The Rest Is Classified - 10. North Korea’s CIA: The Billion Dollar Heist (Ep 2)
Episode Date: January 8, 2025What happens when an authoritarian state runs its security services like an organised crime syndicate? Why did a group of North Korean cyber criminals gamble away vast sums of stolen money in the casi...nos of Las Vegas? And did Kim Jong Un's spies get away with their billion dollar heist? After over a year of work, the North Korean cyber criminals are inside the Central Bank of Bangladesh and about to escape with their bags of cash, but there's a glitch. The account they plan to send the stolen money to in the Philippines has triggered a security alert with the Federal Reserve in New York. Will they avoid getting caught in the act? Listen as David and Gordon share the dramatic details of how a North Korean spy ring orchestrated one of the biggest bank robberies in history. Get our exclusive NordVPN deal here ➼ www.nordvpn.com/restisclassified It’s risk-free with Nord’s 30-day money-back guarantee! Email: classified@goalhanger.com Twitter: @triclassified Assistant Producer: Becki Hills Producer: Callum Hill Senior Producer: Dom Johnson Exec Producer: Tony Pastor Learn more about your ad choices. Visit podcastchoices.com/adchoices
Transcript
Discussion (0)
This episode is brought to you by our new friends at NordVPN. Now Gordon, you have been
a NordVPN user for over a year now, and why in the world do you like them so much?
So many reasons, David, but one feature in particular that I love is that with just one
subscription you can keep multiple devices safe, up to 10 at once with the NordVPN app.
So I've got a lot of
phones and laptops around the house which I've used over the years in
various places and to keep them all safe and secure I do use that NordVPN.
You can also protect unlimited devices on your router by using NordVPN which
means that it is perfect for keeping your family safe online when they're
using social media, email, banking online, or really anything for that matter.
If you want to ensure that you're safe online, you should take advantage of our exclusive
NordVPN discount. All you need to do is go to nordvpn.com slash rest is classified. And
when you sign up, you can receive a bonus for months on top of your subscription plan
and there's no risk with Nord's 30 day money back guarantee.
The link is also in the episode description box.
Welcome to The Rest Is Classified and we're talking and continuing our story
about the attempted heist of a cool $1 billion from the Central Bank of Bangladesh by the North Korean security services, the Norks, as they're called.
The Norks. Gordon, you missed a tremendous opportunity to do a Dr. Evil impression there. You did not take it. That's unbelievable. I mean, that's a what a mess.
$1 billion. Is that what dollars is in Austin Powers films. And for those just
listening, he also did not put his pinky to his mouth. But we are back. And for
those who listened last week, we left with the sort of cyber bandits about to
enter the digital vault at the central bank of Bangladesh.
And I think it's worth before we really get into the nuts and bolts of this heist to set up a few kind of key points from last time to really make the story punch.
And we have been following really these robbers through the lens of the one we know about, a man by the name of Park Jin-hok,
who has gone through this incredible story of joining the Reconnaissance General Bureau,
North Korea's foreign intelligence service, the one that ultimately is carrying out this heist,
coming up through his, you know, sort of the North Korean equivalent of Stanford or MIT or Oxford,
being recruited by the Reconnaissance
General Bureau, spending time in China, and then really coming back to this Pyongyang
that under Kim Jong-un is becoming an absolute boomtown.
There is more and more money and so much of that money is coming from cybercrime.
And so we have really on the eve of pulling this heist off, Park Jin-hok and these other robbers
and cyberoperatives inside the Reconnaissance General Bureau are out there doing something
that is a key piece of tradecraft really for North Korea's spy services, which is robbery. Yeah, so it's a high story, but not really so much about criminals as spies,
as a spy service which is carrying out criminal acts to fund the North Korean state,
to fund both the lavish lifestyle of the leader, but also the weapons programs
and all the other things that North Korea has been doing.
Exactly. And last time we really talked about the robbers, you know, we did not talk about
the victims at the central bank of Bangladesh.
And I think where we could start today would be by diving in and actually going to
the bank on Friday, the 5th of February, 2016, when a duty manager, the guy by the
name of Zubair Binhooda,
notices Gordon as any modern person would
and be irate over a printer glitch, of all things.
It's going to be the first sign that something inside-
We've all been there.
