguito,
1286
01:10:18,953 --> 01:10:22,696
and she was just the mid-level
branch manager of the RCBC,
1287
01:10:22,696 --> 01:10:26,874
the bank in the Philippines
that received the actual funds.
1288
01:10:26,874 --> 01:10:28,180
Typical, isn't it?
1289
01:10:28,180 --> 01:10:30,965
A crime that was conceived
and carried out
1290
01:10:30,965 --> 01:10:32,402
by a whole bunch of men,
1291
01:10:32,402 --> 01:10:35,535
and the only person who
gets done for it is a woman
1292
01:10:35,535 --> 01:10:38,538
who probably wasn't that
guilty in the first place.
1293
01:10:38,538 --> 01:10:41,802
But she received a sentence
of 56 years in jail
1294
01:10:41,802 --> 01:10:44,979
and a fine of $109 million,
1295
01:10:44,979 --> 01:10:49,506
which is significantly more
than the thieves actually stole.
1296
01:10:50,985 --> 01:10:52,291
To my mind,
1297
01:10:52,291 --> 01:10:54,424
there's no question
that she was a scapegoat.
1298
01:10:54,424 --> 01:10:58,297
I mean, the currency traders
who turned that $81 million
1299
01:10:58,297 --> 01:11:01,300
into pesos got off scot-free.
1300
01:11:01,300 --> 01:11:03,737
There are a couple of
Chinese operators
1301
01:11:03,737 --> 01:11:06,566
who brought these gamblers
in from China.
1302
01:11:06,566 --> 01:11:10,396
We know that they received tens
of millions of dollars in cash.
1303
01:11:10,396 --> 01:11:15,314
They vanished back to Macau.
No trace of them was ever found.
1304
01:11:15,314 --> 01:11:17,751
We can't say for sure,
but certainly it looks like
1305
01:11:17,751 --> 01:11:20,798
people at the Rizal Bank headquarters
1306
01:11:20,798 --> 01:11:23,888
buried these requests
to stop these transactions.
1307
01:11:23,888 --> 01:11:27,239
But nobody else at the Rizal
Bank was ever accused.
1308
01:11:27,239 --> 01:11:31,199
Oddly enough, in this giant
scheme that involved
1309
01:11:31,199 --> 01:11:34,986
a half a dozen countries,
nearly $1 billion,
1310
01:11:34,986 --> 01:11:40,208
only one bank employee
in a small branch in Manila
1311
01:11:40,208 --> 01:11:42,646
was ever convicted of
doing anything wrong.
1312
01:11:42,646 --> 01:11:46,040
It's incredible. Total impunity.
1313
01:11:52,395 --> 01:11:54,788
I think the most
important lesson
1314
01:11:54,788 --> 01:11:57,878
of the Bangladesh Bank
1315
01:11:57,878 --> 01:11:59,880
is a lesson of scale.
1316
01:11:59,880 --> 01:12:01,882
The internet is
a fantastic thing.
1317
01:12:01,882 --> 01:12:04,320
It's made our world
much, much smaller.
1318
01:12:04,320 --> 01:12:07,061
You can do all sorts of things.
It's fantastic.
1319
01:12:07,061 --> 01:12:08,933
But that interconnectivity,
1320
01:12:08,933 --> 01:12:11,805
where everything
is linked to everything else,
1321
01:12:11,805 --> 01:12:15,418
means that if you get bad actors
in that system,
1322
01:12:15,418 --> 01:12:17,245
then the damage
1323
01:12:17,245 --> 01:12:22,076
is infinitely more immense
than it was before.
1324
01:12:23,687 --> 01:12:25,993
When I started this job
two decades ago,
1325
01:12:25,993 --> 01:12:29,083
you had to explain to people,
what is a virus?
1326
01:12:29,083 --> 01:12:31,042
What is a cyber-attack?
1327
01:12:31,042 --> 01:12:33,392
Today, we don't talk about
1328
01:12:33,392 --> 01:12:36,439
making sure this file doesn't
get deleted any more.
1329
01:12:36,439 --> 01:12:40,573
We literally talk about making
sure the supply chain is up,
1330
01:12:40,573 --> 01:12:42,619
food can reach people's tables.
