subtitlecat.com

All language subtitles for Billion.Dollar.Heist.2023.720p.AMZN.WEBRip.x264-LAMA_track3_[eng]

Afrikaans

Akan

Albanian

Amharic

Arabic

Armenian

Azerbaijani

Basque

Belarusian

Bemba

Bengali Download

Bihari

Bosnian

Breton

Bulgarian

Cambodian

Catalan

Cebuano

Cherokee

Chichewa

Chinese (Simplified)

Chinese (Traditional)

Corsican

Croatian

Czech

Danish Download

Dutch Download

English Download

Esperanto

Estonian

Ewe

Faroese

Filipino

Finnish

French

Frisian

Galician

Georgian

German

Greek

Guarani

Gujarati

Haitian Creole

Hausa

Hawaiian

Hebrew

Hindi

Hmong

Hungarian

Icelandic

Igbo

Indonesian Download

Interlingua

Irish

Italian

Japanese Download

Javanese

Kannada

Kazakh

Kinyarwanda

Kirundi

Kongo

Korean

Krio (Sierra Leone)

Kurdish

Kurdish (Soranî)

Kyrgyz

Laothian

Latin

Latvian

Lingala

Lithuanian

Lozi

Luganda

Luo

Luxembourgish

Macedonian

Malagasy

Malay

Malayalam Download

Maltese

Maori

Marathi

Mauritian Creole

Moldavian

Mongolian

Myanmar (Burmese)

Montenegrin

Nepali

Nigerian Pidgin

Northern Sotho

Norwegian

Norwegian (Nynorsk)

Occitan

Oriya

Oromo

Pashto

Persian

Polish Download

Portuguese (Brazil)

Portuguese (Portugal) Download

Punjabi

Quechua

Romanian

Romansh

Runyakitara

Russian

Samoan

Scots Gaelic

Serbian

Serbo-Croatian

Sesotho

Setswana

Seychellois Creole

Shona

Sindhi

Sinhalese

Slovak

Slovenian

Somali

Spanish Download

Spanish (Latin American)