We've all been there inside this 12 story,
really ugly building in the capital of Bangladesh, Dhaka.
He is gonna notice this printer glitch.
And this printer is located in a highly secure room on the 10th floor of the bank's main office.
And the printer's job is basically to print out hard copy records of the often multi-million dollar
transfers that flow in and out of the bank. So of course, there's a digital record of this,
which we'll talk about how the North Koreans have taken care of that.
But the printer is the backup, right? The hard copies that come out.
Now, Ben Huda had done, of course, what any sensible person would do when they're confronted with a printer glitch, which is when it's discovered, he tells his subordinates to fix it.
And then he promptly leaves the office. Now, of course, nobody can fix it because the North Korean malware has broken it, right?
But on Saturday, right?
On Saturday the 6th of February, Benhooda goes back into the bank at around 9 a.m. and
the printer is still broken.
So his subordinates have not fixed the problem.
There's error messages.
And then they do, you know, sort of the second maybe most sensible thing, which is, let's restart the printer, turn it on and off again.
We've all been there. Let's do a hard restart. And as soon as they do that,
messages begin to spew out of the printer tray. And these messages are extremely
urgent. They're from the Federal Reserve Bank in New York, the Fed, the Fed, yeah,
They're from the Federal Reserve Bank in New York, the Fed, where the Central Bank of Bangladesh has their sort of US dollar denominated account.
And what becomes clear from all of these messages that are all coming out is that the Fed had
received instructions that look like they're coming from the bank over that SWIFT system,
the sort of interbank messaging system that we had talked about last time, they've received
instructions to drain the entire account. It's almost a billion dollars. It's $951 million
for the bean counters out there who are going to follow this trail as we talk about it.
It's an insane amount of money, and it's probably the second biggest
attempted heist ever in history.
It's a bad day if you're a bank manager, isn't it?
If the printer spews out a message saying, we've agreed to your
transfer of a billion dollars or we've got this message.
Not only are you irate about a printer glitch, but now all of your
money is being taken.
Now, I do think it's worthwhile to put that number in context for a minute,
because one billion dollars, Dr.
Evil style sounds like a lot.
And it is North Korea just to put it in kind of North Korean terms.
Again, really crunchy numbers are hard to come by, but North Korea
may be spent around $4 billion
on defense in 2019. And so we're talking about, you know, a number that's maybe a quarter of the
military budget, right? Yeah, that is an insane number. In the US, that's like $200 billion. And
I think in the UK, it's, you know, maybe £15 pounds or something like that. So it's a massive swing
here for Park and these bank robbers back in Pyongyang. We know that the North Koreans have
been in the system for some time carrying out reconnaissance. They've learned the system
and they've timed their heist, haven't they? I mean, that's one of the keys to the operation,
is they've tried to time it at a moment when it's least likely to be spotted.
Yeah, that's exactly right. So the Fed, you know, those messages that rolled out of the printer,
I mean, the Fed had started sending messages the day before on Friday, right around mid morning,
but with the printer out of action, and with the RGBs malware having sort of wiped the record
digitally, the company, the Central Bank of Bangladesh,
really only sees these midday on Saturday.
But of course, when the Bangladeshis see this, it's Saturday in New York.
And the Fed's closed.
And the Fed's closed, right?
And then, this is also a critical piece of the sort of the dance here that the North
Koreans have so expertly
choreographed is that the hackers are going to try to wire this money to a bank in Manila
in the Philippines.
In 2016, on Monday, the 8th of February, which is the next day, it's the first day of Lunar
New Year, which is a national holiday across Asia.
And so they've exploited these holidays, weekends, the time difference between Bangladesh, New York and the Philippines.
They've actually engineered a five-day run of sort of missed handoffs and miscommunication and lag time between all these different parts of the world.
They've engineered a five-day run to get the money out.
So it's back to that idea that this is a very, very carefully thought through operation.
This isn't a smash and grab bank job.
It's a smart intelligence operation.
I'm not sure if the Norks are a fan of whiteboards and such things in their offices, but I would
have to imagine that at some point, this team
in Pyongyang had the choreography, had the potential, the timeline up on a whiteboard
somewhere and the operational chief.