1331
01:12:42,619 --> 01:12:45,665
Our job is not just to protect
people's computers.
1332
01:12:45,665 --> 01:12:49,060
Our job is to ensure
society is up and running.
1333
01:12:49,060 --> 01:12:52,063
Everything
that we use now,
1334
01:12:52,063 --> 01:12:53,978
water, electricity,
1335
01:12:53,978 --> 01:12:56,937
the financial system,
the comms system,
1336
01:12:56,937 --> 01:12:58,548
depends on the integrity
1337
01:12:58,548 --> 01:13:03,683
of unbelievably complex
networked computer systems.
1338
01:13:03,683 --> 01:13:07,992
And our dependence
is becoming such
1339
01:13:07,992 --> 01:13:10,386
that, should anything go wrong,
1340
01:13:10,386 --> 01:13:13,171
be it a technical hitch
or be it a hack,
1341
01:13:13,171 --> 01:13:17,131
it can actually lead
to our lives grinding to a halt
1342
01:13:17,131 --> 01:13:19,525
in a very short space of time.
1343
01:13:20,483 --> 01:13:22,136
We're sort of in a state
1344
01:13:22,136 --> 01:13:24,617
where we're increasing
our vulnerability
1345
01:13:24,617 --> 01:13:27,359
and our attack surface
every single day.
1346
01:13:27,359 --> 01:13:29,796
And instead of pausing
1347
01:13:29,796 --> 01:13:32,799
and thinking about
how to lock up our power grid,
1348
01:13:32,799 --> 01:13:37,848
really, where our energy has
been focused is on escalation.
1349
01:13:37,848 --> 01:13:41,373
Countries like the United
States, China and Russia
1350
01:13:41,373 --> 01:13:44,550
have already arrogated
the right to themselves
1351
01:13:44,550 --> 01:13:47,335
to attack with full force,
1352
01:13:47,335 --> 01:13:50,034
whether cyber
or conventional weapons,
1353
01:13:50,034 --> 01:13:51,905
against anyone who brings down
1354
01:13:51,905 --> 01:13:56,519
a serious piece of critical
national infrastructure.
1355
01:13:56,519 --> 01:14:01,480
We've had Stuxnet blowing
up the Natanz centrifuge plant.
1356
01:14:01,480 --> 01:14:04,962
We've had ransomware attacks,
which hit the Eastern Seaboard.
1357
01:14:04,962 --> 01:14:07,007
There was no gas
to the Eastern Seaboard
1358
01:14:07,007 --> 01:14:09,619
for a whole week
in the United States.
1359
01:14:09,619 --> 01:14:11,751
We had Russia
against the Ukraine,
1360
01:14:11,751 --> 01:14:14,537
shutting out the power
in the middle of winter.
1361
01:14:14,537 --> 01:14:17,453
We're talking about
people losing their lives.
1362
01:14:17,453 --> 01:14:19,019
We've also had cyber-attacks
1363
01:14:19,019 --> 01:14:21,413
that potentially affected
US elections.
1364
01:14:21,413 --> 01:14:23,763
We had the healthcare in the UK
brought down,
1365
01:14:23,763 --> 01:14:25,939
dialysis machines
no longer working.
1366
01:14:25,939 --> 01:14:29,421
This is an extremely
fragile situation,
1367
01:14:29,421 --> 01:14:33,599
much more fragile
than the period of détente,
1368
01:14:33,599 --> 01:14:37,255
because so many more
countries have these weapons.
1369
01:14:37,255 --> 01:14:41,389
Malware is much more difficult
to control than nuclear weapons.
1370
01:14:41,389 --> 01:14:44,871
People always warn me
of the cyber Pearl Harbor
1371
01:14:44,871 --> 01:14:47,091
or the cyber 9/11,
1372
01:14:47,091 --> 01:14:49,746
but it's almost worse than that.
1373
01:14:49,746 --> 01:14:53,619
Every day, there are thousands
of cyber-attacks,
1374
01:14:53,619 --> 01:14:58,232
and we're just getting more and
more and more inured to them.
1375
01:14:59,016 --> 01:15:00,887
It's like a plague.