Sundanese

Swahili

Swedish

Tajik

Tamil

Tatar

Telugu

Thai

Tigrinya

Tonga

Tshiluba

Tumbuka

Turkish

Turkmen

Twi

Uighur

Ukrainian

Urdu

Uzbek

Vietnamese

Welsh

Wolof

Xhosa

Yiddish

Yoruba

Zulu

Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:01:10,852 --> 00:01:12,158 It's Friday, 2 00:01:12,158 --> 00:01:15,466 and it is, of course, the Muslim prayer day. 3 00:01:15,466 --> 00:01:18,556 Everyone's off, except for the skeleton staff 4 00:01:18,556 --> 00:01:20,688 at the Bangladeshi Bank, 5 00:01:20,688 --> 00:01:24,605 including Zubair Bin Huda, who is the duty manager. 6 00:01:27,913 --> 00:01:31,438 He's part of the elite team of employees 7 00:01:31,438 --> 00:01:35,138 who run the SWIFT banking system, 8 00:01:35,138 --> 00:01:38,706 which is a highly secure banking system 9 00:01:38,706 --> 00:01:41,361 that sends money around the world. 10 00:01:43,581 --> 00:01:47,324 Now, Bin Huda goes, as he does every day, 11 00:01:47,324 --> 00:01:49,195 to the SWIFT printer 12 00:01:49,195 --> 00:01:53,417 to check up on the transactions from the day before. 13 00:01:53,417 --> 00:01:56,202 There are usually printouts 14 00:01:56,202 --> 00:01:58,465 of transactions that came in overnight. 15 00:01:58,465 --> 00:02:02,817 The SWIFT software would print out a ledger every single day, 16 00:02:02,817 --> 00:02:06,995 an audit trace of every single transaction that occurred 17 00:02:06,995 --> 00:02:08,736 on paper. 18 00:02:08,736 --> 00:02:11,435 But when they came in on February 5th morning, 19 00:02:11,435 --> 00:02:12,914 as they usually do, 20 00:02:12,914 --> 00:02:15,787 they found there were no SWIFT messages at all. 21 00:02:15,787 --> 00:02:20,052 In fact, the printer's shut down. It won't work. 22 00:02:20,052 --> 00:02:21,401 They try and turn it on. 23 00:02:21,401 --> 00:02:25,231 Nothing will kick it back into life. 24 00:02:25,231 --> 00:02:28,191 He assumes it was simply a technical error, 25 00:02:28,191 --> 00:02:30,236 shrugs, goes home for the night, 26 00:02:30,236 --> 00:02:32,325 comes back in on Saturday morning 27 00:02:32,325 --> 00:02:34,545 to check the system again. 28 00:02:35,720 --> 00:02:36,982 The next day, 29 00:02:36,982 --> 00:02:40,203 they somehow manually get the printer to work. 30 00:02:40,203 --> 00:02:42,509 This deputy head manager walks in the room, 31 00:02:42,509 --> 00:02:46,165 the printer starts working, and these weird messages come out. 32 00:02:46,165 --> 00:02:49,603 The printer starts spewing out 33 00:02:49,603 --> 00:02:51,779 all of these transactions, 34 00:02:51,779 --> 00:02:56,349 including individual requests to the Fed in New York 35 00:02:56,349 --> 00:02:59,396 for $1 billion. 36 00:03:01,311 --> 00:03:04,923 At that moment, it's panic stations. 37 00:03:44,832 --> 00:03:50,273 When I was growing up, the biggest crime in Britain 38 00:03:50,273 --> 00:03:52,362 ever recorded was the Great Train Robbery. 39 00:03:52,362 --> 00:03:56,409 It was an extraordinary thing. They stole about £2.5 million. 40 00:03:56,409 --> 00:03:58,803 That's about $4 million. 41 00:03:58,803 --> 00:04:04,287 And that story ran literally for 30 years. 42 00:04:05,288 --> 00:04:06,811 Four million dollars. 43 00:04:07,899 --> 00:04:10,336 What you're about to hear 44 00:04:10,336 --> 00:04:14,079 is the story of an attempt to steal... 45 00:04:15,080 --> 00:04:17,561 a billion dollars 46 00:04:18,518 --> 00:04:20,477 It's told by world-leading 47 00:04:20,477 --> 00:04:24,002 cybersecurity and legal experts and journalists: 48 00:04:24,002 --> 00:04:26,352 the very people who uncovered the facts 49 00:04:26,352 --> 00:04:27,962 and threaded them together 50 00:04:27,962 --> 00:04:32,532 to reveal how dangerous the world of cybercrime is today. 51 00:04:49,941 --> 00:04:53,379 So, there are four big threats 52 00:04:53,379 --> 00:04:57,514 to the world and to the human race. 53 00:04:57,514 --> 00:04:59,646 One of them we've just experienced, 54 00:04:59,646 --> 00:05:01,779 that's the pandemic. 55 00:05:01,779 --> 00:05:04,869 Then you've got weapons of mass destruction. 56 00:05:04,869 --> 00:05:08,263 You've got climate change. 57 00:05:08,263 --> 00:05:14,008 But barrelling down towards us before those is cyber. 58 00:05:24,541 --> 00:05:25,977 This is the possibility 59 00:05:25,977 --> 00:05:30,111 of our overdependency on network technologies 60 00:05:30,111 --> 00:05:34,986 being undermined, either by malfunctioning of the system... 61 00:05:34,986 --> 00:05:36,640 New problems are emerging 62 00:05:36,640 --> 00:05:39,207 the day after an Amazon web service outage. 63 00:05:39,207 --> 00:05:42,297 Massive and mysterious, a global outage... 64 00:05:42,297 --> 00:05:45,257 ...or by a targeted attack. 65 00:05:45,257 --> 00:05:47,172 More than a thousand companies 66 00:05:47,172 --> 00:05:49,348 have been crippled by this attack so far. 67 00:05:49,348 --> 00:05:52,307 Sounds like we're looking at a 2022 with more hacks, 68 00:05:52,307 --> 00:05:53,613 more lost money. 69 00:05:59,967 --> 00:06:04,276 So, when I started hunting hackers in the early 1990s... 70 00:06:05,495 --> 00:06:07,714 our enemy was really simple. 71 00:06:07,714 --> 00:06:10,195 All the malware, all the viruses, 72 00:06:10,195 --> 00:06:13,154 all the attacks were done by teenage boys. 73 00:06:13,154 --> 00:06:15,505 What will your parents think? 74 00:06:17,637 --> 00:06:20,858 I've been doing this job for two decades now. 75 00:06:24,296 --> 00:06:25,515 When we first started, 76 00:06:25,515 --> 00:06:27,952 the people writing viruses and malware 77 00:06:27,952 --> 00:06:29,519 were doing it for fun, 78 00:06:29,519 --> 00:06:32,435 to get their name in lights, to say, "Look what I can do." 79 00:06:32,435 --> 00:06:34,698 No flash, please. 80 00:06:34,698 --> 00:06:37,831 When I started analysing viruses, they looked like this. 81 00:06:37,831 --> 00:06:41,095 Malware was still spread on floppy disks. 82 00:06:41,095 --> 00:06:44,751 They were spreading at the speed of people travelling the world 83 00:06:44,751 --> 00:06:47,145 and carrying the viruses with them. 84 00:06:47,145 --> 00:06:50,583 Michelangelo has proven less harmful than feared. 85 00:06:50,583 --> 00:06:53,151 All the stuff you've got in there you may really want, 86 00:06:53,151 --> 00:06:54,457 it's just gone? 87 00:06:54,457 --> 00:06:56,502 Then the internet came around, and suddenly, 88 00:06:56,502 --> 00:06:59,374 malware outbreaks could go around the world in seconds. 89 00:06:59,374 --> 00:07:00,985 For the last 36 hours, 90 00:07:00,985 --> 00:07:04,728 the ILOVEYOU virus has been creating havoc around the world. 91 00:07:04,728 --> 00:07:08,209 Experts have reason to worry. The first attack, July 19th, 92 00:07:08,209 --> 00:07:11,691 infected about 300,000 systems in nine hours. 93 00:07:11,691 --> 00:07:14,172 First of all, the guys who make a living doing security 94 00:07:14,172 --> 00:07:16,087 and are trying to protect themselves 95 00:07:16,087 --> 00:07:19,612 are scared shitless of you, because you can just ruin 'em. 96 00:07:19,612 --> 00:07:20,918 After the period of time 97 00:07:20,918 --> 00:07:22,572 where hackers were just doing things for fun, 98 00:07:22,572 --> 00:07:26,053 some of them realised that they could use it to make money. 99 00:07:28,578 --> 00:07:31,711 Prior to, like, the 2000s... 100 00:07:31,711 --> 00:07:35,759 cyber was primarily around a disruption of websites... 101 00:07:36,673 --> 00:07:38,936 defacement of a webpage. 102 00:07:38,936 --> 00:07:42,548 Just as we got around 2000, the dot-com boom, the explosion, 103 00:07:42,548 --> 00:07:44,419 we started into what would become 104 00:07:44,419 --> 00:07:46,204 financially motivated hackers. 105 00:07:46,204 --> 00:07:49,076 This really flourished, especially in Eastern European, 106 00:07:49,076 --> 00:07:53,167 Russia, CIS bloc countries. 107 00:07:53,167 --> 00:07:55,996 This was the time of gangster capitalism, 108 00:07:55,996 --> 00:08:00,044 when everyone's world in Eastern Europe was falling apart, 109 00:08:00,044 --> 00:08:02,655 where organised crime and... 110 00:08:02,655 --> 00:08:05,571 former members of the intelligence services 111 00:08:05,571 --> 00:08:09,357 were taking hold of the economy. 112 00:08:10,924 --> 00:08:14,319 So you had a lot of young people in the 1990s 113 00:08:14,319 --> 00:08:17,975 who were very good mathematicians, physicists, 114 00:08:17,975 --> 00:08:20,325 computer scientists, 115 00:08:20,325 --> 00:08:23,546 who simply took the logic and the morality 116 00:08:23,546 --> 00:08:26,636 of gangster capitalism online. 117 00:08:30,117 --> 00:08:32,206 Virus writers were writing viruses 118 00:08:32,206 --> 00:08:33,860 to infect Windows computers, 119 00:08:33,860 --> 00:08:36,994 and those computers were then sold to email spammers, 120 00:08:36,994 --> 00:08:39,997 who were using those machines to send Viagra spam 121 00:08:39,997 --> 00:08:42,695 or what have you, basically making money. 122 00:08:42,695 --> 00:08:44,479 And that changed everything. 123 00:08:48,832 --> 00:08:51,617 People at that time began to use online banking, 124 00:08:51,617 --> 00:08:54,664 and they began to steal people's online banking credentials, 125 00:08:54,664 --> 00:08:57,318 from there, also get credit card numbers, 126 00:08:57,318 --> 00:08:59,451 and use that to basically transfer funds. 127 00:08:59,451 --> 00:09:02,715 Just in hundreds of dollars at a time from these individuals. 128 00:09:02,715 --> 00:09:05,936 They eventually realised that going after individuals 129 00:09:05,936 --> 00:09:07,241 was much more difficult 130 00:09:07,241 --> 00:09:10,331 than just going after the banks themselves. 131 00:09:10,331 --> 00:09:11,985 Get into databases, 132 00:09:11,985 --> 00:09:14,466 those databases held credit card numbers. 133 00:09:14,466 --> 00:09:17,643 Take those numbers and then sell them on the black market. 134 00:09:19,384 --> 00:09:23,388 Originally, the internet was set up at the Pentagon... 135 00:09:25,085 --> 00:09:29,046 just to be able to share resources between computers. 136 00:09:32,179 --> 00:09:35,269 And it was really never designed to have 137 00:09:35,269 --> 00:09:38,533 banking attached to it, 138 00:09:38,533 --> 00:09:41,754 critical infrastructure attached to it. 139 00:09:41,754 --> 00:09:44,409 It was really designed for availability. 140 00:09:44,409 --> 00:09:47,151 It was never designed for security. 141 00:09:48,543 --> 00:09:50,545 Whereas in the early 1990s 142 00:09:50,545 --> 00:09:53,548 when there was only 30,000 people connected to it 143 00:09:53,548 --> 00:09:56,856 and several hundred systems, we've moved to a system 144 00:09:56,856 --> 00:09:59,990 which essentially is the backbone of global finance. 145 00:10:01,382 --> 00:10:04,603 The fact that it's able to do that... 146 00:10:04,603 --> 00:10:07,475 the fact that it's able to sustain currently between 147 00:10:07,475 --> 00:10:10,435 15 and 20 percent of GDP globally 148 00:10:10,435 --> 00:10:12,785 tells us something about just how important 149 00:10:12,785 --> 00:10:14,961 this infrastructure is. 150 00:10:14,961 --> 00:10:17,137 Why did people move into the internet 151 00:10:17,137 --> 00:10:18,704 to seek economic opportunity? 152 00:10:18,704 --> 00:10:21,664 Because that's where the economic opportunity was, 153 00:10:21,664 --> 00:10:23,622 untethered by norms, 154 00:10:23,622 --> 00:10:25,842 untethered by national boundaries, 155 00:10:25,842 --> 00:10:28,540 and essentially limited only by the creativity 156 00:10:28,540 --> 00:10:30,237 that these individuals had. 157 00:10:40,857 --> 00:10:43,860 The user nagged the Federal Reserve Bank 158 00:10:43,860 --> 00:10:48,429 with 35 payment instructions worth $951 million. 159 00:10:48,429 --> 00:10:50,910 We'd just never heard of such a thing before. 160 00:10:50,910 --> 00:10:53,086 We'd been investigating cybercrime 161 00:10:53,086 --> 00:10:55,610 for a couple of decades at that point. 162 00:10:55,610 --> 00:10:57,743 You see cyber criminals go in, 163 00:10:57,743 --> 00:11:01,791 and they try to transfer a few hundred thousands of dollars, 164 00:11:01,791 --> 00:11:05,098 maybe a million, a couple of million. 165 00:11:05,098 --> 00:11:09,102 But conducting a cyber-attack to try to steal one billion? 166 00:11:09,102 --> 00:11:13,063 That was an order of magnitude that we had never seen before. 167 00:11:13,063 --> 00:11:14,717 It was clear from early on 168 00:11:14,717 --> 00:11:18,155 that it was one of the biggest cyber heists in the world. 169 00:11:18,155 --> 00:11:20,548 When we first started hearing rumours 170 00:11:20,548 --> 00:11:23,856 about something affecting SWIFT network, 171 00:11:23,856 --> 00:11:26,467 I didn't understand how big it was. 172 00:11:26,467 --> 00:11:28,165 But when we started realising 173 00:11:28,165 --> 00:11:30,689 this is at a completely different scale, 174 00:11:30,689 --> 00:11:32,604 it just blew my mind. 175 00:11:46,357 --> 00:11:47,488 Once they realised 176 00:11:47,488 --> 00:11:49,621 that the money actually was really gone, 177 00:11:49,621 --> 00:11:51,666 then the panic began to set in. 178 00:11:51,666 --> 00:11:56,933 They lost $81 million instantly to a bank in the Philippines. 179 00:11:56,933 --> 00:12:00,023 They see the $81 million has already gone 180 00:12:00,023 --> 00:12:05,898 and that nearly $900 million extra has been requested. 181 00:12:08,858 --> 00:12:13,297 They basically try to figure out what to do next. 182 00:12:13,297 --> 00:12:15,908 They have no idea what to do. 183 00:12:15,908 --> 00:12:19,172 They hunted for ways to contact the New York Fed. 184 00:12:21,000 --> 00:12:23,698 Desperate calls are made by them. 185 00:12:27,877 --> 00:12:29,792 And it goes to an answering machine. 186 00:12:29,792 --> 00:12:31,794 You've reached the Federal Reserve Bank... 187 00:12:31,794 --> 00:12:33,665 Because it's Saturday in New York, 188 00:12:33,665 --> 00:12:36,059 and nobody's picking up the phone. 189 00:12:36,059 --> 00:12:39,149 - Please call back... - It's a complete shitshow. 190 00:12:39,149 --> 00:12:43,196 Total disorganisation, at both ends, I would stress. 191 00:12:45,546 --> 00:12:49,289 The New York Times Magazine was planning a true-crime issue, 192 00:12:49,289 --> 00:12:50,464 and my editor came to me 193 00:12:50,464 --> 00:12:52,945 and asked I was interested in doing it. 194 00:12:54,294 --> 00:12:55,643 I looked into it a bit. 195 00:12:55,643 --> 00:12:58,168 There definitely were some intriguing elements, 196 00:12:58,168 --> 00:12:59,822 and made me pay attention. 197 00:13:02,172 --> 00:13:04,478 The Federal Reserve has pretty much 198 00:13:04,478 --> 00:13:07,220 depended on the SWIFT banking system, 199 00:13:07,220 --> 00:13:11,921 and since there has rarely been a hack, if ever, 200 00:13:11,921 --> 00:13:14,880 of the SWIFT banking system... 201 00:13:14,880 --> 00:13:18,101 the Federal Reserve has never instituted 202 00:13:18,101 --> 00:13:20,843 any sort of 24-7 hotline. 203 00:13:22,583 --> 00:13:26,544 Eventually, they get hold of somebody at SWIFT, 204 00:13:26,544 --> 00:13:28,198 and SWIFT says, 205 00:13:28,198 --> 00:13:29,808 "Just shut the whole lot down 206 00:13:29,808 --> 00:13:32,550 until we know what's going on here." 207 00:13:32,550 --> 00:13:36,206 Badrul Khan decides before he can actually make that decision, 208 00:13:36,206 --> 00:13:39,209 he has to talk to the deputy governor of the bank, 209 00:13:39,209 --> 00:13:40,863 which he does. 210 00:13:40,863 --> 00:13:43,866 Deputy governor doesn't want to take the decision upon himself, 211 00:13:43,866 --> 00:13:47,478 so he talks to the governor. And guess what. 212 00:13:47,478 --> 00:13:50,698 The governor says, "It's probably a mistake. 