Because Park, this bank robbery we've been following, is probably more of the foot soldier
in this, doing a lot of the coding work and things like that to actually do the reconnaissance
on the computer systems and to deploy the
malware and to write the code that modified the central bank of Bangladesh's SWIFT system.
But there's an operational chief in Pyongyang who's looking at this thing holistically.
And interestingly, one of the things that chief chose, which ends up being a total act
of God in some ways, is that the bank in Manila
that they tried to wire all this money to,
they chose a branch that had an address
on Jupiter Street in Manila.
And here we kind of see why cyber crime and espionage
is never like the movies
because something random always goes horribly wrong.
And an alert got tripped at the Fed in New York
because there was an unrelated business
called Jupiter Seaway Shipping in Athens,
which was on a sanctions watch list
for activities related to Iran and sanctions and whatnot.
And so a bunch of the payments,
a bunch of the sort of attempts to send that cash
to the Philippines got flagged for review inside the Fed.
And so many of those ended up actually having a human look at them as opposed to just dumping the
money to the account that the North Koreans had set up in the Philippines.
The plan was for close to a billion dollars.
They don't quite get that much because some of it gets stopped.
They still get a hell of a lot of money, don't they?
Well, yes.
The payments are reviewed, most are stopped.
Here you can imagine a bunch of people in Pyongyang
who are watching this and thinking,
I cannot believe how unlucky we've gotten.
But they're playing a big game here
with a lot of bets across cyber crime
as we discussed last time in all domains.
So this is probably part of the game.
But five transactions cross the hurdle.
Five transactions get through worth about $101 million. Now,
interestingly enough, this is where you get to this operational chief in Pyongyang view
is you think there had to be a plan that was architected and designed and probably approved
at very high levels inside the RGB throughout the year that precedes this to think about
how do I actually get the money out? Right? I i mean it's one thing to send it to an account somewhere it's another thing to actually have access to it
in pyongyang and they sent twenty million
of that hundred and one million to a shreelonkan charity called the shalika foundation they misspelled the name in the transaction order which is when a bank employee spotted the spelling mistake and the transaction was reversed.
And so in the end, you take that 101, you remove that 20, which got sent back and $81 million got through.
And I think, I mean, it's an interesting question, isn't it, Gordon?
Did they think they would get away with all of it or had they intended kind of all along for there to be leakage?
Yeah, because even getting 81 or 100 million is some serious money. Now, this is the bit
that I find fascinating because if someone defrauds me from my bank, I call up the bank
and they can see where it's gone and they'll hopefully refund me, but you can trace the
money. The question in my mind is how do you get 81 or $100 million out from having moved it
in digital terms from one bank account to another?
How do you physically get hold of cash?
Because that's the bit that seems to me to be almost the hardest bit of the operation,
almost as hard as the hacking bit, which is the technical bit.
Yeah.
You know, I think this is an angle that we have so little insight into.
Now, we do know that the Philippines was chosen for some very specific reasons as kind of
the terminus for a lot of this money.
Not really the terminus, but I guess a way station to help them wash the cash.
And there's some very good reasons for that, which are quite interesting and related to
casinos and money laundering. But I think they had to build a network
of assets, people who were probably coerced, and there was a ground game. And I think that what the
RGB did to build that ground game is the murkiest part of the story. And it's the piece of it that
is most old school espionage and that you actually had, I think, assets, some
witting and some unwitting that the RGB recruited on the ground in the Philippines or to come
to the Philippines, as we'll see, to help them actually launder the cash and get it
out.
And that's the piece of the story that is just hidden in the shadows.
And it is interesting, isn't it?
Because it's seen as a cybercrime, but you couldn't finish it.
You couldn't get hold of the money without people, without a network. And again, it's
that bit of, I guess, organized crime have got this as well, these networks on the ground
of people who are going to help them launder money, wash money, be able to move it so it's
not traced. But in this case, the North Korean intelligence services have built the same
kind of network you'd expect to see an organized crime syndicate build around the world to
be able to move money. And perhaps for the same reasons, network you'd expect to see an organized crime syndicate build around the world to be able to move money.
And perhaps for the same reasons, whether some of these people are being paid off or,
as you said, coerced to do it, we don't always know.
But they've got this whole network of people around Asia, it seems, to be able to launder
the money and to try and get it out.
And that's where you think about the type of asset that the CIA or MI6 may be typically
interested in.
