My review on "Billion Dollar Heist" documentary based on North Korean Lazarus cyber heist on Bangladesh's national bank

I enjoy watching documentaries on streaming services like #DisneyPlus, #Netflix and #AppleTV+, especially those focused on animals, nature, space, sports, and more. However, there are hardly any documentaries on digital fraud and bank heists with cybersecurity elements. So, it was a pleasant surprise when I came across "Billion Dollar Heist" on Apple TV+ on last weekend; it turned out to be a terrific documentary that I highly recommend. If you are an Apple TV+ subscriber, you can watch it. The show was produced in 2023 and has a runtime of 1 hour, 24 minutes, and 19 seconds.

In 2016, North Korean hackers #Lazarus orchestrated a nearly $1 billion cyber heist on Bangladesh's national bank, coming very close to success. This incident, one of the largest cyber heists, occurred in February 2016 when the Central Bank of Bangladesh lost $81 million from its account held in the Federal Reserve Bank of New York. This sophisticated attack revealed vulnerabilities in the #SWIFT system that provides a secure and standardized messaging network for financial institutions worldwide in 2016 and highlighted the need for us to have heightened cybersecurity measures in the global financial sector even today.

** Spoiler Alert **

The Bangladesh Bank Heist began with a malfunctioning printer. Initially dismissed as a minor technical glitch, the situation quickly escalated when the printer started spewing urgent messages from the Federal Reserve Bank in New York (02:55), where Bangladesh maintained a US-dollar account. These messages contained instructions, seemingly from Bangladesh Bank, to empty the entire account, amounting to nearly a billion dollars.

Despite attempts by Bangladesh Bank to reach out to the Federal Reserve for clarification, the hackers' precise timing hindered their efforts (12:24). The hack commenced at around 20:00 Bangladesh time on Thursday, 04 February 2016, while it was Thursday morning in New York, giving the hackers ample time to execute their plan while Bangladesh was unaware.

Adding to the complexity, the discovery of the theft coincided with the start of the Bangladeshi weekend, running from Friday to Saturday. This meant that the bank's headquarters in Dhaka was offline for two days as they began to uncover the cyberattack on Saturday (15:09). Furthermore, the hackers transferred the stolen funds to accounts they had set up in Manila, Philippines.

Exploiting the time differences between Bangladesh, New York, and Philippines, the hackers orchestrated a strategic five-day window to move the money. The Lazarus Group, a notorious hacking group, had been infiltrating Bangladesh Bank's computer systems for a year leading up to the heist after the initial phishing email arrived at the bank (27:51).

As the money stolen from Bangladesh Bank was laundered through the Philippines, numerous links to Macau were established in Chinese territory before being sent back to North Korea.