1376
01:15:00,887 --> 01:15:05,152
I think we'll see much
more hostile cyber activity,
1377
01:15:05,152 --> 01:15:07,851
much more cyber bank robberies,
1378
01:15:07,851 --> 01:15:09,983
much more cyber espionage.
1379
01:15:09,983 --> 01:15:13,030
We'll see much more cyber war.
1380
01:15:13,030 --> 01:15:15,815
In many ways,
I think we've seen nothing yet.
1381
01:15:15,815 --> 01:15:19,253
As attacks increase
in their sophistication
1382
01:15:19,253 --> 01:15:21,386
and their range,
1383
01:15:21,386 --> 01:15:25,346
then the impact
can be ever greater.
1384
01:15:25,346 --> 01:15:29,873
There is a cyber-attack on
critical national infrastructure
1385
01:15:29,873 --> 01:15:31,744
coming to a place near you
1386
01:15:31,744 --> 01:15:35,269
within the next
five to ten years.
1387
01:15:35,269 --> 01:15:38,708
If it's done well,
and if it's really malicious,
1388
01:15:38,708 --> 01:15:41,232
that could be catastrophic.
1389
01:15:43,016 --> 01:15:47,586
What's amazing about the
Bank of Bangladesh heist is...
1390
01:15:47,586 --> 01:15:51,285
they almost walked away
with $1 billion.
1391
01:15:54,071 --> 01:15:56,203
The mistakes that they made
1392
01:15:56,203 --> 01:15:59,990
that led to them only walking
with $81 million
1393
01:15:59,990 --> 01:16:02,862
were literally a typo in a name
1394
01:16:02,862 --> 01:16:05,082
and potentially
not being patient enough,
1395
01:16:05,082 --> 01:16:06,562
waiting just one more hour.
1396
01:16:06,562 --> 01:16:09,913
We could be telling
a completely different story.
1397
01:16:09,913 --> 01:16:11,828
Presumably, these guys
1398
01:16:11,828 --> 01:16:15,309
kept perhaps 95 percent
of that cash.
1399
01:16:15,309 --> 01:16:16,528
You could walk out
1400
01:16:16,528 --> 01:16:18,399
with 95 percent
of what you came in with,
1401
01:16:18,399 --> 01:16:21,838
have nobody trace that money,
no record of it whatsoever,
1402
01:16:21,838 --> 01:16:26,233
and get on a plane with it,
and you're home free.
1403
01:16:26,233 --> 01:16:30,760
Even if you had invested
a year's work,
1404
01:16:30,760 --> 01:16:35,460
that you had recruited
a really decent set of hackers,
1405
01:16:35,460 --> 01:16:39,899
that you had corrupted
bank officials,
1406
01:16:39,899 --> 01:16:43,947
you'll be looking at a profit
of about $75 million.
1407
01:16:43,947 --> 01:16:47,037
For a year's work,
not a bad pay-off.
1408
01:16:49,126 --> 01:16:52,999
The Bank of Bangladesh heist
showed them what was possible.
1409
01:16:54,392 --> 01:16:56,742
They proved that
they could do it.
1410
01:17:01,617 --> 01:17:03,662
After that attack,
it didn't stop.
1411
01:17:03,662 --> 01:17:07,840
We saw continued attacks
on various banks across Asia,
1412
01:17:07,840 --> 01:17:10,451
I think in
the Philippines again.
1413
01:17:10,451 --> 01:17:14,673
And also, they started hacking
the cryptocurrency exchanges,
1414
01:17:14,673 --> 01:17:18,546
where people store their Bitcoin
and Monero digital currency,
1415
01:17:18,546 --> 01:17:21,724
which has proved to be
incredibly lucrative for them.
1416
01:17:23,726 --> 01:17:25,684
In 2017,
Lazarus was thought
1417
01:17:25,684 --> 01:17:27,338
to have successfully attacked
1418
01:17:27,338 --> 01:17:31,995
at least five Asian
cryptocurrency exchanges.
1419
01:17:31,995 --> 01:17:37,827
That's a total of
$571 million that was lost.
1420
01:17:37,827 --> 01:17:41,134
Cryptocurrency exchanges
just have the bare minimum
1421
01:17:41,134 --> 01:17:43,659
of security, we're learning now.