And I actually think there are reasons and cases where
these type of people would be exactly the kind of people
that a Western spy service might try to recruit.
But the typical image would be of somebody,
you know, let's take the CIA recruiting in Russia.
Well, you'd want people with access
to Putin's inner circle, to his plans and intentions,
you know, maybe that's someone in the Ministry
of Foreign Affairs, maybe that's someone in the Ministry of Foreign Affairs,
maybe that's someone in the Ministry of Defense,
maybe that's an aide in the Kremlin.
When you're running your spy service
like an organized crime syndicate,
which is how we should think about
the Reconnaissance General Bureau,
your assets and agents end up being criminals, gamblers.
There's no sort of ethical lens here.
There's no lawyers probably inside the
RGB trying to figure out what's legal and what's not. You're in this extremely aggressive
organization that probably feels like its back is up against the wall. And the whole point is
generating cash flow. And actually, interestingly enough, it gives you something to offer these
people you're recruiting because they can effectively just be on the take, you know,
they can take a cut, they're sort of working for you under the expectation that there will
be a windfall, and they'll take a little piece of that. And so
the network in the Philippines is all these all these types of
people. Now, I think we go back and kind of situate this we're
in the Philippines, it's Monday, the eighth of February 2016,
there's $81 million that has been sent
from the Central Bank of Bangladesh's account
at the Fed in New York into the Philippines.
Now, interestingly enough,
what the North Koreans have done as part of that ground game
in the year running up to February of 2016
is there have been accounts established
at RCBC, this bank in Manila.
The accounts have been set up by the RCBC bank manager
with fake driver's licenses.
All the applicants have exactly the same job title
and salary despite all working at different companies.
And the accounts have sat dormant
with a $500
deposit in them.
Then all of a sudden, over this weekend, these four non-existent Filipinos are wildly rich.
Michael Cruz doesn't exist.
He's got $6 million in his account.
Jesse LaGrosse doesn't exist.
$30 million.
Alfred Vergara, $20 million.
Enrico Vasquez, $25 million.
All of a sudden, this money dumps in to these accounts
that have been set up by this bank manager.
And I think, you know, this bank manager,
a woman by the name of Maria Santos de Guito,
is an interesting piece of the RGB's ground game in Manila,
because she's established these accounts.
Again, it's very murky and sort of who might have asked her
or told her to do it.
But this whole day on Monday, now you think about it,
the Bangladeshis by this point know the money's gone.
The Fed knows that the money has been sent
to the Philippines from central banks account, right?
They've worked out it's missing, yeah.
So they've kind of, to use the language of a heist,
the robbers are being pursued.
Yeah, the chase is on.
Now this is where I think the Philippines becomes the key piece of the puzzle here,
because this bank manager is unreachable the entire day as the bank is trying to figure
out how they might be able to claw this money back.
And a clerk finally goes into her office, she's been locked up in there all day. And the bank manager tells him, I'd rather do this than me being killed for my family,
which is a great actually piece of journalism done by Jeff White, who wrote a book called
The Lazarus Heist.
And did a great podcast on it.
Yeah.
And did a great podcast on this.
And that afternoon, $400,000 is ordered from the bank's cash center, delivered to the branch, put into a cardboard box and dumped
into the branch manager's car.
The windows roll down, the box gets dumped in and the closed
circuit cameras have been obviously Gordon out of
commission the entire weekend.
How convenient.
So we've got the money has gone into these accounts in the
Philippines of these mythical individuals. So the next question is, how do you get the money out of the accounts?
How do you turn it into real money? That's the thing that I still don't quite understand from
one of these kind of cyber heists. There's a critical, non-glamorous step here that will take
us on this chain. And that's from those four accounts. They've moved
the $81 million to a single account. And that account is held in the name of a colleague
of that branch manager, Signatures Forged. And it's an absolutely crucial and mundane step,
because just as the Bangladeshis are in pursuit, demanding that the Philippines freeze these
accounts, because of course, this
is what would happen in a normal case of cybercrime is if money
was taken from our account and put elsewhere, you could
potentially freeze that money in that account and eventually
claw back. Now, by moving it, it's infinitely more challenging
to stop this flow. Because legally, in the Philippines,
RCBC, the bank can only freeze the accounts
into which the money is initially paid.
