AML CHALLENGES
CNN recently reported that the banking industry generally escaped the devastating impact of the global WannaCry ransomware attack . 1 Evidence is mounting steadily that North Korea was linked to this cyberattack and blame has also been directed at other countries . 2
This article sheds light on the perplexing issue of cyberattacks by nation-state actors , given its diverse mix of stakeholders , disinformation , political and financial motivations , tools and methods deployed . In addition , this article explores two other cybersecurity concerns that impact financial transactions : encrypted cybercrimes and man-in-the-middle attacks .
Nation-state actors
Discussions of financial system vulnerabilities have been broadened to include warnings of cyberattacks by nation-states and their proxies . 3
BankInfoSecurity 4 and CNN 5 recently reported on evidence that North Korea-linked hackers — a group referred to as Lazarus or Bluenoroff — have been behind recent cyberattacks on financial institutions in Africa , Asia , Europe , the Middle East and Latin America . Funds stolen through these cyberattacks have allegedly advanced North Korean nuclear weapons development .
International concern about nation-state sponsored cyberattacks on banks and other critical infrastructure date back at least 10 years . 6
In 2007 , Estonian authorities alleged that computer hackers , aligned with the Russian government , launched distributed denial-of-service ( DDoS ) attacks against Estonian banks and government agencies . These cyberattacks were reportedly a Russian response to an Estonian decision to move a Soviet World War II memorial from downtown Tallinn , leading to protests from the Russian government and ethnic Russians in Estonia . The Russian government denied involvement . 7
In 2008 , Georgian banks , government agencies and infrastructure were the targets of similar DDoS attacks , reportedly executed by computer hackers aligned with the Russian government . These cyberattacks coincided with Russian military action to curb Georgian efforts to increase its control over the South Ossetia and Abkhazia regions , which have had historically strong ties to Russia . The Russian government denied involvement . 8
Fast forward to 2015 , when U . S . - and U . K . -based banks topped the list of the world ’ s largest and most interconnected global banks , as if to foreshadow cyberattacks targeting larger financial institutions that could have broader global consequences . 9
In 2016 , cyberattacks aligned with North Korea were in the news . Specifically , the North Korean government was suspected of launching cyberattacks against Asian banks in South Korea , the Philippines , Vietnam and Bangladesh for financial gain . 10
In addition , in 2016 , the U . S . Justice Department charged seven computer specialists , who reportedly performed work on behalf of the Iranian government , with cyberattacking U . S . financial institutions , such as Bank of America , NASDAQ , the New York Stock Exchange , Capital One Bank , ING Bank , Branch Banking and Trust Company , Fidelity National Information Services , U . S . Bank and PNC Bank . 11
1
Mark Thompson and Jethro Mullen , “ World ’ s biggest cyberattack sends countries into ‘ disaster recovery mode ,’” CNN , May 14 , 2017 , http :// money . cnn . com / 2017 / 05 / 14 / technology / ransomware-attack-threat-escalating /
2
David Josef Volodzko , “ Is North Korea Behind WannaCry Virus ?,” South China Morning Post , May 20 , 2017 , http :// www . scmp . com / week-asia / geopolitics / article / 2094980 / north-korea-behind-wannacry-virus
3
Gary Robbins , “ Waging war with no bombs or missiles ,” San Diego Union-Tribune , October 28 , 2016 , http :// www . sandiegouniontribune . com / news / science / sd-me-cyber-warfare-20161014-htmlstory . html
4
Jeremy Kirk , “ Kaspersky Links North Korean IP Address to Lazarus ,” BankInfoSecurity , April 4 , 2017 , http :// www . bankinfosecurity . com / kaspersky-links-north-korean-ip-address-to-lazarus-a-9810
5
Jose Pagliery , “ North Korea-linked hackers are attacking banks worldwide ,” CNN , April 4 , 2017 , http :// www . cnn . com / 2017 / 04 / 03 / world / north-korea-hackers-banks /
6
Robert Windrem , “ Timeline : Ten Years of Russian Cyber Attacks on Other Nations ,” NBC News , December 18 , 2016 , http :// www . nbcnews . com / storyline / hacking-in-america / timeline-ten-years-russian-cyber-attacks-other-nations-n697111
7
Associated Press , “ A look at Estonia ´ s cyberattack in 2007 ,” NBC News , 2009 , http :// www . nbcnews . com / id / 31801246 / ns / technology _ and _ science-security / t / look-estonias-cyber-attack /
8
Jeremy Kirk , “ Georgia cyberattacks linked to Russian organized crime ,” Computerworld , August 17 , 2009 , http :// www . computerworld . com / article / 2527019 / government-it / georgia-cyberattacks-linked-to-russian-organized-crime . html
9
Paul Glasserman and Bert Loudis , “ A Comparison of U . S . and International Global Systemically Important Banks ,” United States Treasury Department , Office of Financial Research ( OFR ) Brief Series 15-07 , August 4 , 2015 , https :// www . financialresearch . gov / briefs / files / OFRbr-2015-07 _ A-Comparison-of-US-and-International-Global-Systemically-Important-Banks . pdf
10
Nicole Perlroth and Michael Corkery , “ North Korea Linked to Digital Attacks on Global Banks ,” New York Times , May 26 , 2016 , https :// www . nytimes . com / 2016 / 05 / 27 / business / dealbook / north-korea-linked-to-digital-thefts-from-global-banks . html
11
“ United States of America v . Ahmad Fathi , Hamid Firoozi , Amin Shokohi and Sadegh Ahmadzadegan a / k / a ‘ Nitr0jen26 ,’ Omid Ghaffarinia a / k / a ´ PLuS ,´ Sina Keissar , and Nader Saedi a / k / a ´ Turk Server ,” Sealed Indictment 16 CRIM 48 , United States District Court Southern District of New York , https :// www . justice . gov / usao-sdny / file / 835061 / download
ACAMS TODAY | SEPTEMBER – NOVEMBER 2017 | ACAMS . ORG | ACAMSTODAY . ORG 19