213 00:13:50,698 --> 00:13:52,657 We won't shut it down." 214 00:13:56,052 --> 00:13:58,793 Work week begins at the Bangladesh Bank 215 00:13:58,793 --> 00:14:00,230 on Sunday morning, 216 00:14:00,230 --> 00:14:03,015 and it's then that the general manager of the bank 217 00:14:03,015 --> 00:14:05,888 comes in and begins to take stock of what had happened. 218 00:14:05,888 --> 00:14:07,454 They're running out of options. 219 00:14:07,454 --> 00:14:11,154 They're not sure what to do. Fed is still closed in New York. 220 00:14:11,154 --> 00:14:13,243 They go through all the SWIFT material, 221 00:14:13,243 --> 00:14:16,115 discover that most of the money has gone 222 00:14:16,115 --> 00:14:18,248 to the bank in Manila. 223 00:14:18,248 --> 00:14:21,207 And these desperate messages are sent out: 224 00:14:21,207 --> 00:14:22,643 "Stop the transactions. 225 00:14:22,643 --> 00:14:25,211 Hold that money. Do not allow it to be withdrawn. 226 00:14:25,211 --> 00:14:27,170 It's our money. It's been stolen." 227 00:14:28,693 --> 00:14:30,303 But there's a problem. 228 00:14:30,303 --> 00:14:32,262 Five, four, 229 00:14:32,262 --> 00:14:35,178 three, two, one! 230 00:14:35,178 --> 00:14:37,963 Happy New Year! 231 00:14:41,967 --> 00:14:43,838 It's Chinese New Year, 232 00:14:43,838 --> 00:14:46,972 and the Rizal Commercial Bank is closed. 233 00:14:51,716 --> 00:14:56,242 The thieves chose a sequence of days... 234 00:14:56,242 --> 00:15:00,681 from Friday, Saturday, Sunday and Monday, 235 00:15:00,681 --> 00:15:03,858 when one or another of the three countries 236 00:15:03,858 --> 00:15:06,600 that would be communicating with one another 237 00:15:06,600 --> 00:15:09,212 was shut down for a holiday. 238 00:15:15,609 --> 00:15:17,655 You've got to hand it to these guys. 239 00:15:17,655 --> 00:15:19,048 They knew it. 240 00:15:19,048 --> 00:15:21,746 They knew that if they did it over that weekend, 241 00:15:21,746 --> 00:15:24,009 with the Friday, the Muslim holiday, 242 00:15:24,009 --> 00:15:27,230 the Sunday and the Saturday, everything closed in New York, 243 00:15:27,230 --> 00:15:30,581 and the Monday, Chinese New Year. 244 00:15:32,365 --> 00:15:37,153 They've got four days to get the heist done. 245 00:15:37,153 --> 00:15:39,416 This is really classy planning. 246 00:15:41,418 --> 00:15:45,465 In that respect, it was really an ingenious plan. 247 00:15:45,465 --> 00:15:49,469 It's kind of like a great film director in a malevolent way, 248 00:15:49,469 --> 00:15:53,125 planning out, you know, a very complex film. 249 00:15:56,476 --> 00:15:58,174 The country of Bangladesh 250 00:15:58,174 --> 00:16:01,916 is the 170th poorest country in the world. 251 00:16:01,916 --> 00:16:04,310 One billion dollars is huge to them. 252 00:16:04,310 --> 00:16:06,399 When we talk about cyber-attacks, 253 00:16:06,399 --> 00:16:08,097 they're not just zeros and ones. 254 00:16:08,097 --> 00:16:10,229 We're not just talking about people 255 00:16:10,229 --> 00:16:13,798 moving around zeros and ones, deleting zeros and ones. 256 00:16:15,582 --> 00:16:18,150 One billion dollars to Bangladesh 257 00:16:18,150 --> 00:16:21,588 potentially means that people starve in the country. 258 00:16:21,588 --> 00:16:25,288 These things have potential serious repercussions. 259 00:16:27,768 --> 00:16:30,249 The Bangladesh Bank heist was significant 260 00:16:30,249 --> 00:16:34,340 because it showed how fragile global banking was as a whole. 261 00:16:36,212 --> 00:16:40,303 Banks don't just operate as single isolated entities. 262 00:16:40,303 --> 00:16:42,827 They're part of a system. 263 00:16:42,827 --> 00:16:45,525 And that system is vulnerable. 264 00:16:47,745 --> 00:16:52,445 The US Federal Reserve holds trillions of dollars in accounts 265 00:16:52,445 --> 00:16:55,622 kept by central banks all around the world. 266 00:16:55,622 --> 00:16:59,322 Its computer security systems are state of the art, making it 267 00:16:59,322 --> 00:17:03,630 one of the most difficult financial institutions to hack. 268 00:17:07,330 --> 00:17:10,594 The criminals realise that it can't get into 269 00:17:10,594 --> 00:17:14,119 the network system of the Fed, 270 00:17:14,119 --> 00:17:17,949 but the Fed has to talk to other central banks 271 00:17:17,949 --> 00:17:19,820 around the world, 272 00:17:19,820 --> 00:17:23,433 and this is where they find a flaw. 273 00:17:25,348 --> 00:17:27,480 The criminals turn their attention 274 00:17:27,480 --> 00:17:30,483 to the banks' communication systems. 275 00:17:32,006 --> 00:17:35,445 Every day, the Fed places thousands of transactions 276 00:17:35,445 --> 00:17:39,101 on behalf of the central banks that hold US dollar reserves 277 00:17:39,101 --> 00:17:40,363 at the Fed. 278 00:17:40,363 --> 00:17:42,800 The Federal Reserve has pretty much depended 279 00:17:42,800 --> 00:17:45,150 on the SWIFT banking system 280 00:17:45,150 --> 00:17:48,110 to get its instructions about transfers. 281 00:17:48,110 --> 00:17:51,069 SWIFT sends money around the world 282 00:17:51,069 --> 00:17:52,984 to thousands of member banks. 283 00:17:52,984 --> 00:17:57,989 It's the main way that banks dispatch money to one another. 284 00:17:59,208 --> 00:18:01,645 SWIFT allows you to transfer money 285 00:18:01,645 --> 00:18:02,820 from one bank to another, 286 00:18:02,820 --> 00:18:04,604 no matter where you are in the world. 287 00:18:04,604 --> 00:18:07,390 Make international wire transfers. 288 00:18:07,390 --> 00:18:11,611 The whole banking system is integrated, 289 00:18:11,611 --> 00:18:15,702 and they depend above all else on SWIFT, 290 00:18:15,702 --> 00:18:21,186 the international transaction mechanisms, to work. 291 00:18:21,186 --> 00:18:23,362 What it means is, all it takes 292 00:18:23,362 --> 00:18:28,846 is a single weak link to bring down the whole network. 293 00:18:30,413 --> 00:18:33,416 So although the target is the Fed, 294 00:18:33,416 --> 00:18:37,768 they are looking for a bank with which the Fed communicates, 295 00:18:37,768 --> 00:18:42,381 which holds a lot of its reserves in New York. 296 00:18:42,381 --> 00:18:44,166 But it's a long way away, 297 00:18:44,166 --> 00:18:48,605 in a distant time zone from the Fed, 298 00:18:48,605 --> 00:18:51,347 and it's likely to have 299 00:18:51,347 --> 00:18:56,439 patchy security systems in place in its computer network. 300 00:18:59,006 --> 00:19:00,834 My colleagues in Dhaka, 301 00:19:00,834 --> 00:19:04,055 they were chasing it for a long time. 302 00:19:04,055 --> 00:19:07,493 It was a robbery of a scale that we hadn't heard of. 303 00:19:09,278 --> 00:19:11,628 The first thought that came to my mind was, 304 00:19:11,628 --> 00:19:14,674 because it was the Bangladeshi Central Bank, 305 00:19:14,674 --> 00:19:17,286 I thought the hackers found it 306 00:19:17,286 --> 00:19:19,592 somehow easier to target it. 307 00:19:19,592 --> 00:19:21,420 Because it was Bangladesh, 308 00:19:21,420 --> 00:19:24,467 I suspected they would be more vulnerable 309 00:19:24,467 --> 00:19:26,817 to cyber-attacks as such. 310 00:19:28,558 --> 00:19:31,387 "Hmm. A Bangladeshi bank. 311 00:19:31,387 --> 00:19:34,041 Probably doesn't have the same level of security 312 00:19:34,041 --> 00:19:36,261 and if they do, it's probably one or two people, 313 00:19:36,261 --> 00:19:40,265 not a team of 6,000 working on it. 314 00:19:41,179 --> 00:19:42,398 Let's go for it." 315 00:19:42,398 --> 00:19:44,704 These attackers weren't just skilled 316 00:19:44,704 --> 00:19:45,966 in breaching networks, 317 00:19:45,966 --> 00:19:47,881 figuring out how to get into an organisation. 318 00:19:47,881 --> 00:19:52,059 They had to study that SWIFT software deeply. 319 00:19:52,059 --> 00:19:55,237 This attack happened well before that February 5th, 320 00:19:55,237 --> 00:19:56,890 when the bank employee walked in 321 00:19:56,890 --> 00:19:59,937 and saw that printer hadn't printed out the audit jobs 322 00:19:59,937 --> 00:20:01,982 and couldn't figure out what was going on. 323 00:20:01,982 --> 00:20:04,855 This attack started more than a year prior to that. 324 00:20:04,855 --> 00:20:07,336 These attackers had been working for months 325 00:20:07,336 --> 00:20:09,163 in the build-up until that day. 326 00:20:09,163 --> 00:20:11,296 It is a mistake for people to think 327 00:20:11,296 --> 00:20:13,603 that this was something that happened overnight. 328 00:20:13,603 --> 00:20:15,692 It is a mistake for people to think 329 00:20:15,692 --> 00:20:18,999 that this happened in a month, or two months or three months. 330 00:20:18,999 --> 00:20:21,437 It is a slow, methodical approach, 331 00:20:21,437 --> 00:20:25,571 because it's a business, all right? You build it. 332 00:20:32,317 --> 00:20:35,189 Bank robberies used to be something that happened 333 00:20:35,189 --> 00:20:37,540 in the real world. 334 00:20:37,540 --> 00:20:40,673 Now they only happen in the online world. 335 00:20:42,849 --> 00:20:46,810 If you would try to steal $100 million in banknotes, 336 00:20:46,810 --> 00:20:49,203 that would be, like, ten trucks full of notes. 337 00:20:49,203 --> 00:20:51,554 If you drive ten trucks full of notes out of the bank, 338 00:20:51,554 --> 00:20:54,078 someone would notice. 339 00:20:54,078 --> 00:20:57,342 But when you do the same thing online, no one notices anything. 340 00:20:57,342 --> 00:21:01,085 Every movie you've ever seen of them breaking into a bank 341 00:21:01,085 --> 00:21:03,479 is them doing it over a bank holiday 342 00:21:03,479 --> 00:21:05,437 or something of that nature. 343 00:21:05,437 --> 00:21:07,265 Same concept here. 344 00:21:12,139 --> 00:21:15,404 This isn't Matthew Broderick sitting in front of a computer, 345 00:21:15,404 --> 00:21:17,493 like War Games back in the 1980s, 346 00:21:17,493 --> 00:21:19,364 some kid in their basement. 347 00:21:21,148 --> 00:21:24,413 These are criminal organisations. 348 00:21:24,413 --> 00:21:26,066 Each person has a skill set. 349 00:21:26,066 --> 00:21:29,113 It's kind of like that Ocean's Eleven-type thing. 350 00:21:30,636 --> 00:21:33,117 You know, "This guy could crack the bank, 351 00:21:33,117 --> 00:21:35,380 this guy could do the surveillance cameras, 352 00:21:35,380 --> 00:21:37,817 this is the getaway, this is the conman." 353 00:21:37,817 --> 00:21:39,602 You all have a role to play, 354 00:21:39,602 --> 00:21:42,344 and you need everybody to execute their role 355 00:21:42,344 --> 00:21:44,128 to the best of their abilities 356 00:21:44,128 --> 00:21:46,913 for you to be successful and get it out. 357 00:21:48,785 --> 00:21:53,050 So how do you pull off a heist of this magnitude? 358 00:21:53,050 --> 00:21:58,360 It takes the right crew of highly skilled specialists. 359 00:21:58,360 --> 00:22:03,234 And it all starts not with ones and zeros, but with people. 360 00:22:07,194 --> 00:22:10,633 Cybercrime is about gaining credentials 361 00:22:10,633 --> 00:22:12,678 to gain access, 362 00:22:12,678 --> 00:22:15,464 stealing the keys. 363 00:22:15,464 --> 00:22:19,859 The social engineer is critical to a hack. 364 00:22:19,859 --> 00:22:22,296 It's how you get in, and you get in 365 00:22:22,296 --> 00:22:26,431 not through digital means, you get in through human means. 366 00:22:26,431 --> 00:22:28,999 It's to do with psychology. 367 00:22:31,349 --> 00:22:35,571 The criminals have to ensnare one of the employees 368 00:22:35,571 --> 00:22:38,095 of the Bangladeshi Bank, 369 00:22:38,095 --> 00:22:41,925 beginning by going through their social media profiles 370 00:22:41,925 --> 00:22:44,754 and looking for suitable targets. 371 00:22:45,972 --> 00:22:48,975 Our relationship with the computer 372 00:22:48,975 --> 00:22:51,891 is one of perceived intimacy; 373 00:22:51,891 --> 00:22:54,416 that when we're using a computer, 374 00:22:54,416 --> 00:22:57,810 no one else can see what we're doing, we believe, 375 00:22:57,810 --> 00:23:00,422 and it's just us and the screen. 376 00:23:02,162 --> 00:23:05,862 And if we were to read an email from a friend, 377 00:23:05,862 --> 00:23:08,952 we tend to believe it at face value. 378 00:23:12,259 --> 00:23:15,262 They found close to three dozen employees. 379 00:23:15,262 --> 00:23:18,875 And they constructed a simple spear-phish email: 380 00:23:18,875 --> 00:23:21,791 an email message that pretended to be from a guy 381 00:23:21,791 --> 00:23:24,489 named Rasal Alam. 382 00:23:24,489 --> 00:23:26,099 And Rasal Alam said, 383 00:23:26,099 --> 00:23:28,624 "Hey, I just wanna work at your company. 384 00:23:28,624 --> 00:23:31,453 Here's a résumé attached. Have a look." 385 00:23:31,453 --> 00:23:34,151 And it turned out that they mailed that 386 00:23:34,151 --> 00:23:36,936 to about 36 different employees, and three of them 387 00:23:36,936 --> 00:23:39,765 opened that attachment connected to that email. 388 00:23:41,027 --> 00:23:42,376 It was a zip file, 389 00:23:42,376 --> 00:23:44,683 and the zip file contained just a document inside. 390 00:23:44,683 --> 00:23:47,338 They opened up the document and it was his résumé. 391 00:23:47,338 --> 00:23:50,776 It was a résumé for Rasel Ahlam, who wanted to work at the bank, 392 00:23:50,776 --> 00:23:53,039 but unbeknownst to those individuals, 393 00:23:53,039 --> 00:23:56,869 also contained malicious code inside. 394 00:23:56,869 --> 00:23:58,784 We can look at any data breach, 395 00:23:58,784 --> 00:24:01,265 and the root cause has either been 396 00:24:01,265 --> 00:24:03,354 a technical problem 397 00:24:03,354 --> 00:24:05,443 or a people problem. 398 00:24:05,443 --> 00:24:08,272 And the technical problems can be really hard 399 00:24:08,272 --> 00:24:10,579 and really expensive and really slow to fix, 400 00:24:10,579 --> 00:24:12,624 but at least we can fix them. 401 00:24:12,624 --> 00:24:16,193 But in the end, we have no patch for human brains. 402 00:24:17,847 --> 00:24:22,286 There's no way to fix the people who do stupid mistakes. 403 00:24:22,286 --> 00:24:23,766 When attackers try to send 404 00:24:23,766 --> 00:24:27,073 these spear-phishing emails, they try to do two things. 405 00:24:27,073 --> 00:24:30,555 They try to look very normal. It was just a résumé. 406 00:24:30,555 --> 00:24:31,861 They try to fly under the radar, 407 00:24:31,861 --> 00:24:33,558 to look as legitimate as possible. 408 00:24:33,558 --> 00:24:37,519 And the second is they often try to use enticing techniques. 409 00:24:43,655 --> 00:24:47,093 New dangers tonight from the Love Bug computer virus, 410 00:24:47,093 --> 00:24:50,009 this time disguised as a friendlier email. 411 00:24:50,009 --> 00:24:53,622 The first internet virus that went around the world 412 00:24:53,622 --> 00:24:57,930 in less than 48 hours was called the ILOVEYOU virus. 413 00:24:57,930 --> 00:25:00,542 And already, business interruption costs 414 00:25:00,542 --> 00:25:03,719 are estimated at more than a billion dollars. 415 00:25:03,719 --> 00:25:06,635 You would be sitting there working away, 416 00:25:06,635 --> 00:25:08,550 and then suddenly, in your inbox, 417 00:25:08,550 --> 00:25:12,597 you get an email which says, "I love you." 418 00:25:12,597 --> 00:25:15,295 And it could well be that this is a person 419 00:25:15,295 --> 00:25:17,863 who you've always held a torch for. 420 00:25:17,863 --> 00:25:20,387 And so, of course, you're very excited, 421 00:25:20,387 --> 00:25:24,130 and you press on the link, and then you're doomed. 422 00:25:24,130 --> 00:25:26,916 What happens is, the virus infects your machine 423 00:25:26,916 --> 00:25:30,006 and proceeds to email everyone you've ever emailed. 