And so by the time they freeze those accounts,
there's only $68,000 left in those original four.
And so on Monday the 8th,
that probably crooked or coerced bank branch manager
transfers that $81 million to a money changing firm in Manila.
And here, I think, again, we've got some indication of the RGB's ground game,
because basically what happens is that money gets sent to this money changing firm,
and the cash actually gets converted. And here's where it gets turned into something physical for the first time, Gordon. It gets
turned into pesos, the local currency. And then two loading teams, primarily of Chinese
nationals, show up with a truck. Okay. One of them is operated by a Chinese national who's probably an asset of the
North Korean RGB. He takes $31 million and gets on a plane and
leaves private plane never seen again. So there's one angle of
this story, which is just $31 million gets put into a bag and
flies out. It probably goes to Pyongyang eventually, but we
don't know.
You could speculate that this guy is probably a more traditional asset of the North Korean
security services.
Let's take a break there.
When we come back, we'll see what happens to the rest of the money as we follow its
trail disappearing into where else but the casinos.
See you after the break.
This episode is brought to you by our new friends at NordVPN.
Now David, what do you find useful about NordVPN?
Well I really like NordVPN's Threat Protection Pro, which is an incredibly powerful and effective
anti-virus tool.
It is integrated directly into the NordVPN app and allows you to browse safely and smoothly
while also protecting you from phishing
and other cyber threats.
It can often be hard to distinguish fake websites from real ones or phishing texts that appear
to be real, but Threat Protection Pro will prevent you from accessing these dangerous
things.
So NordVPN is actually the first and only VPN app to receive the certification that
their anti-fishing software
is reliable. So to stay secure online you should take advantage of our exclusive NordVPN discount.
All you need to do is go to NordVPN.com rest is classified. When you sign up you can receive a
bonus four months on top of your plan and there's absolutely no risk with Nord's 30-day money back guarantee. The link is also in the episode description box.
Welcome back to The Rest Is Classified and we're looking at the money trail from these
funds stolen by the Norks, the North Korean security services out of the Bangladesh Central
Bank and tens of millions of dollars have found their way of the Bangladesh Central Bank, and tens of millions
of dollars have found their way to the Philippines and David, where else but to the casinos?
To the casinos.
I mean, like any good spy story, Gordon, we're going to end up in the casinos here.
So the North Koreans, now that $31 million has been flown out probably to Pyongyang on
a private jet, there's $50 million.
It is Monday, the 8th of February,
and it's Lunar New Year, Gordon.
And I know that you, like everyone else in this story,
celebrates Lunar New Year by gambling.
That is how you bang out a Lunar New Year,
is by sitting in a smoke-filled room
and playing penny slots.
Isn't that right, Gordon?
Never have.
But this again is where the North Korean operation
was so elegantly timed because they of course,
very aware that it is Lunar New Year
and there's a huge amount of celebration
and gambling going on in casinos in the Philippines.
And casinos offer you, if you are Park Jin-Hok, who's the cyber operative,
or if you're this kind of fictional chief of operations
in Pyongyang, who's been designing this thing end to end,
the casino offers you a very interesting advantage here
because you have to take this money
and you effectively have to launder it,
which you can do a lot of different ways,
but it is essentially a practice of, I want to hide or obfuscate where this money came
from and so I'm going to move it through multiple points so that on the other side, you don't
know that it came from the central bank of Bangladesh.
So no one can trace it.
Yeah.
You don't want to trace it. So casinos are really useful
for that. And at this point in the Philippines, in 2016, they are woefully unregulated by any kind of
anti money laundering legal regime. And so taking money from literally cash or wiring it from an
account into the casinos, playing with it, and then
exchanging that in for chips or a check or cash and then walking out is a perfect way
to hide where this money came from. And so again, we know we talked a little bit before the break
about the interesting kind of assets that the North Korean security services recruit. And one of those is a Chinese
guy named Kim Wong, who runs a gaming junket operation out of Macau. He also ran a t-shirt
factory and restaurants in the past. He's close to a bunch of Filipino politicians. So he's kind
of an all around fixer and resourceful guy. And on February 8th and 9th, Kim Wong is basically going to have a whole bunch of guys walk into the VIP area at the Solair Casino on Manila's waterfront.