1422
01:17:43,659 --> 01:17:46,923
In 2020, as the global
pandemic spiralled,
1423
01:17:46,923 --> 01:17:50,143
AstraZeneca, makers of
one of the key vaccines,
1424
01:17:50,143 --> 01:17:53,538
was hit by an attack,
extorting the company
1425
01:17:53,538 --> 01:17:56,846
and stealing sensitive
information for profit.
1426
01:17:58,064 --> 01:18:00,632
The sums involved
are astronomical,
1427
01:18:00,632 --> 01:18:03,940
and Lazarus is still
very much at large.
1428
01:18:06,246 --> 01:18:11,774
They have been designated
by the United States an APT;
1429
01:18:11,774 --> 01:18:13,863
that's an
advanced persistent threat.
1430
01:18:13,863 --> 01:18:16,692
Now, the fundamental criteria
1431
01:18:16,692 --> 01:18:20,478
is that they represent a threat
1432
01:18:20,478 --> 01:18:24,612
to US national security
and national infrastructure.
1433
01:18:24,612 --> 01:18:28,486
So, just by dint of it
being called an APT
1434
01:18:28,486 --> 01:18:33,404
means that the Lazarus Group
is serious stuff.
1435
01:18:33,404 --> 01:18:35,623
Marvel fans,
think HYDRA.
1436
01:18:35,623 --> 01:18:38,801
James Bond films,
think of SPECTRE.
1437
01:18:38,801 --> 01:18:40,237
It's something like that.
1438
01:18:43,762 --> 01:18:47,635
Now, it's tempting to
think this comparison is absurd,
1439
01:18:47,635 --> 01:18:51,074
but this is the scale
that Lazarus operates on.
1440
01:18:51,074 --> 01:18:54,294
Arguably, they're the most
potent cyber criminals
1441
01:18:54,294 --> 01:18:56,427
in business today.
1442
01:18:56,427 --> 01:19:00,300
So the nation state's
involvement in cybercrime
1443
01:19:00,300 --> 01:19:02,955
means that cybercrime
has actually morphed
1444
01:19:02,955 --> 01:19:05,653
into cyber warfare.
1445
01:19:05,653 --> 01:19:08,613
You can have zero trust
in these systems.
1446
01:19:08,613 --> 01:19:12,095
You need to assume that
everything has been broken,
1447
01:19:12,095 --> 01:19:14,010
everything is being listened to,
1448
01:19:14,010 --> 01:19:17,274
that everything can be captured,
and operate accordingly.
1449
01:19:19,580 --> 01:19:22,453
If a small group
can plan something
1450
01:19:22,453 --> 01:19:25,499
and get away with $81 million,
1451
01:19:25,499 --> 01:19:27,937
which involved
the Fed in New York,
1452
01:19:27,937 --> 01:19:29,765
SWIFT in Brussels,
1453
01:19:29,765 --> 01:19:32,550
the Bangladeshi Bank in Dhaka,
1454
01:19:32,550 --> 01:19:36,032
and then all the peripherals
in Manila,
1455
01:19:36,032 --> 01:19:40,427
just think about what one of the
really professional operations
1456
01:19:40,427 --> 01:19:42,560
in China, Russia,
1457
01:19:42,560 --> 01:19:44,518
the NSA, GCHQ,
1458
01:19:44,518 --> 01:19:48,871
just think what havoc
they could wreak.
1459
01:19:48,871 --> 01:19:52,613
And every year, the hacks get
bigger, the damage greater,
1460
01:19:52,613 --> 01:19:54,702
the implications graver.
1461
01:19:56,139 --> 01:20:00,447
Armies literally have hackers
hammering at the gates.
1462
01:20:00,447 --> 01:20:02,710
And it just takes
a simple breach,
1463
01:20:02,710 --> 01:20:05,583
one person, one weak link,
1464
01:20:05,583 --> 01:20:08,238
and those armies
will storm the defences
1465
01:20:08,238 --> 01:20:12,851
and bring down a network
that our way of life depends on.
1466
01:20:12,851 --> 01:20:15,593
It happened in Bangladesh
in 2016.
1467
01:20:15,593 --> 01:20:21,033
And believe you me, it's going
to happen again very soon.
1468
01:21:14,957 --> 01:21:17,916
Iyuno
111472
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.