424 00:25:30,006 --> 00:25:32,661 The end result of that is the mail servers 425 00:25:32,661 --> 00:25:33,749 get bogged down, 426 00:25:33,749 --> 00:25:36,186 and the only way to solve the problem 427 00:25:36,186 --> 00:25:39,319 is to shut the servers down, hence the interruption. 428 00:25:39,319 --> 00:25:42,366 The ILOVEYOU virus was one of the first viruses 429 00:25:42,366 --> 00:25:45,108 that had really worldwide impact. 430 00:25:47,153 --> 00:25:49,765 It was still a virus written by a guy 431 00:25:49,765 --> 00:25:52,637 that just wanted to get his name in lights. 432 00:25:52,637 --> 00:25:53,856 He wanted to see his virus 433 00:25:53,856 --> 00:25:55,640 travel around the world a little bit 434 00:25:55,640 --> 00:25:57,424 and maybe get in the news somewhere, 435 00:25:57,424 --> 00:25:59,862 and then him be able to say, "Oh, I wrote that." 436 00:25:59,862 --> 00:26:03,126 Mr de Guzman hardly seemed to comprehend the chaos 437 00:26:03,126 --> 00:26:05,084 inflicted on the world's computers. 438 00:26:05,084 --> 00:26:08,653 But what happened was, it spread so quickly and so fast, 439 00:26:08,653 --> 00:26:11,308 it brought down email all over the world, 440 00:26:11,308 --> 00:26:13,963 and having email go down was monumental. 441 00:26:13,963 --> 00:26:17,401 Experts say that the ILOVEYOU virus could end up costing 442 00:26:17,401 --> 00:26:21,623 the world economy $10 billion in lost work time. 443 00:26:21,623 --> 00:26:25,670 It became the first sign to show that we relied on the internet. 444 00:26:25,670 --> 00:26:29,239 The internet was the basis for our financial transactions, 445 00:26:29,239 --> 00:26:31,197 for the way we do business. 446 00:26:32,503 --> 00:26:33,678 I would talk to people 447 00:26:33,678 --> 00:26:35,375 and remind them and educate them and say, 448 00:26:35,375 --> 00:26:36,942 "Look, you can't just click 449 00:26:36,942 --> 00:26:39,423 on any attachment that comes to you in an email." 450 00:26:39,423 --> 00:26:42,861 I remember talking to a guy about the Anna Kournikova virus 451 00:26:42,861 --> 00:26:46,038 that purported to be nude pictures of Anna Kournikova. 452 00:26:46,038 --> 00:26:48,998 And he told me, he said, "Yeah, I knew it was a virus. 453 00:26:48,998 --> 00:26:52,131 I thought it was probably a virus. But what if it wasn't? 454 00:26:52,131 --> 00:26:54,003 What if it really was nude pictures? 455 00:26:54,003 --> 00:26:55,831 So I double-clicked on it." 456 00:26:56,962 --> 00:26:58,442 People just don't realise 457 00:26:58,442 --> 00:27:02,098 what clicking on that attachment means. 458 00:27:02,098 --> 00:27:06,145 Cyber criminals and hackers realised a long time ago 459 00:27:06,145 --> 00:27:09,061 that your username and password, 460 00:27:09,061 --> 00:27:11,847 particularly to your email account, 461 00:27:11,847 --> 00:27:15,328 could get them into your stock brokerage account, 462 00:27:15,328 --> 00:27:18,244 to your online banking account, 463 00:27:18,244 --> 00:27:23,946 to send phishing emails to other contacts. 464 00:27:23,946 --> 00:27:28,037 If you protect yourself properly, 465 00:27:28,037 --> 00:27:31,257 the chances are you won't be a victim 466 00:27:31,257 --> 00:27:35,261 of what one would call "drive-by hacking". 467 00:27:35,261 --> 00:27:39,526 If, however, you're being specifically targeted 468 00:27:39,526 --> 00:27:43,008 by a hacking group, they will follow that trace. 469 00:27:43,922 --> 00:27:45,576 And they will get you. 470 00:27:48,492 --> 00:27:53,323 Now, we know that at least three members of the Bangladeshi Bank 471 00:27:53,323 --> 00:27:56,630 were targeted by this after the social engineer 472 00:27:56,630 --> 00:27:59,024 had scanned all of their social media, 473 00:27:59,024 --> 00:28:00,765 and at least three of them 474 00:28:00,765 --> 00:28:04,116 opened the letter and took the bait. 475 00:28:04,116 --> 00:28:06,292 Once that code began executing 476 00:28:06,292 --> 00:28:08,338 on those bank employees' computers, 477 00:28:08,338 --> 00:28:10,949 it would reach out back to the attackers 478 00:28:10,949 --> 00:28:13,909 and tell them that these machines are now infected 479 00:28:13,909 --> 00:28:15,345 and give them full control, 480 00:28:15,345 --> 00:28:18,087 as if they were sitting in front of the keyboard, 481 00:28:18,087 --> 00:28:21,177 just like those employees. 482 00:28:21,177 --> 00:28:23,788 There was malware in the system 483 00:28:23,788 --> 00:28:26,617 that was actually copying screenshots, 484 00:28:28,401 --> 00:28:33,493 copying keystrokes of employees, and no one knew. 485 00:28:33,493 --> 00:28:35,844 They've got their foot in the door. 486 00:28:35,844 --> 00:28:38,803 This is the essential first step. 487 00:28:38,803 --> 00:28:42,720 The first layer of security has been breached. 488 00:28:48,682 --> 00:28:52,382 And the digger, the person who is getting deeper and deeper 489 00:28:52,382 --> 00:28:54,601 into the computer network, 490 00:28:54,601 --> 00:28:58,301 has to be a very advanced hacker. 491 00:28:58,301 --> 00:29:03,001 This is when you need a real professional. 492 00:29:03,001 --> 00:29:05,699 They're like ghosts. Nobody can see them, 493 00:29:05,699 --> 00:29:10,052 but they're mapping every single bit of that network. 494 00:29:12,010 --> 00:29:13,620 In the Bank of Bangladesh, 495 00:29:13,620 --> 00:29:16,188 you had computers that are all interconnected to each other, 496 00:29:16,188 --> 00:29:19,322 and they're connected using what's called a switch. 497 00:29:19,322 --> 00:29:23,065 In your average bank, that has a good security program, 498 00:29:23,065 --> 00:29:25,719 those switches are what's called segmented. 499 00:29:25,719 --> 00:29:27,634 So each of those switches only allow 500 00:29:27,634 --> 00:29:30,333 a certain number of computers to talk to each other 501 00:29:30,333 --> 00:29:32,857 rather than every computer to talk to each other. 502 00:29:32,857 --> 00:29:35,425 But in the case of the Bank of Bangladesh, 503 00:29:35,425 --> 00:29:38,602 in the back-office network, they were using these very cheap, 504 00:29:38,602 --> 00:29:42,127 literally $10 switches that didn't do any segmentation. 505 00:29:42,127 --> 00:29:45,391 Every computer was potentially connected to each other. 506 00:29:45,391 --> 00:29:48,351 Basically, it's a cost-cutting exercise. 507 00:29:48,351 --> 00:29:53,573 But that cost-cutting exercise was what the digger needed. 508 00:29:53,573 --> 00:29:55,532 Those attackers began to do 509 00:29:55,532 --> 00:29:58,274 what we call a lateral traverse across the network, 510 00:29:58,274 --> 00:30:01,190 search for other computers to infect, 511 00:30:01,190 --> 00:30:03,105 look for credentials. 512 00:30:04,628 --> 00:30:06,891 Whenever you log into a computer, 513 00:30:06,891 --> 00:30:08,719 your credentials are cached. 514 00:30:08,719 --> 00:30:11,374 They're put into the memory of the computer. 515 00:30:11,374 --> 00:30:14,333 Attackers are able to filter through that memory 516 00:30:14,333 --> 00:30:16,683 and find used usernames and passwords. 517 00:30:16,683 --> 00:30:19,512 They don't always know what they're for, 518 00:30:19,512 --> 00:30:22,428 so they try to collect as many credentials as they can 519 00:30:22,428 --> 00:30:25,475 and see, "What computers can I see from this computer?", 520 00:30:25,475 --> 00:30:27,651 and just begin to use them over and over again 521 00:30:27,651 --> 00:30:28,695 and just try them. 522 00:30:31,307 --> 00:30:32,656 Eventually, they hop on 523 00:30:32,656 --> 00:30:35,093 and are able to connect to another computer. 524 00:30:35,093 --> 00:30:36,355 They get onto that one. 525 00:30:36,355 --> 00:30:38,314 It's still not what they're interested in, 526 00:30:38,314 --> 00:30:40,707 but they're able to find more usernames and passwords 527 00:30:40,707 --> 00:30:42,448 and try those on all the other computers 528 00:30:42,448 --> 00:30:44,233 they can see from that advantage point. 529 00:30:44,233 --> 00:30:48,063 That's how they move across the network over and over again. 530 00:30:48,063 --> 00:30:50,587 They would delete all traces of themselves 531 00:30:50,587 --> 00:30:52,937 as they moved across the network, 532 00:30:52,937 --> 00:30:55,679 ultimately jumping from computer to computer 533 00:30:55,679 --> 00:30:57,724 until they found the SWIFT terminal, 534 00:30:57,724 --> 00:31:00,858 their ultimate goal in order to make wire transfers 535 00:31:00,858 --> 00:31:02,860 out of the Bank of Bangladesh. 536 00:31:05,036 --> 00:31:06,820 It takes a long time. 537 00:31:06,820 --> 00:31:10,215 They're there for months. This is an ongoing process. 538 00:31:10,215 --> 00:31:14,263 If at any moment they're discovered to be in there, 539 00:31:14,263 --> 00:31:18,180 then the whole operation is finished. 540 00:31:22,184 --> 00:31:24,099 With the Bangladeshi Bank heist, 541 00:31:24,099 --> 00:31:27,319 you basically have two operations running in parallel. 542 00:31:27,319 --> 00:31:29,713 You have an offline operation going on, 543 00:31:29,713 --> 00:31:32,281 which is to do with the money laundering. 544 00:31:36,938 --> 00:31:38,983 It's the fence's responsibility 545 00:31:38,983 --> 00:31:43,945 to set up the recipient accounts. 546 00:31:43,945 --> 00:31:46,425 They're gonna end up with cold, hard cash, 547 00:31:46,425 --> 00:31:48,123 and they need individuals on the ground 548 00:31:48,123 --> 00:31:50,952 to pick up that cash and move it. 549 00:31:53,215 --> 00:31:54,477 And so, in May of 2015, 550 00:31:54,477 --> 00:31:56,914 before they'd even got into the SWIFT terminal, 551 00:31:56,914 --> 00:31:59,699 they were able to recruit a Chinese individual 552 00:31:59,699 --> 00:32:03,355 to go to the Philippines and open up four bank accounts there 553 00:32:03,355 --> 00:32:05,270 at a bank called RCBC. 554 00:32:05,270 --> 00:32:08,926 You have to make sure those people inside the bank 555 00:32:08,926 --> 00:32:10,754 in the Philippines 556 00:32:10,754 --> 00:32:13,017 have been properly corrupted 557 00:32:13,017 --> 00:32:17,717 and properly instructed as to what their role is. 558 00:32:17,717 --> 00:32:20,111 The fence opens up these accounts, 559 00:32:20,111 --> 00:32:22,635 puts $500 in each of them, 560 00:32:22,635 --> 00:32:25,769 and then they just go to sleep for nine months. 561 00:32:28,641 --> 00:32:31,993 These attackers were inside the Bank of Bangladesh 562 00:32:31,993 --> 00:32:34,865 for a full year, which is incredible. 563 00:32:41,350 --> 00:32:43,308 They actually got onto that SWIFT terminal 564 00:32:43,308 --> 00:32:44,831 exactly one year later... 565 00:32:47,660 --> 00:32:50,272 on January 29th, 2016. 566 00:32:55,538 --> 00:32:58,062 In any bank, you have different employees. 567 00:32:58,062 --> 00:33:01,457 You have back-office employees, administrative employees, 568 00:33:01,457 --> 00:33:04,373 but you also have computers that are connected 569 00:33:04,373 --> 00:33:07,202 directly to financial transactions. 570 00:33:07,202 --> 00:33:11,119 And only users who have specific access to those machines 571 00:33:11,119 --> 00:33:12,598 are allowed to use them. 572 00:33:12,598 --> 00:33:15,079 When we talk about the case of the Bank of Bangladesh, 573 00:33:15,079 --> 00:33:18,648 there was a single computer that had credentials 574 00:33:18,648 --> 00:33:20,128 from a shared employee. 575 00:33:20,128 --> 00:33:23,261 You had an employee that would use that SWIFT terminal, 576 00:33:23,261 --> 00:33:26,873 but also had their own computer in the normal back-office area. 577 00:33:26,873 --> 00:33:29,398 Once they got onto that employee's computer, 578 00:33:29,398 --> 00:33:31,095 they were able to jump across. 579 00:33:31,095 --> 00:33:35,012 They waited. They basically did a recon on the system. 580 00:33:35,012 --> 00:33:36,622 They crawled around. 581 00:33:36,622 --> 00:33:39,799 They looked and tried to fully understand how this worked, 582 00:33:39,799 --> 00:33:43,847 how SWIFT worked, how each bank employee would make a request 583 00:33:43,847 --> 00:33:47,198 into the SWIFT system, where it would go, 584 00:33:47,198 --> 00:33:49,287 how to direct that to branches 585 00:33:49,287 --> 00:33:52,160 where they had set up these accounts. 586 00:33:52,160 --> 00:33:55,772 And in this case, it was just very simple and very clever. 587 00:33:58,209 --> 00:34:00,385 The thief is not so much someone 588 00:34:00,385 --> 00:34:03,345 who is physically taking out the money 589 00:34:03,345 --> 00:34:05,738 and stuffing it into a bag. 590 00:34:05,738 --> 00:34:07,653 They're making sure 591 00:34:07,653 --> 00:34:12,615 that every bit on the system is coordinated. 592 00:34:12,615 --> 00:34:16,271 There are all sorts of things to get right 593 00:34:16,271 --> 00:34:21,537 before that fatal moment when the request is made. 594 00:34:21,537 --> 00:34:24,148 Everything has to be 595 00:34:24,148 --> 00:34:26,759 really, really precisely coordinated 596 00:34:26,759 --> 00:34:29,980 to get all the timing right. You've got four days. 597 00:34:29,980 --> 00:34:31,590 You can't afford a slip-up. 598 00:34:31,590 --> 00:34:34,376 When the attackers got into the SWIFT terminal 599 00:34:34,376 --> 00:34:38,771 on January 29th of 2016, they paused for about five days 600 00:34:38,771 --> 00:34:41,122 to get their malicious software ready 601 00:34:41,122 --> 00:34:43,211 that allowed them to cover their tracks 602 00:34:43,211 --> 00:34:45,300 when they were on that SWIFT terminal. 603 00:34:45,300 --> 00:34:48,216 They decided to wait until February 4th. 604 00:34:48,216 --> 00:34:49,869 And this is no accident. 605 00:34:53,003 --> 00:34:55,745 They have chosen a long weekend 606 00:34:55,745 --> 00:34:58,617 due to holidays in different parts of the world. 607 00:34:58,617 --> 00:35:01,229 That means, instead of the usual two days 608 00:35:01,229 --> 00:35:02,578 they have to get away with it 609 00:35:02,578 --> 00:35:04,884 before alarms start going off everywhere, 610 00:35:04,884 --> 00:35:07,974 they've got four days. It's brilliant. 611 00:35:09,541 --> 00:35:11,978 February 4th, 2016, was a Thursday. 612 00:35:11,978 --> 00:35:14,677 That's the last day of the working week in Bangladesh. 613 00:35:14,677 --> 00:35:16,983 In Bangladesh, they work from Sunday to Thursday. 614 00:35:16,983 --> 00:35:19,464 So, at some point late in the afternoon, 615 00:35:19,464 --> 00:35:22,728 the SWIFT transaction operator in the Bangladeshi Bank 616 00:35:22,728 --> 00:35:24,730 logs off his terminal. 617 00:35:28,821 --> 00:35:30,519 But three hours later, 618 00:35:30,519 --> 00:35:33,478 the thief logs into that terminal 619 00:35:33,478 --> 00:35:35,872 and starts to impersonate him. 620 00:35:35,872 --> 00:35:38,962 They logged into that SWIFT terminal at 8:36 p.m., 621 00:35:38,962 --> 00:35:41,094 after they believed, or really knew, 622 00:35:41,094 --> 00:35:44,446 that all the bank employees had gone home for the weekend. 623 00:35:44,446 --> 00:35:48,276 And they put forward 35 different wire transactions 624 00:35:48,276 --> 00:35:52,323 from that SWIFT terminal, totalling $951 million, 625 00:35:52,323 --> 00:35:55,674 almost $1 billion, completely unheard of. 626 00:35:58,721 --> 00:36:02,072 Ten hours behind Bangladesh, 627 00:36:02,072 --> 00:36:03,856 New York is waking up. 628 00:36:04,988 --> 00:36:07,295 The first thing that the Fed sees 629 00:36:07,295 --> 00:36:09,340 is 35 requests 630 00:36:09,340 --> 00:36:13,257 for almost the entire holdings of the Bangladeshi Bank. 631 00:36:13,257 --> 00:36:17,566 Usually, it's figures of sort of $300,000, $500,000. 