Escape mazes and baccarat frenzy - the strange connection between North Korean-affiliated hackers and casinos (2016)

Escape mazes and baccarat frenzy - the strange connection between North Korean-affiliated hackers and casinos (2016)

In 2016, a cyber heist by the Lazarus Group, a North Korean state-sponsored hacker group, shook financial institutions around the world. The stage was set for the Bangladesh Central Bank. They hijacked the international payment network SWIFT and attempted to illegally transfer a total of $951 million from an account at the Federal Reserve Bank of New York in the United States. Of this amount, $81 million arrived in Manila, Philippines. This led to the later "RCBC money laundering case.

During this period, North Korea was under a tightening web of economic sanctions by the international community, and in March 2016, the UN Security Council had just adopted its most stringent sanctions resolution against North Korea ever (No. 2270). With the means of obtaining foreign currency becoming scarce, the use of a "hacker unit" to earn foreign currency to maintain the regime was becoming a realistic national strategy.

The story goes back to May 2015, when a fictitious account was opened at the Jupiter Street branch of RCBC Bank. Accounts were opened for five people, but the addresses were false, letters were returned, but no one pointed out anything suspicious. This "account left for months without anything happening" suddenly swells with tens of millions of dollars in February 2016.

According to the testimony of deputy branch manager Agarado, branch manager Maia Deguito said, "I would still rather do this than have me and my family killed." Confusion spread within the bank over the huge transfer of funds, but headquarters consistently sent notices to the branches stating that the transfer was legitimate. This inconsistency eventually led to the intense pursuit of responsibility at the hearings.

The Senate hearing, held at the Bayview Park Hotel Manila, was hurriedly held in the hall of the Bayview Park Hotel Manila, as the usual congressional facilities could not accommodate the hearing. The senator sarcastically said, "Next time you deliver money to me," and laughed at the weak governance of RCBC and the Philippine banking system.

Meanwhile, the stolen funds were taken to the Solea casino resort in the Philippines, where they were converted into "baccarat" chips by a mysterious group of Chinese speakers. They would show up at the casino every morning as if they were going to work, play for about three hours, and then leave. They would show up at the casino every morning as if they were going to work, and leave after about three hours of casual gaming.

Their money was cashed out of chips again, loaded onto trucks, and transported; it also turned out that two Chinese were responsible for moving the 500 kilograms of bills. One of the delivery persons was a mysterious "Wei Kang Shu," but inquiries to public authorities were met with a "no record" response, and the trail was completely cut off.

Furthermore, inside the casino, the reporter's attention was drawn to the "bag stool," a stool dedicated to customers' handbags. The presence of a luxury brand bag placed there symbolized the "out-of-place" nature of the source of the money.

This incident is not the same as the intelligence warfare of the Cold War era, but is a typical example of 21st century "cyber warfare + money laundering" complex state crimes. The scale of the structure involving hackers, banks, casinos, transportation, and even the political arena in order to circumvent sanctions is indicative of the "war without war" of today.