Solair is very lovely. It's a very high end place, very upmarket for Southeast Asian gaming.
There's a theater, there's shopping. It's literally as big as anything in Las Vegas. So our listeners
should not think of this as some kind of backwater. This is a beautiful, big glitzy casino.
And these guys, do they know what they're doing or who they're doing it for? They've
just been given money to game? These guys are kind of interesting. So they show up and basically all of the first-hand
accounts say, these guys are not VIPs. I mean, they're showing up in these kind of high-end,
high-limit gaming rooms and they're getting stacks and stacks of chips from the cages,
tons of money, but they're kind of just dressed
almost sloppily.
They're not in the tuxedo.
They're not in the James Bond.
This is the opposite of Casino Royale.
This is a guy in sweatpants and a t-shirt and flip-flops.
But who's gambling with millions of dollars.
But who's gambling with millions and millions of dollars.
And interestingly, these guys are,
they're on a very strict routine.
They play from 8 a.m. until 11 30.
So they're on a schedule.
They take a break for lunch.
They take their chips up to the room while they eat.
And then they rinse and repeat.
And they go back in the afternoon,
they rinse and repeat the next day.
And interestingly enough,
all of the kind of firsthand reports
will say these guys look bored.
They're gaming for massive, massive sums of money. And
they're totally bored. They're playing Bacharot. This is a very
simple game. It's all luck. It's no skill. It's it's one of the
most popular games in Asia. And it kind of begs the question at
this point in the story of if they're gambling
all this money, are the North Koreans sweating this?
Because are they just are they going to lose it all?
Yeah. So first of all, I've never played back around.
Have you? I mean, I think actually in the James Bond books,
in the book of Casino Royale, that's what he's.
Yes. That's what he's playing in the film.
I think he plays poker.
But in the books, it's back around.
I have no idea how to play it.
One of yours on your Vegas trips, David?
You're a penny slots guy. Is that right, Gordon?
I have been to Vegas. I'll have you know.
I went to Vegas for book research. Critical. Mission critical book research, actually.
I did set, I've set a number of scenes in my most recent novel in Vegas. And so I went
with my wife and a good friend of ours who is a Vegas animal.
He takes trips there.
He's a big gambler.
He loves it.
And he's got all these kinds of different connections in Vegas.
He's a, he's a Bacharach guy, right?
And I went again for the purposes of research to observe him on one of these sort of colossal,
you know, into the abyss gambling trips that he takes.
And Baccarat's an interesting game. My Vegas experience with him so contrasts with this
experience of these like six to twelve Chinese guys sitting there kind of bored because
Baccarat's a very, it's an intense game, right? It is really kind of a fight against fate.
You bet on either the player winning or the bank winning.
Two cards get dealt, each to the banker and the player,
and whoever's cards add up the closest to nine wins, period.
It's very fast, you can play a lot of hands quickly,
but if you're playing this in a normal context,
like in a high limit room in Vegas, like my
friend was, and I was observing, by the way, he lost massive
sums of money in about 30 minutes. Really? It's just wild.
Yeah, it's intense. I mean, players are messing around with
the cards, doing weird superstitious things extremely
animated, like when you're gambling in that context for, you
know, 10s or 100s of thousands of dollars on hand, you are
really into it. And it's just luck. It's just like and it's
just luck. Now they do post these little boards that show
the run of hands or sort of whether player bank has won.
And there is a whole superstitious system around
looking at the patterns to discern what comes next.
But it's all luck.
I mean, there's skill involved to some degree in blackjack and certainly in poker.
This is just luck of the draw.
But if you play Baccarat over a long enough period of time and with enough people and you play this many hands, like competent players can recoup about 90%
of your, if you walk in with a hundred bucks, you'd come out with 90. And so I think the North
Koreans know this, right? And again, this sort of operational chief in Pyongyang is probably putting
all this in a PowerPoint presentation for his superiors about how they're going to do it.
And they're assuming we're going to take a 10 or so percent haircut on the
money.
That's okay if you get it laundered, but I mean coming out with 90% sounds pretty good,
but your friend didn't when he went there.
No, he lost all his money.
Did you lose yours?
I did not gamble on this trip.
This was purely for David McCloskey books to have a tax write off. And so I was not gaming.