632 00:36:17,566 --> 00:36:19,568 They want almost a billion! 633 00:36:19,568 --> 00:36:23,789 The operator, perhaps unsurprisingly, rejects it, 634 00:36:23,789 --> 00:36:26,531 sends it back to Bangladesh. 635 00:36:26,531 --> 00:36:28,794 But he rejects it not because 636 00:36:28,794 --> 00:36:32,624 this is an absolutely crazy amount of money, 637 00:36:32,624 --> 00:36:36,628 but because the requests are wrongly formatted. 638 00:36:36,628 --> 00:36:39,196 As much research that they had done, 639 00:36:39,196 --> 00:36:41,894 they didn't really understand how to fill out 640 00:36:41,894 --> 00:36:43,374 those SWIFT transfers. 641 00:36:43,374 --> 00:36:45,985 They were missing what's called an intermediate bank. 642 00:36:45,985 --> 00:36:48,205 New York Federal Reserve replied to them, 643 00:36:48,205 --> 00:36:50,512 via the SWIFT system, back to their computer 644 00:36:50,512 --> 00:36:52,731 that they were sitting in front of, virtually, 645 00:36:52,731 --> 00:36:56,518 saying, "Hey, these transactions are missing information." 646 00:36:56,518 --> 00:36:58,563 They think on their feet. 647 00:36:58,563 --> 00:37:02,872 They reformat the requests, send them back... 648 00:37:02,872 --> 00:37:06,049 and hold their breath to see what happens. 649 00:37:06,049 --> 00:37:08,617 They ultimately corrected 34 of them. 650 00:37:08,617 --> 00:37:09,922 They had forgotten one. 651 00:37:09,922 --> 00:37:12,273 The one did have the intermediate bank 652 00:37:12,273 --> 00:37:13,491 went to Deutsche Bank. 653 00:37:13,491 --> 00:37:15,624 That order was for $20 million 654 00:37:15,624 --> 00:37:19,845 to a charity called the Shalika Foundation in Sri Lanka. 655 00:37:19,845 --> 00:37:22,152 But they had made a typo as well, 656 00:37:22,152 --> 00:37:25,460 and they had misspelled "foundation" as "fandation". 657 00:37:25,460 --> 00:37:27,723 And so Deutsche Bank saw that typo 658 00:37:27,723 --> 00:37:29,899 and questioned it and, again, 659 00:37:29,899 --> 00:37:32,336 held that transaction due to that typo. 660 00:37:34,686 --> 00:37:36,906 We use that as the poster child 661 00:37:36,906 --> 00:37:40,126 for why you need to learn how to spell. 662 00:37:40,126 --> 00:37:43,826 Otherwise, you can lose $20 million. 663 00:37:43,826 --> 00:37:47,308 Ultimately, when they return the other 34... 664 00:37:48,613 --> 00:37:50,311 Bingo. 665 00:37:50,311 --> 00:37:52,530 The operator approves them. 666 00:37:52,530 --> 00:37:55,838 Four of them went through. 667 00:37:55,838 --> 00:38:00,538 The green light is given. The heist is on. 668 00:38:00,538 --> 00:38:03,672 Those four went through to those bank accounts 669 00:38:03,672 --> 00:38:06,109 in the Philippines that had been opened 670 00:38:06,109 --> 00:38:07,632 more than six months earlier. 671 00:38:07,632 --> 00:38:10,679 And they were able to transfer out $81 million 672 00:38:10,679 --> 00:38:12,681 to the bank in the Philippines. 673 00:38:34,224 --> 00:38:37,880 Ultimately, they were about to transfer $1 billion 674 00:38:37,880 --> 00:38:39,577 from the Bank of Bangladesh, 675 00:38:39,577 --> 00:38:42,537 but they didn't want anyone to find out. 676 00:38:47,890 --> 00:38:51,502 They began to cover their tracks. 677 00:38:51,502 --> 00:38:53,243 Normally, as a bank employee, 678 00:38:53,243 --> 00:38:55,114 you'll load up the SWIFT software, 679 00:38:55,114 --> 00:38:57,987 you'll see on the screen all the latest transactions, 680 00:38:57,987 --> 00:38:59,641 you can make transactions. 681 00:38:59,641 --> 00:39:04,385 And so the attackers deleted all records of those transactions. 682 00:39:07,126 --> 00:39:08,606 But it's not just digital. 683 00:39:08,606 --> 00:39:13,045 In the world of finance, everything must be a hard copy. 684 00:39:13,045 --> 00:39:16,048 And the attackers knew that as well. 685 00:39:20,618 --> 00:39:23,665 Every SWIFT transaction that takes place 686 00:39:23,665 --> 00:39:29,018 is immediately printed out locally in the Bangladeshi Bank. 687 00:39:29,018 --> 00:39:32,021 So that printer cannot be working 688 00:39:32,021 --> 00:39:34,719 when the heist is going on. 689 00:39:34,719 --> 00:39:37,592 The attackers hijacked all of those print jobs, 690 00:39:37,592 --> 00:39:40,464 replaced all of those print jobs with zeros 691 00:39:40,464 --> 00:39:43,598 so that nothing would come out of the printer. 692 00:39:43,598 --> 00:39:48,559 Now, the other 30 wire transactions sat around. 693 00:39:48,559 --> 00:39:51,910 And, ultimately, the attackers waited, 694 00:39:51,910 --> 00:39:54,304 and they waited... 695 00:39:54,304 --> 00:39:58,917 And they logged out at 3:59 a.m. Bangladesh time. 696 00:39:58,917 --> 00:40:01,485 Potentially, they thought that in New York, 697 00:40:01,485 --> 00:40:03,139 the business day ended at five p.m., 698 00:40:03,139 --> 00:40:04,967 and they weren't gonna hear any more. 699 00:40:04,967 --> 00:40:06,925 The New York Fed had actually stopped 700 00:40:06,925 --> 00:40:08,492 the rest of the transactions, 701 00:40:08,492 --> 00:40:11,974 because the address for the bank in the Philippines 702 00:40:11,974 --> 00:40:15,847 was on Jupiter Street. J-U-P-I-T-E-R. 703 00:40:15,847 --> 00:40:20,896 Right, now this is when the story gets really weird. 704 00:40:20,896 --> 00:40:24,900 In a totally unrelated incident two years earlier, 705 00:40:24,900 --> 00:40:28,512 we have a Greek shipping magnate, Dimitris Cambis, 706 00:40:28,512 --> 00:40:32,081 and he is buying eight tankers. 707 00:40:32,081 --> 00:40:35,301 What Dimitris knew, but not many other people, 708 00:40:35,301 --> 00:40:39,915 was that the money for these eight oil tankers 709 00:40:39,915 --> 00:40:41,960 came from Iran, 710 00:40:41,960 --> 00:40:45,703 and Iran was under US sanctions. 711 00:40:45,703 --> 00:40:48,401 Someone in the US caught wind of the fact 712 00:40:48,401 --> 00:40:51,753 that the Iranians were financing Mr Cambis. 713 00:40:51,753 --> 00:40:55,060 His company was put on the sanctions watch list, 714 00:40:55,060 --> 00:40:58,368 and his company was called Jupiter Seaways. 715 00:41:00,718 --> 00:41:02,633 It was just their bad luck 716 00:41:02,633 --> 00:41:05,244 that they designated the money transfers 717 00:41:05,244 --> 00:41:11,381 to go to the Jupiter branch of the Rizal Bank in Manila. 718 00:41:11,381 --> 00:41:15,254 As the transfers were being sent out from the New York Reserve 719 00:41:15,254 --> 00:41:17,039 to the Philippines, 720 00:41:17,039 --> 00:41:20,999 the Jupiter name was caught by the computer system. 721 00:41:20,999 --> 00:41:23,959 It halted these transactions. 722 00:41:23,959 --> 00:41:26,527 The Fed had to take a second look. 723 00:41:26,527 --> 00:41:28,833 They stopped it because they realised, 724 00:41:28,833 --> 00:41:31,227 "Wait, we have somewhere in the order 35 transactions 725 00:41:31,227 --> 00:41:33,272 coming from the Bank of Bangladesh, 726 00:41:33,272 --> 00:41:37,450 adding up to $1 billion? You know, this isn't usual." 727 00:41:37,450 --> 00:41:40,105 So they held them and sent a message back, 728 00:41:40,105 --> 00:41:41,933 asking for confirmation. 729 00:41:44,632 --> 00:41:47,809 Had the attackers waited just one more hour, 730 00:41:47,809 --> 00:41:50,638 they could have replied to them via the SWIFT system, 731 00:41:50,638 --> 00:41:53,249 saying these transactions were not a mistake. 732 00:41:53,249 --> 00:41:55,338 Ultimately, the Bank of Bangladesh 733 00:41:55,338 --> 00:41:57,296 might have lost much, much more. 734 00:41:57,296 --> 00:42:01,387 So far, they managed to get $81 million. 735 00:42:01,387 --> 00:42:05,478 But, boy, did they come close to hitting the jackpot. 736 00:42:05,478 --> 00:42:07,698 Just under $1 billion 737 00:42:07,698 --> 00:42:11,615 was very, very nearly stolen from this bank. 738 00:42:22,104 --> 00:42:25,237 The next day, the bank employees came in, 739 00:42:25,237 --> 00:42:26,630 and the printer wasn't working, 740 00:42:26,630 --> 00:42:28,980 because they installed their malicious code 741 00:42:28,980 --> 00:42:30,765 to prevent that from happening. 742 00:42:30,765 --> 00:42:32,680 Ultimately, those bank employees 743 00:42:32,680 --> 00:42:34,943 didn't get it fixed until February 6, 744 00:42:34,943 --> 00:42:36,597 which would have been a Sunday. 745 00:42:38,294 --> 00:42:41,340 When the printer started, all these messages came out, 746 00:42:41,340 --> 00:42:42,951 messages from the Fed asking, 747 00:42:42,951 --> 00:42:46,084 "What are these 30 transactions? Did you mean to make these?" 748 00:42:46,084 --> 00:42:48,347 That triggered the Bank of Bangladesh 749 00:42:48,347 --> 00:42:51,046 to realise something had gone wrong. 750 00:42:51,046 --> 00:42:53,701 It was very clear that they were in deep, 751 00:42:53,701 --> 00:42:57,400 such that the bank manager... This is the Bank of Bangladesh, 752 00:42:57,400 --> 00:43:00,577 the federal bank, the national bank of the country, 753 00:43:00,577 --> 00:43:04,146 did not notify the leaders, 754 00:43:04,146 --> 00:43:07,279 the government of Bangladesh. He kept it under wraps. 755 00:43:07,279 --> 00:43:10,587 He notified someone he knew who knew about security. 756 00:43:10,587 --> 00:43:12,415 "Get on a plane, get to Bangladesh. 757 00:43:12,415 --> 00:43:14,983 I need you to look at these computer systems." 758 00:43:20,510 --> 00:43:22,991 Initially, the governor and his whole team 759 00:43:22,991 --> 00:43:24,209 were quite perplexed. 760 00:43:24,209 --> 00:43:27,386 They didn't quite know what had happened. 761 00:43:27,386 --> 00:43:30,259 So they thought that some money had been routed 762 00:43:30,259 --> 00:43:33,088 to a wrong account; it would come back. 763 00:43:36,352 --> 00:43:39,964 I get this strange phone call from the governor's office 764 00:43:39,964 --> 00:43:42,750 asking me if I would drop everything 765 00:43:42,750 --> 00:43:45,317 and come to Dhaka, Bangladesh. 766 00:43:49,104 --> 00:43:51,280 So I assembled a team... 767 00:43:52,150 --> 00:43:53,935 and we flew down. 768 00:43:57,939 --> 00:44:02,639 When we arrived there, we met with the Bangladesh Bank team. 769 00:44:02,639 --> 00:44:06,164 And that's when I discovered all the horrifying details 770 00:44:06,164 --> 00:44:08,514 of what had actually happened. 771 00:44:12,431 --> 00:44:15,260 They decide, "Let's look at the CCTV. 772 00:44:15,260 --> 00:44:17,436 What's that going to tell us?" 773 00:44:17,436 --> 00:44:20,352 There were eight hours' worth of tapes 774 00:44:20,352 --> 00:44:23,181 that had to be gone through. 775 00:44:23,181 --> 00:44:26,097 Your gut instinct is, you have a malicious insider. 776 00:44:26,097 --> 00:44:27,751 A physical person had to go in, 777 00:44:27,751 --> 00:44:30,885 log into that machine and try to make these transfers, 778 00:44:30,885 --> 00:44:34,758 because this attack hadn't happened before. 779 00:44:34,758 --> 00:44:37,674 They had a SWIFT room, which was locked. 780 00:44:37,674 --> 00:44:39,981 And typically when the SWIFT operators 781 00:44:39,981 --> 00:44:43,767 needed to do something on SWIFT, they had to go into the room, 782 00:44:43,767 --> 00:44:47,510 sit in that chair and terminal, 783 00:44:47,510 --> 00:44:52,080 and there was only one shadow we could find. 784 00:44:52,080 --> 00:44:54,822 We eventually decided it was the person 785 00:44:54,822 --> 00:44:58,434 sweeping the place after hours. 786 00:45:00,784 --> 00:45:04,353 They were saying, "How could somebody process the transaction 787 00:45:04,353 --> 00:45:06,007 when there was nobody there?" 788 00:45:06,007 --> 00:45:10,620 I mean, even after the payment instructions had been sent, 789 00:45:10,620 --> 00:45:15,451 they had no idea for a very long time what was happening. 790 00:45:15,451 --> 00:45:19,455 They didn't think it was a hack. They had no traces of a hack. 791 00:45:19,455 --> 00:45:22,675 But they watched eight hours of that footage over that weekend 792 00:45:22,675 --> 00:45:25,678 and realised there was no one at that computer. 793 00:45:25,678 --> 00:45:26,984 Nothing. 794 00:45:26,984 --> 00:45:29,291 They had no idea that the Bank of Bangladesh 795 00:45:29,291 --> 00:45:31,902 had been breached by hackers. 796 00:45:31,902 --> 00:45:35,427 Only after we see these things happen over and over again, 797 00:45:35,427 --> 00:45:39,214 we realise that cyber has such capabilities. 798 00:45:44,088 --> 00:45:47,483 Bangladesh was a bit of a bombshell for all of us. 799 00:45:49,354 --> 00:45:52,140 Hackers and most cybercrime, 800 00:45:52,140 --> 00:45:54,098 it's like smash-and-grab crime. 801 00:45:54,098 --> 00:45:56,535 Quickly grab something and monetise it 802 00:45:56,535 --> 00:45:58,146 as swiftly as you can. 803 00:45:58,146 --> 00:46:01,279 You know, storm a bank with shotguns, blow a safe, 804 00:46:01,279 --> 00:46:04,021 fill some bags with cash. 805 00:46:04,021 --> 00:46:06,067 Cybercrime... 806 00:46:06,067 --> 00:46:09,461 It doesn't lend itself well to long conspiracy 807 00:46:09,461 --> 00:46:11,899 and lots of investigation and investment 808 00:46:11,899 --> 00:46:13,639 into understanding your target. 809 00:46:13,639 --> 00:46:15,946 I mean, you couldn't do Bangladesh 810 00:46:15,946 --> 00:46:19,080 unless you really understood the internal workings 811 00:46:19,080 --> 00:46:21,952 of the central bank and all the actors involved. 812 00:46:21,952 --> 00:46:24,650 That's not something that freelance hackers 813 00:46:24,650 --> 00:46:26,870 really are good at. 814 00:46:26,870 --> 00:46:29,960 That requires a level of investment into resources 815 00:46:29,960 --> 00:46:34,138 and frankly intelligence that has to be sustained. 816 00:46:34,138 --> 00:46:38,055 To organise something of that complexity 817 00:46:38,055 --> 00:46:40,884 and for it not to be noticed 818 00:46:40,884 --> 00:46:43,582 by the intelligence agencies of the state 819 00:46:43,582 --> 00:46:46,063 where that is being planned 820 00:46:46,063 --> 00:46:50,328 would be very, very difficult indeed. 821 00:46:50,328 --> 00:46:53,462 These hackers went in and looked at the zeros and ones 822 00:46:53,462 --> 00:46:55,768 in the software and reverse engineered it, 823 00:46:55,768 --> 00:46:58,423 turned it back into understandable code. 824 00:46:58,423 --> 00:47:00,948 That's not something that happens overnight. 825 00:47:00,948 --> 00:47:02,427 It was pretty clear 826 00:47:02,427 --> 00:47:04,908 that this isn't just normal criminals. 827 00:47:04,908 --> 00:47:07,171 This has to be something bigger. 828 00:47:10,087 --> 00:47:14,004 Once attackers have gained access to their target network, 829 00:47:14,004 --> 00:47:16,050 they want to stay undetected. 830 00:47:18,530 --> 00:47:21,011 And we've seen many interesting examples 831 00:47:21,011 --> 00:47:23,057 of how exactly this is done. 832 00:47:26,321 --> 00:47:27,844 What exactly happened 833 00:47:27,844 --> 00:47:30,238 at the Natanz nuclear facility last week? 834 00:47:30,238 --> 00:47:32,849 It's a question people in Iran around the world 835 00:47:32,849 --> 00:47:35,504 have been asking since a fire was reported 836 00:47:35,504 --> 00:47:38,899 at Iran's main uranium enrichment facility on Thursday. 837 00:47:38,899 --> 00:47:41,945 We're used to Trojans and viruses on the internet, 838 00:47:41,945 --> 00:47:43,381 but this is the first worm 839 00:47:43,381 --> 00:47:46,950 designed to damage the physical world. 840 00:47:46,950 --> 00:47:51,085 In 2010, attackers created a piece of malicious software 841 00:47:51,085 --> 00:47:55,393 that was designed to infiltrate Iran's nuclear programme, 842 00:47:55,393 --> 00:47:57,047 to get into their centrifuges, 843 00:47:57,047 --> 00:47:59,093 in particular, get onto computers 844 00:47:59,093 --> 00:48:00,964 that controlled their centrifuges. 