Monday, September 8, 2025

### Black tide swallowed by small cyber branches - Manila Jupiter Street 2015-2016

### Black tide swallowed by small cyber branches - Manila Jupiter Street 2015-2016

In May 2015, five new accounts were opened at an RCBC Bank branch on Jupiter Street in Manila, Philippines. The nominees were all supposed to be managers of different companies, but they had the same occupation and salary, and the courtesy letters sent to them were returned unopened. The accounts were then left dormant for nine months [7††North Korea Razarus2R.pdf†].

In February 2016, a transfer of tens of millions of dollars was suddenly made to that account. These were funds leaked from the Bangladesh Central Bank through hacking. The funds should have been frozen as suspicious transactions, but due to a combination of internal control mechanisms and delays in manual checks, the funds were moved [7††North Korea Razarusu2R.pdf†].

The money transfer system was a "straight-through system," meaning that deposits were automatically processed without human verification. The rule was that suspicious transactions were to be reported to a committee at the head office for review, but it took several days to catch up. According to the testimony of the deputy manager, the branch manager Maia Deguito is said to have said, "I would rather do this than have me and my family killed," suggesting that pressure was behind the system [7† North Korea Razarusu 2R.pdf†].

The funds were transferred from the first four accounts in which they were deposited to the account of the actual nominee, "William Goh. This mechanism limited the extent to which the bank could freeze the funds, making them even more difficult to trace. Eventually, the funds were transferred further and cashed out. It is estimated that the total weight of the bills reached 500 kilograms, and vehicles and personnel were deployed to transport them, with Chinese officials involved in receiving them [7††North Korea Razarusu2R.pdf†].

In terms of related technology, the SWIFT system was the first target of the attack, and remittance messages were spoofed. At the Federal Reserve Bank of New York, the automated maintenance system reacted to the destination "Jupiter," and although most remittances were blocked, some reached the Philippines. Second, the efficiency of banking operations was conversely a weakness. While straight-through processing was quick, it created a time gap before detection and was used by criminals [7†North Korea Rasarusu2R.pdf†].

During the cashing stage, analog methods such as transportation and vehicle arrangements were combined with digital theft. Large-scale transfers of funds leave a physical trail, but without an immediate freeze, tracing them takes a backseat. This sequence of events was a typical example of exploiting institutional gaps in international finance [7†North Korea Razarusu2R.pdf†].

The context of the mid-2010s is also important. North Korea, which lacked foreign currency due to UN sanctions, was strengthening its methods of taking funds through cyber attacks and erasing them through real money laundering. Meanwhile, in the Philippines, the casino industry was expanding and banks were becoming more efficient and automated. These conditions combined to turn a small branch into a nexus for international money laundering [7†North Korea Rasarusu2R.pdf†].

This incident showed that an attack launched at speed can only be prevented if it is responded to with speed. Anomaly detection at the pre-transfer stage, immediate freezing measures, mandatory reconfirmation upon beneficiary change, and coordination with the cash industry. Without such a multi-layered immediate response system, it teaches that the stolen funds will be transformed into cash and chips, never to return [7†North Korea Razarusu2R.pdf†].

No comments:

Post a Comment