I was observing and taking copious notes.
And we spent the rest of the night having margaritas and going to dance clubs.
I mean, it was it was a truly wild trip.
It was the opposite of these these poor Chinese guys who showed up
and probably got paid minimum wage to gamble with millions of dollars
for a week or more.
Back to the Philippines. Interestingly, again, while all these guys are gaming, again, the
Bangladeshis know the money's here. The Filipinos know that the money is there, but there's nothing
legally that they really can do or they're sort of, you know, they're having to be creative with
the legal mechanisms they use to really try to crack down on this. Pretty soon, these guys who are gaming,
they actually start to run out of their own money. So they're
playing for hundreds of thousands of millions of dollars
down the tables, but they're actually out of their own pocket
change. So I think, you know, the RGB is generosity has has
run out and paying some of their support assets, they're asking
their VIP host for food and cigarettes
inside the casino.
Eventually casino staff enter the room.
They find, you know, Chinese junket operator,
this Kim Wong character who the North Koreans
have probably hired.
It says, oh, well this guy is the brains of the operation.
Kim Wong gets let go.
The casino has no authority to arrest anybody, right?
And eventually the bank will recover about $16 million from Kim Wong, he'll be charged,
the charters are, you know, later dropped, it's this whole
kind of murky case, and we're down to really our last about
$34 million, right? So where does we have we've bled so much
money out since Yeah, started with the initial you know almost
billion dollars and this is where Macau comes in now for those who listened to last week's episode
the North Koreans have a relationship with Macau there's there's history here this actually is
it's a big gambling hotspot isn't it right yeah for. Yeah. For the Norks. Now, interestingly, Vegas in 2019
generated $9 billion in gaming revenue. And I think for many of
our American or British listeners, I'd be surprised
that Macau earns about four times that. It is a massive
gaming hub larger than Vegas. It's a haunt for shady business,
for exiles, and lo and behold, Kim Wong's junket operates out of Macau. And this is the
place Gordon where we do really lose the money. Because that $34 million, probably in late February
of 2016, after who knows how many thousands of Baccarat hands has been transported into Macau and then it is probably literally
put in bags and flown into Pyongyang.
We get to the end of the money trail and we started with a heist that was going for a
billion dollars.
Now we come to the end of it.
Do we know how much they actually got out of it?
Tens of millions, it sounds like they managed to transport through the private plane, through
Macau, through elsewhere.
I mean, pretty good take.
Do you think if you're that operational chief sitting in Pyongyang, are you thinking good
job or are you looking at it a bit like the gambler who nearly got all the fruits on the
slot machine but didn't quite get the big toll and the big win that he was up?
I think it's a bit of a loss for this operational chief because I have to imagine again that
there was an operation that was approved inside the RGB.
There was probably some goal.
This guy in a meeting with Superior said, I think we can get X. And my guess is he got
a lot less than what he had intended. So you could certainly, I think,
make the case that, well, this is better than nothing. And the North Koreans are applying kind
of a venture capital investment approach to crime, which is you just make bets everywhere,
and some will do well and some won't. And in total, you've cast out so many lines that you bring in
and in total, you've cast out so many lines that you bring in the money you need.
This is better than nothing, but I have to think that
in sort of the, maybe the bureaucracy of the RGB,
that somebody looked askance at this afterward and said,
you know, you screwed up at a couple points
and you told us you were gonna get, you know,
a half billion and here we are with maybe 50 million in cash.
The chief ends up in the shark tank.
Maybe he ends up in the shark.
Yeah, the tank fitted with sharks, fitted with lasers.
It's interesting, isn't it?
Because this is a period in which they're trying to do these bank heists.
But the North Koreans, I mean, this isn't the end of it.
I mean, their kind of cyber operations and
their money making operations continue, don't they? Because I think they then start going
after crypto exchanges in the years after this. And I saw they took $60 million from one crypto
exchange, tens of millions of dollars from others. So, they kind of evolved, don't they? Because I
guess they get spotted doing this. They get rumble during this heist. And maybe it is a bit too
obvious getting inside Swift.
So once you've done something like this once, you have to move on. So we see them going for crypto
assets. I was seeing recently though that you've got companies who are hiring remote workers to
work on their IT and they don't realize but it's actually a North Korean. You're getting someone
who's offering to do some coding job or something remotely, and you think it's someone in some other country.