845 00:48:00,964 --> 00:48:04,185 Iran says it will retaliate against any country 846 00:48:04,185 --> 00:48:06,927 that conducts cyber-attacks on its nuclear sites. 847 00:48:06,927 --> 00:48:09,581 The intention was to spin the centrifuges 848 00:48:09,581 --> 00:48:12,193 of Iran's nuclear capabilities out of control, 849 00:48:12,193 --> 00:48:14,195 make the centrifuges explode 850 00:48:14,195 --> 00:48:15,457 and push them ten years back 851 00:48:15,457 --> 00:48:17,415 in the uranium enrichment programme. 852 00:48:17,415 --> 00:48:18,764 As a piece of malware, 853 00:48:18,764 --> 00:48:21,811 it was 40 times larger than any piece of malware 854 00:48:21,811 --> 00:48:24,379 that had ever been encountered before. 855 00:48:24,379 --> 00:48:28,557 It would have taken the most advanced, 856 00:48:28,557 --> 00:48:31,038 brilliant computer engineers 857 00:48:31,038 --> 00:48:34,128 years and years of human working hours 858 00:48:34,128 --> 00:48:35,999 to produce this. 859 00:48:35,999 --> 00:48:38,132 Why was it so big? 860 00:48:38,132 --> 00:48:42,353 Because it needed to cover itself up. 861 00:48:44,877 --> 00:48:47,837 The attackers were actually recording 862 00:48:47,837 --> 00:48:52,363 the network traffic, the normal network traffic, 863 00:48:52,363 --> 00:48:55,105 and then playing it back to the sensors 864 00:48:55,105 --> 00:48:58,891 when they started modifying the operations of the centrifuges 865 00:48:58,891 --> 00:49:00,763 they were trying to break. 866 00:49:04,506 --> 00:49:06,943 This is the equivalent of, in the real world, 867 00:49:06,943 --> 00:49:09,946 recording the CCTV footage from a security camera 868 00:49:09,946 --> 00:49:12,209 and then playing it back to the camera 869 00:49:12,209 --> 00:49:14,168 when you're doing something bad. 870 00:49:14,168 --> 00:49:16,344 That's what Stuxnet was doing. 871 00:49:16,344 --> 00:49:18,085 And in the Bangladesh heist, 872 00:49:18,085 --> 00:49:20,261 they were doing something similar. 873 00:49:20,261 --> 00:49:22,915 Once they made their transactions, 874 00:49:22,915 --> 00:49:26,354 they wanted to make sure no one realised they had happened. 875 00:49:26,354 --> 00:49:29,096 They were actually falsifying the information 876 00:49:29,096 --> 00:49:30,619 about transactions. 877 00:49:30,619 --> 00:49:33,448 The recording of the transactions were being done 878 00:49:33,448 --> 00:49:35,015 both in electronic format, 879 00:49:35,015 --> 00:49:38,583 but also falsifying the data being sent to the printers, 880 00:49:38,583 --> 00:49:41,064 which actually looked like everything was fine. 881 00:49:41,064 --> 00:49:44,285 So you find out how you're being tracked, 882 00:49:44,285 --> 00:49:47,027 and then you try to cover your tracks. 883 00:49:47,027 --> 00:49:48,289 Stuxnet did that. 884 00:49:48,289 --> 00:49:50,813 The Bangladeshi heist did it as well. 885 00:49:53,250 --> 00:49:56,993 Once that money arrived in the Philippines, 886 00:49:56,993 --> 00:50:00,562 they needed to change that money into cold, hard cash. 887 00:50:00,562 --> 00:50:02,955 Right now, it's still in digital ones and zeros, 888 00:50:02,955 --> 00:50:05,480 just a transaction that said the money has moved 889 00:50:05,480 --> 00:50:06,872 from the Bank of Bangladesh 890 00:50:06,872 --> 00:50:10,137 to these accounts at RCBC. Four accounts. 891 00:50:10,137 --> 00:50:13,575 The thieves had to get it out of the Philippines, 892 00:50:13,575 --> 00:50:15,664 make it disappear. 893 00:50:15,664 --> 00:50:18,493 So how were they going to do that? 894 00:50:18,493 --> 00:50:20,886 There is one industry in the Philippines 895 00:50:20,886 --> 00:50:23,280 where there is absolutely no oversight, 896 00:50:23,280 --> 00:50:27,284 where it's a cash-only business. There are no records, no names. 897 00:50:27,284 --> 00:50:29,156 That is the casino industry. 898 00:50:41,168 --> 00:50:43,300 When we talk about laundering funds, 899 00:50:43,300 --> 00:50:45,998 we're talking about taking dirty, illicit funds, 900 00:50:45,998 --> 00:50:49,524 running them through a legal business 901 00:50:49,524 --> 00:50:52,092 so that if I came to you and said, 902 00:50:52,092 --> 00:50:55,443 "Hey, where'd you get that $81 million?", 903 00:50:55,443 --> 00:51:00,361 you could have a paper trail to show that you won it back. 904 00:51:00,361 --> 00:51:03,146 The hard part is not stealing the money. 905 00:51:03,146 --> 00:51:06,671 The hard part is moving the money into a form you can use 906 00:51:06,671 --> 00:51:08,195 without getting caught. 907 00:51:10,284 --> 00:51:15,245 And one method we've seen for quite a while is gambling. 908 00:51:15,245 --> 00:51:17,117 It was very clear that, 909 00:51:17,117 --> 00:51:20,294 if, at all, there was a place for you to do that, 910 00:51:20,294 --> 00:51:22,209 it would have been the Philippines, 911 00:51:22,209 --> 00:51:25,081 because the casinos are not regulated at all. 912 00:51:27,214 --> 00:51:30,347 It's like a lot of high-flying gamblers 913 00:51:30,347 --> 00:51:33,350 who'd kind of fly to Manila, 914 00:51:33,350 --> 00:51:37,093 crowd these numerous casinos in Manila, 915 00:51:37,093 --> 00:51:38,442 lots of money coming in. 916 00:51:38,442 --> 00:51:41,358 People don't question that kind of money. 917 00:51:41,358 --> 00:51:42,838 I mean, you know... 918 00:51:42,838 --> 00:51:44,796 "Well, as long as it's coming to us, 919 00:51:44,796 --> 00:51:47,930 we don't bother too much about where it is coming from." 920 00:51:49,366 --> 00:51:52,326 The thieves knew if they could get that money 921 00:51:52,326 --> 00:51:55,590 into the casinos, it would essentially be lost. 922 00:51:56,852 --> 00:51:58,158 What happened was, 923 00:51:58,158 --> 00:52:00,464 the manager from the Philippines bank, 924 00:52:00,464 --> 00:52:03,424 she was the one who'd opened those four accounts 925 00:52:03,424 --> 00:52:05,600 using fraudulent IDs. 926 00:52:05,600 --> 00:52:09,995 She got the money withdrawn from the bank in the Philippines. 927 00:52:11,606 --> 00:52:12,998 From there, it started to go 928 00:52:12,998 --> 00:52:14,609 through something called Philrem. 929 00:52:14,609 --> 00:52:18,047 It's a bit like a Western Union in the Philippines, 930 00:52:18,047 --> 00:52:20,223 transferred into pesos. 931 00:52:20,223 --> 00:52:22,530 I don't know if you've ever used 932 00:52:22,530 --> 00:52:24,053 Philippine pesos before, 933 00:52:24,053 --> 00:52:28,100 but that's one hell of a lot of pesos, $22 million. 934 00:52:28,100 --> 00:52:33,497 In fact, it's over one million banknotes. 935 00:52:33,497 --> 00:52:35,673 They actually had to request that cash 936 00:52:35,673 --> 00:52:39,024 to come from a sister branch location, 937 00:52:39,024 --> 00:52:40,896 that arrived in boxes. 938 00:52:40,896 --> 00:52:44,465 The bank manager was seen by one of the other bank employees 939 00:52:44,465 --> 00:52:47,642 collecting those boxes and literally going outside 940 00:52:47,642 --> 00:52:49,905 and loading them up into a Lexus. 941 00:52:51,036 --> 00:52:53,387 And that money was driven away. 942 00:52:59,828 --> 00:53:03,745 So, we're talking stacks of bills carried in vans 943 00:53:03,745 --> 00:53:07,270 to the Solaire Casino right by the airport. 944 00:53:07,270 --> 00:53:10,491 It allows the Chinese gamblers to come off the plane. 945 00:53:10,491 --> 00:53:13,363 Five minutes, they're on the floor playing baccarat. 946 00:53:16,453 --> 00:53:20,022 The money goes to this place. It's wheeled in wheelbarrows 947 00:53:20,022 --> 00:53:24,156 across the casino floor up to this guarded escalator. 948 00:53:35,298 --> 00:53:38,258 There's so much physical cash involved, 949 00:53:38,258 --> 00:53:41,348 they've enlisted their own crew of gamblers 950 00:53:41,348 --> 00:53:44,873 to launder the stolen funds. 951 00:53:44,873 --> 00:53:47,136 And they just played baccarat, 952 00:53:47,136 --> 00:53:49,660 all day long. 953 00:53:49,660 --> 00:53:51,183 They had individuals, 954 00:53:51,183 --> 00:53:54,274 mostly appeared to be Chinese nationals that they had, 955 00:53:54,274 --> 00:53:57,581 I assume, hired to take those funds and launder them. 956 00:53:57,581 --> 00:54:01,542 You change that cash into casino chips, 957 00:54:01,542 --> 00:54:03,195 play a few games, 958 00:54:03,195 --> 00:54:04,980 cash in the chips. 959 00:54:04,980 --> 00:54:10,638 And when you get that cash back, that is then laundered. 960 00:54:10,638 --> 00:54:13,162 And this wouldn't have been unusual. 961 00:54:13,162 --> 00:54:15,556 This was the Chinese lunar week. 962 00:54:15,556 --> 00:54:18,341 That would've been very common for individuals, 963 00:54:18,341 --> 00:54:20,604 high rollers, to come into the Philippines 964 00:54:20,604 --> 00:54:22,911 and play at the casinos during that time. 965 00:54:22,911 --> 00:54:26,654 Spending $22 million in a casino over a weekend, 966 00:54:26,654 --> 00:54:28,612 let's face it, could be fun. 967 00:54:32,921 --> 00:54:36,751 Doing this story and trying to figure out 968 00:54:36,751 --> 00:54:40,450 where in history to sort of place this thing. 969 00:54:40,450 --> 00:54:43,366 Was this the biggest heist of all time? 970 00:54:43,366 --> 00:54:47,370 No, but it certainly looked to be the biggest cyber heist 971 00:54:47,370 --> 00:54:50,286 of a bank in history. 972 00:54:50,286 --> 00:54:54,421 And over the next few days, I just remember 973 00:54:54,421 --> 00:54:58,468 calling up my sources at Symantec 974 00:54:58,468 --> 00:55:01,036 and a couple other cybersecurity firms 975 00:55:01,036 --> 00:55:04,300 and getting in touch with a guy named Eric Chien. 976 00:55:06,128 --> 00:55:09,174 We have all kinds of sensors sitting on networks 977 00:55:09,174 --> 00:55:10,828 and computers all over the world. 978 00:55:10,828 --> 00:55:14,179 Any time some sort of cyber criminal, some attacker, 979 00:55:14,179 --> 00:55:18,096 is trying to breach a computer, they're leaving traces behind. 980 00:55:19,620 --> 00:55:23,580 Every attack has a signature. 981 00:55:23,580 --> 00:55:25,147 If you look at it long enough, 982 00:55:25,147 --> 00:55:27,497 if you study it, if you work it long enough, 983 00:55:27,497 --> 00:55:29,760 you can understand the way they do things. 984 00:55:29,760 --> 00:55:31,327 The way they state something, 985 00:55:31,327 --> 00:55:34,504 the way they code a particular way, 986 00:55:34,504 --> 00:55:39,944 the methodology of the attack, the step-by-step approaches. 987 00:55:39,944 --> 00:55:42,947 It might be considered like Sherlock Holmesian 988 00:55:42,947 --> 00:55:44,427 to come up with this idea. 989 00:55:44,427 --> 00:55:46,821 "Because he walks with a gait this way, 990 00:55:46,821 --> 00:55:48,997 and he does this..." But it is true. 991 00:55:48,997 --> 00:55:53,305 We see those signatures. We see those patterns. 992 00:55:54,263 --> 00:55:56,047 What we discovered was, 993 00:55:56,047 --> 00:55:59,486 by looking at the artefacts that these attackers had used, 994 00:55:59,486 --> 00:56:01,923 the malicious binaries they had used, 995 00:56:01,923 --> 00:56:03,228 the code inside of it, 996 00:56:03,228 --> 00:56:05,796 as well as the email accounts that they used 997 00:56:05,796 --> 00:56:07,972 to send the initial spear-phishing messages, 998 00:56:07,972 --> 00:56:12,542 we were able to map this back to an attacker back in 2014. 999 00:56:15,458 --> 00:56:18,548 Sony Pictures is mainly housed in Culver City. 1000 00:56:18,548 --> 00:56:20,550 And in 2014, 1001 00:56:20,550 --> 00:56:24,641 Sony Pictures went down, which was unheard of. 1002 00:56:24,641 --> 00:56:26,121 On that day in November, 1003 00:56:26,121 --> 00:56:28,602 people would have come in, tried to swipe their badge 1004 00:56:28,602 --> 00:56:30,821 and not even be able to get into the office. 1005 00:56:30,821 --> 00:56:32,823 They get into the building finally 1006 00:56:32,823 --> 00:56:36,000 and then they discover that nothing else is working either. 1007 00:56:36,000 --> 00:56:40,048 Printers aren't working, computers aren't working. 1008 00:56:40,048 --> 00:56:43,268 People who had laptops connected to the network 1009 00:56:43,268 --> 00:56:45,009 would have immediately seen 1010 00:56:45,009 --> 00:56:47,969 skulls and crossbones show up on their screens, 1011 00:56:47,969 --> 00:56:51,059 scrolling with scary Halloween-type music 1012 00:56:51,059 --> 00:56:52,539 playing in the background. 1013 00:56:52,539 --> 00:56:55,759 And it said, "Hacked by the GOP." 1014 00:56:55,759 --> 00:56:59,023 Guardians of the Peace. 1015 00:56:59,023 --> 00:57:02,070 A mysterious crew of hackers, 1016 00:57:02,070 --> 00:57:06,030 also known as the Lazarus Group. 1017 00:57:06,030 --> 00:57:08,163 We'd call them the Lazarus Group. 1018 00:57:08,163 --> 00:57:09,294 They've been responsible 1019 00:57:09,294 --> 00:57:11,166 for many, many attacks over the years. 1020 00:57:11,166 --> 00:57:13,385 You know, political statements 1021 00:57:13,385 --> 00:57:15,997 and bringing down some websites in South Korea 1022 00:57:15,997 --> 00:57:20,349 and also the White House in the United States and the Pentagon. 1023 00:57:20,349 --> 00:57:23,918 Now, at this point, the penny has dropped. 1024 00:57:23,918 --> 00:57:26,050 Sony has been hacked. 1025 00:57:26,050 --> 00:57:28,705 The hack attack has had a devastating effect 1026 00:57:28,705 --> 00:57:31,534 on the entertainment company, with an avalanche of leaks 1027 00:57:31,534 --> 00:57:34,232 revealing personal information of employees 1028 00:57:34,232 --> 00:57:37,540 and salacious email exchanges of A-list celebrities. 1029 00:57:37,540 --> 00:57:40,543 They ultimately compromised Sony Pictures Network, 1030 00:57:40,543 --> 00:57:43,894 got inside and wiped 10,000 computers. 1031 00:57:43,894 --> 00:57:45,635 On top of that, they actually stole 1032 00:57:45,635 --> 00:57:48,725 all kinds of documents and emails from Sony Pictures. 1033 00:57:48,725 --> 00:57:50,858 The hack on Sony Pictures 1034 00:57:50,858 --> 00:57:53,425 is rocking Hollywood's very foundation; 1035 00:57:53,425 --> 00:57:56,080 the industry, warts and all, exposed. 1036 00:57:56,080 --> 00:57:59,301 Initially, we had no link between the SWIFT attack 1037 00:57:59,301 --> 00:58:01,999 and the Sony Pictures attack. 1038 00:58:01,999 --> 00:58:04,524 But when we were looking at the malware, 1039 00:58:04,524 --> 00:58:06,438 we found an interesting detail. 1040 00:58:06,438 --> 00:58:09,616 There was a component called an indexing manager, 1041 00:58:09,616 --> 00:58:13,054 which was saving the logs during the SWIFT attack 1042 00:58:13,054 --> 00:58:15,535 into an encrypted file. 1043 00:58:15,535 --> 00:58:18,581 The file was encrypted with a really long key, 1044 00:58:18,581 --> 00:58:22,106 and when we just googled for the key, 1045 00:58:22,106 --> 00:58:25,327 we found that the same key, exactly, 1046 00:58:25,327 --> 00:58:30,637 was used 18 months earlier in the Sony Pictures attack. 1047 00:58:31,812 --> 00:58:34,162 This was the moment we realised 1048 00:58:34,162 --> 00:58:36,120 the Bangladeshi SWIFT attack 1049 00:58:36,120 --> 00:58:39,776 was probably perpetrated by the Lazarus Group. 1050 00:58:40,734 --> 00:58:42,344 So, who is Lazarus? 1051 00:58:42,344 --> 00:58:43,824 Well, from what we know, 1052 00:58:43,824 --> 00:58:46,783 they're a trans-global criminal organisation 1053 00:58:46,783 --> 00:58:51,614 that's been trained at a nation-state level. 