US prosecutors expected to accuse North Korea over Bangladesh Bank cyber attack

Trail of attempted theft of almost $1bn from Bangladesh's central bank leads back to North Korea via Chinese middlemen, believe investigators

Federal prosecutors in the US are expected to implicate the North Korean government in last year's attempt to steal almost $1bn from Bangladesh Bank, the central bank of Bangladesh.

The investigators believe that the ‘Room 39' organisation, linked not just to the North Korean government but directly to the ruling Kim family, was behind the attempted theft, aided by Chinese middlemen.

The claims were made by the Wall Street Journal, citing ‘people familiar with the matter'. It claims that US attorney's offices and FBI field offices in both Los Angeles, California and New York have been investigating the theft. The leak indicates that charges might be imminent.

The WSJ suggests that investigators found links between code used in the Bangladesh Bank attack and the November 2014 attack on Sony Pictures Entertainment, launched just before the company released The Interview, a film involving the attempted assassination of North Korean leader Kim Jong-un.

The attack on Sony Pictures took down the company's network for several weeks while computer forensics specialists investigated. Embarrassing emails were leaked and published by Wikileaks, and the company's CEO sunsequently resigned. A group calling itself the Guardians of Peace claimed responsibility.

The theft from Bangladesh Bank in February last year was arguably the biggest cyber security story of 2016. The attackers penetrated the security of the Bank and, using their knowledge of the SWIFT bank-transfer system, set-up a series of international payments from Bangladesh Bank's accounts at the New York Federal Reserve to accounts at banks across Asia.

The payments were timed for a Friday - the first day of the weekend in Bangladesh, when the Bank would have been almost empty - giving the perpetrators three days cover between the Bank in Bangladesh and the New York Federal Reserve in the US.

However, the series of payments were stopped when a clerk at a correspondent bank routing the payment raised the alarm over an elementary spelling mistake in one of the payment instructions.

By then, payments totalling $101m had been transferred, although $20m was quickly recovered before it could be withdrawn. Another tranche was intercepted from a casino in Manila, the Philippines through which some of the money was being laundered.

SWIFT later admitted that the Bangladesh Bank attack was one of an increasing number on banks using its ubiquitous payments network. It promised to improve security measures and threatened to expel banks that did not improve their own IT security.

Reports suggest that Room 39 - officially, the Central Committee Bureau 39 of the Korean Workers' Party - pulls-in between $500m and $1bn per year from illegal activities, the Millennium Project of the World Federation of United Nations Associations claimed in 2007.

Externally, its criminal activities include counterfeiting, the production of controlled substances and insurance fraud. Inside North Korea it is involved in the management of foreign currency earnings from foreigners staying in hotels in the capital Pyongyang, gold and zinc mining, and the export of agricultural and fisheries products.

The organisation is believed to have been set-up in the late-1970s with the explicit purpose of making for the ruling Kim family.