And in fact, you're hiring a North Korean and they never appear on the video link.
And what they're doing is getting inside your company and doing the reconnaissance and stealing
the stuff a bit like they did with the Bangladesh Central Bank.
So what we've seen is, is North Korea kind of learn and adapt and evolve in the way it
does these kind of heists in the last few years. Well, and there's also maybe an element in the win column, Gordon, is that it
brings notoriety.
You know, the Sony Pictures hack put the spotlight on North Korea in a way that,
you know, I think it's a little bit of like making the intelligence services of
this country look extremely risk tolerant.
And that's not a bad thing.
You know, I mean, having some notoriety to, to what you're up to, I think is
maybe a part of this and obviously we're talking about the story today.
It's been well covered.
There are ingenious angles at various points to the operation itself.
I think for many of these guys inside the RGB, my sense is they probably got a real thrill out of being involved.
Do we know what happens to our hacker?
I mean, he does get indicted by the FBI, doesn't he, and by the Department of Justice.
So his picture gets slapped up on the internet as a most wanted.
So he gets a level of notoriety himself, doesn't he, as the kind of face of this hack, even though
there's probably lots of other people involved as well. But do we have any idea what happens
to him? He's disappeared somewhere in the system. We don't know whether he's in the shark tank or
living it up with the pet dogs and the meth in Pyongyang.
He's in his $80,000 apartment, living interestingly on probably the second floor,
because in North Korea, the better apartments are at the bottom because the elevators oftentimes don't work and no one wants to walk up 10 to 15
flights of stairs. But I do think on the human side, Park, he's sort of thread through this story
because he's one of the cyber operatives, but we don't really know what happened to him afterward.
And I do think with any North Korean spy story, certainly,
you do have to have this question, which is, is he or people like him? Are they criminals
or are they victims? You know, because he's in a system where he doesn't have a lot of
agency, right? And where he doesn't have a lot of choice.
Because he's been plucked out as being a great mathematician and programmer.
Yeah, he's been kind of moved through this probably, although there have a lot of choice. Because he's been plucked out as being a great mathematician and programmer. Yeah, he's been kind of moved through this probably,
although there's a lot of incentives to opt into this kind
of work.
You know, I mean, he's not being given those choices.
What does he think about this?
I mean, you know, there's another lens here, which is
Bangladesh is one of the world's poorest countries.
I mean, he has helped to steal tens of millions of dollars from
depositors at a bank in an extremely underdeveloped
country.
So they're not robbing the rich here by any stretch, right?
But then on the other side of it, we know that the most elite cyberoperatives in North
Korea, you get houses and cars for being part of work like this.
You get special gifts from Kim Jong-un.
And so I think actually, especially if you apply a lens of, you know, how many
in the West do to being sanctioned by the Russians, for example, I mean, I
would think that him having his picture out there and being indicted by the FBI.
I would guess that he has a copy of that FBI, you know, indictment at his house
or framed above his desk in Pyongyang as a badge of
honor.
Yeah. My sympathies for him, I have to say, are limited. One more question. We've talked
about the North Korean intelligence services undertaking this kind of criminal activity.
How unique is that? There are other services who've got involved with hacking. You think about the Russians as well.
In terms of actually crime being part of their overall purpose, not just something they use
to do their spy work, but actually moneymaking as being the goal.
I mean, is North Korea really unique in just how far it pushes that, where the criminal
and the intelligence side are so tightly fused.
I think it is unique in the fact that I can state that North Korean covert action is essentially
robbery and that's almost always true.
There are other cases, you mentioned Russia, which is a good one, where I think oftentimes
elements of the security services will effectively moonlight as an organized crime syndicate.
The overlaps between organized crime and the state are murky.
North Korea is not alone in having its spy services better thought of as a criminal syndicate.
David, thank you.
Great story, crazy story of the bank heist that could have netted a billion dollars.
So close. They were so close to their Dr. Evil moment, Gordon, and it will just have to wait for
another criminal operation that we can hopefully cover extensively on.
The rest is classified.
But I guess we'll leave this one here and we'll look forward to more Insane Spy Stories
next time.
Thanks for joining.
Thanks for listening.