1054 00:58:51,614 --> 00:58:55,487 The nation states really started coming in on a criminal side... 1055 00:58:57,098 --> 00:58:59,274 when sanctions started. 1056 00:58:59,274 --> 00:59:02,320 When we start limiting the capability of a nation 1057 00:59:02,320 --> 00:59:05,454 to get cash, and we up the methodology 1058 00:59:05,454 --> 00:59:08,022 to monitor the way they're getting cash, 1059 00:59:08,022 --> 00:59:11,068 they turn to different approaches. 1060 00:59:11,068 --> 00:59:13,941 So if you're a country that's under sanction 1061 00:59:13,941 --> 00:59:17,205 and your ability to get funds has been compromised, 1062 00:59:17,205 --> 00:59:20,164 you may be motivated to go to the Lazarus Group 1063 00:59:20,164 --> 00:59:23,472 to fix your problem. 1064 00:59:23,472 --> 00:59:25,692 It's like a job for them. It is a job for them. 1065 00:59:25,692 --> 00:59:27,737 They get recruited. It's a nine-to-five job. 1066 00:59:27,737 --> 00:59:31,001 They come in, and each of them has their specialties. 1067 00:59:31,001 --> 00:59:32,394 They have managers, 1068 00:59:32,394 --> 00:59:35,266 they have targets that they're told to go after. 1069 00:59:35,266 --> 00:59:37,399 When you talk about nation states, 1070 00:59:37,399 --> 00:59:39,662 obviously, for your average nation state, 1071 00:59:39,662 --> 00:59:42,970 most cyber offensive campaigns are under the military. 1072 00:59:42,970 --> 00:59:45,755 It's very similar to how a military organisation 1073 00:59:45,755 --> 00:59:49,063 would be organised for their cyber offensive campaigns. 1074 00:59:49,063 --> 00:59:51,500 There is a hotel, for example, in China 1075 00:59:51,500 --> 00:59:53,633 where they've taken over multiple floors 1076 00:59:53,633 --> 00:59:55,678 where they essentially have dormitories. 1077 00:59:55,678 --> 00:59:59,116 They go to sleep in that hotel, they eat in that hotel, 1078 00:59:59,116 --> 01:00:01,466 and they don't come out of that hotel. 1079 01:00:01,466 --> 01:00:04,121 They just move from one room to another, 1080 01:00:04,121 --> 01:00:05,906 hack all day and night. 1081 01:00:08,082 --> 01:00:10,693 And the Lazarus Group is thought to be made up 1082 01:00:10,693 --> 01:00:13,435 of these state-trained hackers. 1083 01:00:18,788 --> 01:00:21,269 What's amazing about cyber, 1084 01:00:21,269 --> 01:00:23,837 when you talk about nation states, 1085 01:00:23,837 --> 01:00:27,362 is the cost to entry is extremely low. 1086 01:00:27,362 --> 01:00:29,756 We have nation states who have been 1087 01:00:29,756 --> 01:00:33,237 trying to create nuclear missiles, 1088 01:00:33,237 --> 01:00:35,109 tried to create a nuclear programme. 1089 01:00:35,109 --> 01:00:37,024 Places like Iran, for example. 1090 01:00:37,024 --> 01:00:41,550 The dollars it costs to do so, it's extraordinary. 1091 01:00:41,550 --> 01:00:44,727 But if you want to build a cyber offensive campaign, 1092 01:00:44,727 --> 01:00:47,034 you get two, three, four, five guys 1093 01:00:47,034 --> 01:00:50,515 and potentially threaten to disable the power grid 1094 01:00:50,515 --> 01:00:52,082 in some country. 1095 01:00:52,082 --> 01:00:54,519 When you talk about trying to rob a bank 1096 01:00:54,519 --> 01:00:57,218 or produce illicit drugs and sell them, 1097 01:00:57,218 --> 01:00:59,873 the amount of people required on the ground, 1098 01:00:59,873 --> 01:01:01,309 the amount of connections, 1099 01:01:01,309 --> 01:01:03,485 and for the dollars that you would receive, 1100 01:01:03,485 --> 01:01:04,965 is nothing compared to, 1101 01:01:04,965 --> 01:01:07,489 "Let's get three guys, break into a bank 1102 01:01:07,489 --> 01:01:10,710 and potentially transfer $1 billion." 1103 01:01:16,106 --> 01:01:20,545 Back in the VIP room of the Solaire Casino in Manila, 1104 01:01:20,545 --> 01:01:24,985 the money-laundering operation is in full flight. 1105 01:01:26,726 --> 01:01:29,772 They just spend hours upon hours gambling away, 1106 01:01:29,772 --> 01:01:31,339 collecting chips. 1107 01:01:31,339 --> 01:01:33,776 They transfer those chips back into cold, hard currency. 1108 01:01:33,776 --> 01:01:36,736 You put a hundred gamblers into the VIP lounge 1109 01:01:36,736 --> 01:01:40,827 playing cash, so maybe the house has a one or two percent margin. 1110 01:01:40,827 --> 01:01:43,786 But all the rest is untraceable money that they walk out with. 1111 01:01:43,786 --> 01:01:46,049 What's interesting about these individuals, 1112 01:01:46,049 --> 01:01:47,747 they weren't interested in winning. 1113 01:01:47,747 --> 01:01:50,227 They were just interested in playing. 1114 01:01:50,227 --> 01:01:51,663 If you lose the money, 1115 01:01:51,663 --> 01:01:53,448 the money doesn't go to the casino, 1116 01:01:53,448 --> 01:01:54,971 it goes to the other players. 1117 01:01:54,971 --> 01:01:58,453 So you can play the table where the other players are, 1118 01:01:58,453 --> 01:01:59,889 your partners. 1119 01:01:59,889 --> 01:02:02,239 Then you can lose the dirty money on purpose, 1120 01:02:02,239 --> 01:02:04,067 moving the money to your partners. 1121 01:02:04,067 --> 01:02:05,721 Now it's cashed out. 1122 01:02:05,721 --> 01:02:09,116 Now it looks like it came from a great win in a poker tournament 1123 01:02:09,116 --> 01:02:11,683 instead of being stolen from somewhere. 1124 01:02:11,683 --> 01:02:14,556 So, casinos are a good way of laundering money. 1125 01:02:14,556 --> 01:02:17,385 Real-world criminals have done that for decades. 1126 01:02:17,385 --> 01:02:20,649 Online criminals are doing it today. 1127 01:02:20,649 --> 01:02:23,783 They played for a whole week, that whole lunar week, 1128 01:02:23,783 --> 01:02:25,741 every day, like workers, 1129 01:02:25,741 --> 01:02:28,352 nine to five, essentially, in that casino. 1130 01:02:33,401 --> 01:02:36,404 Finally, the Chinese New Year celebrations 1131 01:02:36,404 --> 01:02:37,927 have come to an end. 1132 01:02:37,927 --> 01:02:42,323 The staff at the RCBC bank in Manila are back at work. 1133 01:02:44,412 --> 01:02:47,371 Now, the Bangladesh Bank is still desperately trying 1134 01:02:47,371 --> 01:02:49,460 to put a stop on any further withdrawals 1135 01:02:49,460 --> 01:02:52,202 from those accounts in the Bank of the Philippines. 1136 01:02:52,202 --> 01:02:54,552 They've lost $22 million already, 1137 01:02:54,552 --> 01:02:58,861 but there's still $59 million left that they can save. 1138 01:02:58,861 --> 01:03:01,908 They're firing message after message to Manila, 1139 01:03:01,908 --> 01:03:04,780 "Hold all transactions." 1140 01:03:04,780 --> 01:03:07,130 In the Philippines, they got those messages. 1141 01:03:07,130 --> 01:03:08,610 They got those messages 1142 01:03:08,610 --> 01:03:10,873 as part of many other transaction messages they got 1143 01:03:10,873 --> 01:03:12,744 that were sitting in a printer queue 1144 01:03:12,744 --> 01:03:14,094 at the bottom of the stack, 1145 01:03:14,094 --> 01:03:16,400 and ultimately, they never saw those messages. 1146 01:03:16,400 --> 01:03:20,840 At this point, the fence gets in touch with the manager 1147 01:03:20,840 --> 01:03:22,842 of the bank in Jupiter Street. 1148 01:03:22,842 --> 01:03:26,715 "Can you please authorise the transfer of $59 million?" 1149 01:03:26,715 --> 01:03:29,892 She authorises that $59 million. 1150 01:03:29,892 --> 01:03:34,157 It goes straight to the Solaire Casino. 1151 01:03:34,157 --> 01:03:36,072 More money laundering. 1152 01:03:37,944 --> 01:03:39,467 Five hours later, 1153 01:03:39,467 --> 01:03:44,080 after increasingly urgent calls from the Bangladesh Bank, 1154 01:03:44,080 --> 01:03:50,043 the manager finally puts a block on all of the accounts. 1155 01:03:50,043 --> 01:03:52,872 But, really, it's too late. 1156 01:03:52,872 --> 01:03:54,874 The money's gone. 1157 01:03:59,182 --> 01:04:02,316 It's incredible when you think what the Lazarus Group 1158 01:04:02,316 --> 01:04:05,928 was able to pull off with just some ones and zeros. 1159 01:04:05,928 --> 01:04:07,799 They guide their bespoke malware 1160 01:04:07,799 --> 01:04:10,063 into the computer network of a bank, 1161 01:04:10,063 --> 01:04:11,760 and then a year later, 1162 01:04:11,760 --> 01:04:15,068 they're literally washing $100 million 1163 01:04:15,068 --> 01:04:17,374 through a casino in the Philippines. 1164 01:04:17,374 --> 01:04:19,899 It's astonishing. 1165 01:04:19,899 --> 01:04:22,379 But what's really, really scary 1166 01:04:22,379 --> 01:04:25,730 is what happened just a year later. 1167 01:04:27,471 --> 01:04:29,604 Now back to the major cyber-attack, 1168 01:04:29,604 --> 01:04:34,130 the ransomware crippling 200,000 computers in 150 countries. 1169 01:04:34,130 --> 01:04:37,742 The thousands of targets all received this ominous message 1170 01:04:37,742 --> 01:04:39,788 in English on their screens: 1171 01:04:49,319 --> 01:04:54,194 Everyone was basically locked up with this malware 1172 01:04:54,194 --> 01:04:58,372 that we discovered had been launched by the same attackers 1173 01:04:58,372 --> 01:05:01,201 as the Central Bank of Bangladesh. 1174 01:05:01,201 --> 01:05:03,420 So they design this malware, 1175 01:05:03,420 --> 01:05:06,032 and then they lose control of it entirely. 1176 01:05:06,032 --> 01:05:08,164 And that caused chaos. 1177 01:05:08,164 --> 01:05:11,428 Ambulances were diverted to other hospitals. 1178 01:05:11,428 --> 01:05:14,866 Patients were turned away, their operations cancelled. 1179 01:05:14,866 --> 01:05:17,739 You know, the first sign that something 1180 01:05:17,739 --> 01:05:22,004 was seriously wrong was when hospitals in the United Kingdom 1181 01:05:22,004 --> 01:05:24,572 started telling patients, "Don't come." 1182 01:05:24,572 --> 01:05:28,576 That their systems had been locked up with ransomware. 1183 01:05:28,576 --> 01:05:33,668 It's unclear if it was accidentally released too early, 1184 01:05:33,668 --> 01:05:35,061 it appears so, 1185 01:05:35,061 --> 01:05:37,933 or if it was designed not to work 1186 01:05:37,933 --> 01:05:41,284 and just begin wiping computers, because it didn't matter. 1187 01:05:41,284 --> 01:05:44,200 Even if you paid them, you would not get the decryption key. 1188 01:05:44,200 --> 01:05:46,028 They didn't have the decryption key. 1189 01:05:46,028 --> 01:05:48,161 They couldn't decrypt your files anymore. 1190 01:05:48,161 --> 01:05:50,859 Japan, Turkey and the Philippines 1191 01:05:50,859 --> 01:05:54,776 were also affected. In the US, FedEx was hit. 1192 01:05:54,776 --> 01:05:59,737 That virulent virus spiralled out of control. 1193 01:05:59,737 --> 01:06:04,090 In Germany, it attacked the network of the Deutsche Bahn, 1194 01:06:04,090 --> 01:06:05,482 German Railway. 1195 01:06:05,482 --> 01:06:09,443 In Spain, WannaCry hit Telefonica, 1196 01:06:09,443 --> 01:06:12,402 the biggest telecommunications company. 1197 01:06:12,402 --> 01:06:16,580 It hit the banking systems, and ATMs didn't work. 1198 01:06:16,580 --> 01:06:21,890 This thing was hitting companies in something like 150 countries. 1199 01:06:21,890 --> 01:06:23,631 Other targets in the US 1200 01:06:23,631 --> 01:06:26,068 include Merck Pharmaceutical in New Jersey. 1201 01:06:26,068 --> 01:06:28,853 Even the company that makes Oreo cookies may have been hit. 1202 01:06:28,853 --> 01:06:32,988 So, you had the health service, you had transport, 1203 01:06:32,988 --> 01:06:36,513 you had communications, you had the finance system, 1204 01:06:36,513 --> 01:06:37,949 and you had governance 1205 01:06:37,949 --> 01:06:42,867 all with one tiny piece of crappy malware, WannaCry. 1206 01:06:42,867 --> 01:06:44,173 In other attacks, 1207 01:06:44,173 --> 01:06:46,045 they have to send you a spear-phishing email, 1208 01:06:46,045 --> 01:06:48,090 trick you into double-clicking on an attachment. 1209 01:06:48,090 --> 01:06:50,223 In this case, your computer just had to be on, 1210 01:06:50,223 --> 01:06:51,528 connected to the internet, 1211 01:06:51,528 --> 01:06:54,096 and it would have got infected by WannaCry. 1212 01:06:54,096 --> 01:06:57,317 It succeeded because the crappy malware 1213 01:06:57,317 --> 01:07:00,450 was being infiltrated into the systems 1214 01:07:00,450 --> 01:07:03,236 on the back of a much more powerful tool 1215 01:07:03,236 --> 01:07:04,846 called EternalBlue, 1216 01:07:04,846 --> 01:07:08,502 which had been developed by the National Security Agency 1217 01:07:08,502 --> 01:07:10,460 in the United States. 1218 01:07:10,460 --> 01:07:12,680 The thing the NSA never wanted to talk about 1219 01:07:12,680 --> 01:07:15,683 was the fact that it was travelling on a digital missile 1220 01:07:15,683 --> 01:07:19,469 that had been built at its own intelligence agency. 1221 01:07:19,469 --> 01:07:22,603 They repurposed something created by the US government, 1222 01:07:22,603 --> 01:07:24,213 leaked by the Russian government, 1223 01:07:24,213 --> 01:07:26,868 put it into their ransomware that allowed it to spread 1224 01:07:26,868 --> 01:07:30,785 all over the world, any computer on at that time. 1225 01:07:30,785 --> 01:07:34,049 So one crappy piece of malware 1226 01:07:34,049 --> 01:07:36,921 can hit every single aspect 1227 01:07:36,921 --> 01:07:39,185 of the critical national infrastructure 1228 01:07:39,185 --> 01:07:43,014 within the space of about ten days 1229 01:07:43,014 --> 01:07:44,929 in different countries. 1230 01:07:57,551 --> 01:08:00,771 Eventually, there's a court case after about a month. 1231 01:08:00,771 --> 01:08:03,644 There's a court case in Manila. 1232 01:08:03,644 --> 01:08:06,951 Ultimately, the bank manager didn't want anyone to find out. 1233 01:08:06,951 --> 01:08:08,431 But when he finally got in touch 1234 01:08:08,431 --> 01:08:10,868 with the Bank of the Philippines, they said, 1235 01:08:10,868 --> 01:08:12,870 "If you need this money returned, 1236 01:08:12,870 --> 01:08:15,743 you need to get a court order." So he files a court order, 1237 01:08:15,743 --> 01:08:18,049 but court orders are public in the Philippines, 1238 01:08:18,049 --> 01:08:19,616 like in many other countries. 1239 01:08:19,616 --> 01:08:22,619 A reporter spots it and realised that this has happened, 1240 01:08:22,619 --> 01:08:25,144 publishes it in a newspaper, and it all comes out. 1241 01:08:25,144 --> 01:08:28,059 The $81 million money-laundering scandal 1242 01:08:28,059 --> 01:08:31,715 is now considered one of the biggest bank heists in Asia. 1243 01:08:31,715 --> 01:08:33,848 But how exactly did thieves steal 1244 01:08:33,848 --> 01:08:36,024 such a huge amount of money? 1245 01:08:36,024 --> 01:08:37,504 Not just known in the Philippines 1246 01:08:37,504 --> 01:08:38,722 and the Bank of Bangladesh, 1247 01:08:38,722 --> 01:08:40,420 when the Bangladesh government finds out 1248 01:08:40,420 --> 01:08:42,944 the bank manager has been doing this behind the scenes, 1249 01:08:42,944 --> 01:08:44,380 but the whole world finds out. 1250 01:08:44,380 --> 01:08:46,817 And ultimately, the Bangladesh Bank 1251 01:08:46,817 --> 01:08:48,906 needs to get assistance from the FBI. 1252 01:08:48,906 --> 01:08:52,214 The New York Fed is involved. The United States is involved. 1253 01:08:52,214 --> 01:08:54,347 This becomes a whole worldwide issue 1254 01:08:54,347 --> 01:08:57,263 and begins to ripple across the financial industry 1255 01:08:57,263 --> 01:08:58,786 that this was even possible. 1256 01:08:58,786 --> 01:09:00,570 Experts believe that hackers 1257 01:09:00,570 --> 01:09:04,226 were able to break into the New York Federal Reserve's 1258 01:09:04,226 --> 01:09:06,446 special account for Bangladesh, 1259 01:09:06,446 --> 01:09:09,797 getting away with $81 million. 