AML CHALLENGES
CNN recently reported that the banking industry generally escaped the devastating impact of the global WannaCry ransomware attack. 1 Evidence is mounting steadily that North Korea was linked to this cyberattack and blame has also been directed at other countries. 2
This article sheds light on the perplexing issue of cyberattacks by nation-state actors, given its diverse mix of stakeholders, disinformation, political and financial motivations, tools and methods deployed. In addition, this article explores two other cybersecurity concerns that impact financial transactions: encrypted cybercrimes and man-in-the-middle attacks.
Nation-state actors
Discussions of financial system vulnerabilities have been broadened to include warnings of cyberattacks by nation-states and their proxies. 3
BankInfoSecurity 4 and CNN 5 recently reported on evidence that North Korea-linked hackers— a group referred to as Lazarus or Bluenoroff— have been behind recent cyberattacks on financial institutions in Africa, Asia, Europe, the Middle East and Latin America. Funds stolen through these cyberattacks have allegedly advanced North Korean nuclear weapons development.
International concern about nation-state sponsored cyberattacks on banks and other critical infrastructure date back at least 10 years. 6
In 2007, Estonian authorities alleged that computer hackers, aligned with the Russian government, launched distributed denial-of-service( DDoS) attacks against Estonian banks and government agencies. These cyberattacks were reportedly a Russian response to an Estonian decision to move a Soviet World War II memorial from downtown Tallinn, leading to protests from the Russian government and ethnic Russians in Estonia. The Russian government denied involvement. 7
In 2008, Georgian banks, government agencies and infrastructure were the targets of similar DDoS attacks, reportedly executed by computer hackers aligned with the Russian government. These cyberattacks coincided with Russian military action to curb Georgian efforts to increase its control over the South Ossetia and Abkhazia regions, which have had historically strong ties to Russia. The Russian government denied involvement. 8
Fast forward to 2015, when U. S.- and U. K.-based banks topped the list of the world’ s largest and most interconnected global banks, as if to foreshadow cyberattacks targeting larger financial institutions that could have broader global consequences. 9
In 2016, cyberattacks aligned with North Korea were in the news. Specifically, the North Korean government was suspected of launching cyberattacks against Asian banks in South Korea, the Philippines, Vietnam and Bangladesh for financial gain. 10
In addition, in 2016, the U. S. Justice Department charged seven computer specialists, who reportedly performed work on behalf of the Iranian government, with cyberattacking U. S. financial institutions, such as Bank of America, NASDAQ, the New York Stock Exchange, Capital One Bank, ING Bank, Branch Banking and Trust Company, Fidelity National Information Services, U. S. Bank and PNC Bank. 11
1
Mark Thompson and Jethro Mullen,“ World’ s biggest cyberattack sends countries into‘ disaster recovery mode,’” CNN, May 14, 2017, http:// money. cnn. com / 2017 / 05 / 14 / technology / ransomware-attack-threat-escalating /
2
David Josef Volodzko,“ Is North Korea Behind WannaCry Virus?,” South China Morning Post, May 20, 2017, http:// www. scmp. com / week-asia / geopolitics / article / 2094980 / north-korea-behind-wannacry-virus
3
Gary Robbins,“ Waging war with no bombs or missiles,” San Diego Union-Tribune, October 28, 2016, http:// www. sandiegouniontribune. com / news / science / sd-me-cyber-warfare-20161014-htmlstory. html
4
Jeremy Kirk,“ Kaspersky Links North Korean IP Address to Lazarus,” BankInfoSecurity, April 4, 2017, http:// www. bankinfosecurity. com / kaspersky-links-north-korean-ip-address-to-lazarus-a-9810
5
Jose Pagliery,“ North Korea-linked hackers are attacking banks worldwide,” CNN, April 4, 2017, http:// www. cnn. com / 2017 / 04 / 03 / world / north-korea-hackers-banks /
6
Robert Windrem,“ Timeline: Ten Years of Russian Cyber Attacks on Other Nations,” NBC News, December 18, 2016, http:// www. nbcnews. com / storyline / hacking-in-america / timeline-ten-years-russian-cyber-attacks-other-nations-n697111
7
Associated Press,“ A look at Estonia ´ s cyberattack in 2007,” NBC News, 2009, http:// www. nbcnews. com / id / 31801246 / ns / technology _ and _ science-security / t / look-estonias-cyber-attack /
8
Jeremy Kirk,“ Georgia cyberattacks linked to Russian organized crime,” Computerworld, August 17, 2009, http:// www. computerworld. com / article / 2527019 / government-it / georgia-cyberattacks-linked-to-russian-organized-crime. html
9
Paul Glasserman and Bert Loudis,“ A Comparison of U. S. and International Global Systemically Important Banks,” United States Treasury Department, Office of Financial Research( OFR) Brief Series 15-07, August 4, 2015, https:// www. financialresearch. gov / briefs / files / OFRbr-2015-07 _ A-Comparison-of-US-and-International-Global-Systemically-Important-Banks. pdf
10
Nicole Perlroth and Michael Corkery,“ North Korea Linked to Digital Attacks on Global Banks,” New York Times, May 26, 2016, https:// www. nytimes. com / 2016 / 05 / 27 / business / dealbook / north-korea-linked-to-digital-thefts-from-global-banks. html
11
“ United States of America v. Ahmad Fathi, Hamid Firoozi, Amin Shokohi and Sadegh Ahmadzadegan a / k / a‘ Nitr0jen26,’ Omid Ghaffarinia a / k / a ´ PLuS,´ Sina Keissar, and Nader Saedi a / k / a ´ Turk Server,” Sealed Indictment 16 CRIM 48, United States District Court Southern District of New York, https:// www. justice. gov / usao-sdny / file / 835061 / download
ACAMS TODAY | SEPTEMBER – NOVEMBER 2017 | ACAMS. ORG | ACAMSTODAY. ORG 19