1260 01:09:09,797 --> 01:09:13,279 Now, Bangladesh's Central Bank governor, Atiur Rahman, 1261 01:09:13,279 --> 01:09:16,978 has resigned after hackers stole tens of millions of dollars 1262 01:09:16,978 --> 01:09:19,241 from the nation's foreign reserves. 1263 01:09:19,241 --> 01:09:23,202 The bank was criticised for its handling of the breach... 1264 01:09:23,202 --> 01:09:26,205 The governor was an excellent central banker. 1265 01:09:26,205 --> 01:09:27,945 I have a lot of respect for him. 1266 01:09:27,945 --> 01:09:32,341 He was deemed one of the top bankers by the Asia MoneyWeek. 1267 01:09:32,341 --> 01:09:34,169 And poor fellow, that time, 1268 01:09:34,169 --> 01:09:36,780 he was faced with this sort of scenario 1269 01:09:36,780 --> 01:09:39,870 which he honestly didn't understand. 1270 01:09:39,870 --> 01:09:42,830 He had really pushed the financial system 1271 01:09:42,830 --> 01:09:45,572 in Bangladesh into the 21st century. 1272 01:09:45,572 --> 01:09:48,618 He had to essentially fall on his sword and resign 1273 01:09:48,618 --> 01:09:51,447 in disgrace, and his career was ruined. 1274 01:09:51,447 --> 01:09:54,233 Many others at the bank had to resign as well. 1275 01:09:54,233 --> 01:09:57,801 An emotional Maia Deguito, the manager of the RCBC branch 1276 01:09:57,801 --> 01:10:01,196 in Jupiter Street in Makati, insists she is innocent 1277 01:10:01,196 --> 01:10:02,806 in the face of accusations 1278 01:10:02,806 --> 01:10:05,679 she is involved in the money-laundering scheme. 1279 01:10:05,679 --> 01:10:08,290 So far, only the branch manager 1280 01:10:08,290 --> 01:10:11,511 has been charged by the Anti-Money Laundering Council. 1281 01:10:11,511 --> 01:10:14,427 One of the great injustices of this whole scandal 1282 01:10:14,427 --> 01:10:17,386 is that the only person who got convicted of anything 1283 01:10:17,386 --> 01:10:18,996 was Maia Deguito, 1284 01:10:18,996 --> 01:10:22,739 and she was just the mid-level branch manager of the RCBC, 1285 01:10:22,739 --> 01:10:26,917 the bank in the Philippines that received the actual funds. 1286 01:10:26,917 --> 01:10:28,223 Typical, isn't it? 1287 01:10:28,223 --> 01:10:31,008 A crime that was conceived and carried out 1288 01:10:31,008 --> 01:10:32,445 by a whole bunch of men, 1289 01:10:32,445 --> 01:10:35,578 and the only person who gets done for it is a woman 1290 01:10:35,578 --> 01:10:38,581 who probably wasn't that guilty in the first place. 1291 01:10:38,581 --> 01:10:41,845 But she received a sentence of 56 years in jail 1292 01:10:41,845 --> 01:10:45,022 and a fine of $109 million, 1293 01:10:45,022 --> 01:10:49,549 which is significantly more than the thieves actually stole. 1294 01:10:51,028 --> 01:10:52,334 To my mind, 1295 01:10:52,334 --> 01:10:54,467 there's no question that she was a scapegoat. 1296 01:10:54,467 --> 01:10:58,340 I mean, the currency traders who turned that $81 million 1297 01:10:58,340 --> 01:11:01,343 into pesos got off scot-free. 1298 01:11:01,343 --> 01:11:03,780 There are a couple of Chinese operators 1299 01:11:03,780 --> 01:11:06,609 who brought these gamblers in from China. 1300 01:11:06,609 --> 01:11:10,439 We know that they received tens of millions of dollars in cash. 1301 01:11:10,439 --> 01:11:15,357 They vanished back to Macau. No trace of them was ever found. 1302 01:11:15,357 --> 01:11:17,794 We can't say for sure, but certainly it looks like 1303 01:11:17,794 --> 01:11:20,841 people at the Rizal Bank headquarters 1304 01:11:20,841 --> 01:11:23,931 buried these requests to stop these transactions. 1305 01:11:23,931 --> 01:11:27,282 But nobody else at the Rizal Bank was ever accused. 1306 01:11:27,282 --> 01:11:31,242 Oddly enough, in this giant scheme that involved 1307 01:11:31,242 --> 01:11:35,029 a half a dozen countries, nearly $1 billion, 1308 01:11:35,029 --> 01:11:40,251 only one bank employee in a small branch in Manila 1309 01:11:40,251 --> 01:11:42,689 was ever convicted of doing anything wrong. 1310 01:11:42,689 --> 01:11:46,083 It's incredible. Total impunity. 1311 01:11:52,438 --> 01:11:54,831 I think the most important lesson 1312 01:11:54,831 --> 01:11:57,921 of the Bangladesh Bank 1313 01:11:57,921 --> 01:11:59,923 is a lesson of scale. 1314 01:11:59,923 --> 01:12:01,925 The internet is a fantastic thing. 1315 01:12:01,925 --> 01:12:04,363 It's made our world much, much smaller. 1316 01:12:04,363 --> 01:12:07,104 You can do all sorts of things. It's fantastic. 1317 01:12:07,104 --> 01:12:08,976 But that interconnectivity, 1318 01:12:08,976 --> 01:12:11,848 where everything is linked to everything else, 1319 01:12:11,848 --> 01:12:15,461 means that if you get bad actors in that system, 1320 01:12:15,461 --> 01:12:17,288 then the damage 1321 01:12:17,288 --> 01:12:22,119 is infinitely more immense than it was before. 1322 01:12:23,730 --> 01:12:26,036 When I started this job two decades ago, 1323 01:12:26,036 --> 01:12:29,126 you had to explain to people, what is a virus? 1324 01:12:29,126 --> 01:12:31,085 What is a cyber-attack? 1325 01:12:31,085 --> 01:12:33,435 Today, we don't talk about 1326 01:12:33,435 --> 01:12:36,482 making sure this file doesn't get deleted any more. 1327 01:12:36,482 --> 01:12:40,616 We literally talk about making sure the supply chain is up, 1328 01:12:40,616 --> 01:12:42,662 food can reach people's tables. 1329 01:12:42,662 --> 01:12:45,708 Our job is not just to protect people's computers. 1330 01:12:45,708 --> 01:12:49,103 Our job is to ensure society is up and running. 1331 01:12:49,103 --> 01:12:52,106 Everything that we use now, 1332 01:12:52,106 --> 01:12:54,021 water, electricity, 1333 01:12:54,021 --> 01:12:56,980 the financial system, the comms system, 1334 01:12:56,980 --> 01:12:58,591 depends on the integrity 1335 01:12:58,591 --> 01:13:03,726 of unbelievably complex networked computer systems. 1336 01:13:03,726 --> 01:13:08,035 And our dependence is becoming such 1337 01:13:08,035 --> 01:13:10,429 that, should anything go wrong, 1338 01:13:10,429 --> 01:13:13,214 be it a technical hitch or be it a hack, 1339 01:13:13,214 --> 01:13:17,174 it can actually lead to our lives grinding to a halt 1340 01:13:17,174 --> 01:13:19,568 in a very short space of time. 1341 01:13:20,526 --> 01:13:22,179 We're sort of in a state 1342 01:13:22,179 --> 01:13:24,660 where we're increasing our vulnerability 1343 01:13:24,660 --> 01:13:27,402 and our attack surface every single day. 1344 01:13:27,402 --> 01:13:29,839 And instead of pausing 1345 01:13:29,839 --> 01:13:32,842 and thinking about how to lock up our power grid, 1346 01:13:32,842 --> 01:13:37,891 really, where our energy has been focused is on escalation. 1347 01:13:37,891 --> 01:13:41,416 Countries like the United States, China and Russia 1348 01:13:41,416 --> 01:13:44,593 have already arrogated the right to themselves 1349 01:13:44,593 --> 01:13:47,378 to attack with full force, 1350 01:13:47,378 --> 01:13:50,077 whether cyber or conventional weapons, 1351 01:13:50,077 --> 01:13:51,948 against anyone who brings down 1352 01:13:51,948 --> 01:13:56,562 a serious piece of critical national infrastructure. 1353 01:13:56,562 --> 01:14:01,523 We've had Stuxnet blowing up the Natanz centrifuge plant. 1354 01:14:01,523 --> 01:14:05,005 We've had ransomware attacks, which hit the Eastern Seaboard. 1355 01:14:05,005 --> 01:14:07,050 There was no gas to the Eastern Seaboard 1356 01:14:07,050 --> 01:14:09,662 for a whole week in the United States. 1357 01:14:09,662 --> 01:14:11,794 We had Russia against the Ukraine, 1358 01:14:11,794 --> 01:14:14,580 shutting out the power in the middle of winter. 1359 01:14:14,580 --> 01:14:17,496 We're talking about people losing their lives. 1360 01:14:17,496 --> 01:14:19,062 We've also had cyber-attacks 1361 01:14:19,062 --> 01:14:21,456 that potentially affected US elections. 1362 01:14:21,456 --> 01:14:23,806 We had the healthcare in the UK brought down, 1363 01:14:23,806 --> 01:14:25,982 dialysis machines no longer working. 1364 01:14:25,982 --> 01:14:29,464 This is an extremely fragile situation, 1365 01:14:29,464 --> 01:14:33,642 much more fragile than the period of détente, 1366 01:14:33,642 --> 01:14:37,298 because so many more countries have these weapons. 1367 01:14:37,298 --> 01:14:41,432 Malware is much more difficult to control than nuclear weapons. 1368 01:14:41,432 --> 01:14:44,914 People always warn me of the cyber Pearl Harbor 1369 01:14:44,914 --> 01:14:47,134 or the cyber 9/11, 1370 01:14:47,134 --> 01:14:49,789 but it's almost worse than that. 1371 01:14:49,789 --> 01:14:53,662 Every day, there are thousands of cyber-attacks, 1372 01:14:53,662 --> 01:14:58,275 and we're just getting more and more and more inured to them. 1373 01:14:59,059 --> 01:15:00,930 It's like a plague. 1374 01:15:00,930 --> 01:15:05,195 I think we'll see much more hostile cyber activity, 1375 01:15:05,195 --> 01:15:07,894 much more cyber bank robberies, 1376 01:15:07,894 --> 01:15:10,026 much more cyber espionage. 1377 01:15:10,026 --> 01:15:13,073 We'll see much more cyber war. 1378 01:15:13,073 --> 01:15:15,858 In many ways, I think we've seen nothing yet. 1379 01:15:15,858 --> 01:15:19,296 As attacks increase in their sophistication 1380 01:15:19,296 --> 01:15:21,429 and their range, 1381 01:15:21,429 --> 01:15:25,389 then the impact can be ever greater. 1382 01:15:25,389 --> 01:15:29,916 There is a cyber-attack on critical national infrastructure 1383 01:15:29,916 --> 01:15:31,787 coming to a place near you 1384 01:15:31,787 --> 01:15:35,312 within the next five to ten years. 1385 01:15:35,312 --> 01:15:38,751 If it's done well, and if it's really malicious, 1386 01:15:38,751 --> 01:15:41,275 that could be catastrophic. 1387 01:15:43,059 --> 01:15:47,629 What's amazing about the Bank of Bangladesh heist is... 1388 01:15:47,629 --> 01:15:51,328 they almost walked away with $1 billion. 1389 01:15:54,114 --> 01:15:56,246 The mistakes that they made 1390 01:15:56,246 --> 01:16:00,033 that led to them only walking with $81 million 1391 01:16:00,033 --> 01:16:02,905 were literally a typo in a name 1392 01:16:02,905 --> 01:16:05,125 and potentially not being patient enough, 1393 01:16:05,125 --> 01:16:06,605 waiting just one more hour. 1394 01:16:06,605 --> 01:16:09,956 We could be telling a completely different story. 1395 01:16:09,956 --> 01:16:11,871 Presumably, these guys 1396 01:16:11,871 --> 01:16:15,352 kept perhaps 95 percent of that cash. 1397 01:16:15,352 --> 01:16:16,571 You could walk out 1398 01:16:16,571 --> 01:16:18,442 with 95 percent of what you came in with, 1399 01:16:18,442 --> 01:16:21,881 have nobody trace that money, no record of it whatsoever, 1400 01:16:21,881 --> 01:16:26,276 and get on a plane with it, and you're home free. 1401 01:16:26,276 --> 01:16:30,803 Even if you had invested a year's work, 1402 01:16:30,803 --> 01:16:35,503 that you had recruited a really decent set of hackers, 1403 01:16:35,503 --> 01:16:39,942 that you had corrupted bank officials, 1404 01:16:39,942 --> 01:16:43,990 you'll be looking at a profit of about $75 million. 1405 01:16:43,990 --> 01:16:47,080 For a year's work, not a bad pay-off. 1406 01:16:49,169 --> 01:16:53,042 The Bank of Bangladesh heist showed them what was possible. 1407 01:16:54,435 --> 01:16:56,785 They proved that they could do it. 1408 01:17:01,660 --> 01:17:03,705 After that attack, it didn't stop. 1409 01:17:03,705 --> 01:17:07,883 We saw continued attacks on various banks across Asia, 1410 01:17:07,883 --> 01:17:10,494 I think in the Philippines again. 1411 01:17:10,494 --> 01:17:14,716 And also, they started hacking the cryptocurrency exchanges, 1412 01:17:14,716 --> 01:17:18,589 where people store their Bitcoin and Monero digital currency, 1413 01:17:18,589 --> 01:17:21,767 which has proved to be incredibly lucrative for them. 1414 01:17:23,769 --> 01:17:25,727 In 2017, Lazarus was thought 1415 01:17:25,727 --> 01:17:27,381 to have successfully attacked 1416 01:17:27,381 --> 01:17:32,038 at least five Asian cryptocurrency exchanges. 1417 01:17:32,038 --> 01:17:37,870 That's a total of $571 million that was lost. 1418 01:17:37,870 --> 01:17:41,177 Cryptocurrency exchanges just have the bare minimum 1419 01:17:41,177 --> 01:17:43,702 of security, we're learning now. 1420 01:17:43,702 --> 01:17:46,966 In 2020, as the global pandemic spiralled, 1421 01:17:46,966 --> 01:17:50,186 AstraZeneca, makers of one of the key vaccines, 1422 01:17:50,186 --> 01:17:53,581 was hit by an attack, extorting the company 1423 01:17:53,581 --> 01:17:56,889 and stealing sensitive information for profit. 1424 01:17:58,107 --> 01:18:00,675 The sums involved are astronomical, 1425 01:18:00,675 --> 01:18:03,983 and Lazarus is still very much at large. 1426 01:18:06,289 --> 01:18:11,817 They have been designated by the United States an APT; 1427 01:18:11,817 --> 01:18:13,906 that's an advanced persistent threat. 1428 01:18:13,906 --> 01:18:16,735 Now, the fundamental criteria 1429 01:18:16,735 --> 01:18:20,521 is that they represent a threat 1430 01:18:20,521 --> 01:18:24,655 to US national security and national infrastructure. 1431 01:18:24,655 --> 01:18:28,529 So, just by dint of it being called an APT 1432 01:18:28,529 --> 01:18:33,447 means that the Lazarus Group is serious stuff. 1433 01:18:33,447 --> 01:18:35,666 Marvel fans, think HYDRA. 1434 01:18:35,666 --> 01:18:38,844 James Bond films, think of SPECTRE. 1435 01:18:38,844 --> 01:18:40,280 It's something like that. 1436 01:18:43,805 --> 01:18:47,678 Now, it's tempting to think this comparison is absurd, 1437 01:18:47,678 --> 01:18:51,117 but this is the scale that Lazarus operates on. 1438 01:18:51,117 --> 01:18:54,337 Arguably, they're the most potent cyber criminals 1439 01:18:54,337 --> 01:18:56,470 in business today. 1440 01:18:56,470 --> 01:19:00,343 So the nation state's involvement in cybercrime 1441 01:19:00,343 --> 01:19:02,998 means that cybercrime has actually morphed 1442 01:19:02,998 --> 01:19:05,696 into cyber warfare. 1443 01:19:05,696 --> 01:19:08,656 You can have zero trust in these systems. 1444 01:19:08,656 --> 01:19:12,138 You need to assume that everything has been broken, 1445 01:19:12,138 --> 01:19:14,053 everything is being listened to, 1446 01:19:14,053 --> 01:19:17,317 that everything can be captured, and operate accordingly. 1447 01:19:19,623 --> 01:19:22,496 If a small group can plan something 1448 01:19:22,496 --> 01:19:25,542 and get away with $81 million, 1449 01:19:25,542 --> 01:19:27,980 which involved the Fed in New York, 1450 01:19:27,980 --> 01:19:29,808 SWIFT in Brussels, 1451 01:19:29,808 --> 01:19:32,593 the Bangladeshi Bank in Dhaka, 1452 01:19:32,593 --> 01:19:36,075 and then all the peripherals in Manila, 1453 01:19:36,075 --> 01:19:40,470 just think about what one of the really professional operations 1454 01:19:40,470 --> 01:19:42,603 in China, Russia, 1455 01:19:42,603 --> 01:19:44,561 the NSA, GCHQ, 1456 01:19:44,561 --> 01:19:48,914 just think what havoc they could wreak. 1457 01:19:48,914 --> 01:19:52,656 And every year, the hacks get bigger, the damage greater, 1458 01:19:52,656 --> 01:19:54,745 the implications graver. 1459 01:19:56,182 --> 01:20:00,490 Armies literally have hackers hammering at the gates. 1460 01:20:00,490 --> 01:20:02,753 And it just takes a simple breach, 1461 01:20:02,753 --> 01:20:05,626 one person, one weak link, 1462 01:20:05,626 --> 01:20:08,281 and those armies will storm the defences 1463 01:20:08,281 --> 01:20:12,894 and bring down a network that our way of life depends on. 1464 01:20:12,894 --> 01:20:15,636 It happened in Bangladesh in 2016. 1465 01:20:15,636 --> 01:20:21,076 And believe you me, it's going to happen again very soon. 1466 01:21:15,000 --> 01:21:17,959 Iyuno 118262