India’s leading private sector banks, HDFC Bank has recently contracted a significant agreement with the KEXIM (Export Import Bank of Korea) to save a $300 million credit line. Aims of the agreement is to reinforce trade and economic relations between South Korea and India and simplify funding opportunities for businesses functioning in both nations.
The agreement of credit line was signed by HDFC Bank Managing Director, Mr. Aditya Puri and President and Chairman of KEXIM, Mr. Lee Duk-hoon, throughout a virtual ceremony. This collaboration marks a significant milestone for HDFC Bank, as it further expands its global network and enhances its capacity to support trade finance requirements.
The $300 million credit line provided by KEXIM will enable HDFC Bank to offer financial assistance to Indian companies engaged in imports from South Korea. The facility of credit will mainly focus on supporting different sectors like electronics, automobiles, renewable energy, and infrastructure that have seen substantial development and demand in these years.
This planned partnership between KEXIM and HDFC Bank will not just provide the required financial enhancement to Indian businesses but even foster greater collaboration between the two countries. The particular credit line will play an important role in encouraging bilateral trade and investment flows by noticing the financing demands of Indian importers and promoting exports of South Korean.
Also, the association is expected to support economic ties between South Korea and India, leading to improved opportunities for the expansion of business and technology exchange. Also, it will contribute to the overall development and growth of both nations, making a conducive atmosphere for further investment and trade cooperation.
HDFC Bank has a good history of supporting Indian businesses in different sectors through its strong trade economics offerings. By leveraging the credit line from KEXIM, the bank aims to extend its support to a wider range of businesses engaged in South Korean imports, enabling them to access affordable and timely financing solutions.
The agreement with KEXIM is in line with HDFC Bank’s commitment to fostering global partnerships and facilitating international trade. With its extensive network and expertise in trade finance, HDFC Bank is well-positioned to drive economic growth and facilitate cross-border transactions, providing a significant boost to India’s import sector and overall trade ecosystem.
Originally published at https://www.emeriobanque.com.
0 notes
The biggest heist that almost was
Let me tell you about the most insane bank heist that is going to sound like I'm just leaking the script for the next American hacking movie. The goal? Steal one billion USD. And it all began with an email and a printer, which as we all know is where problems usually start. Another weapon in this heist was... Weekends and time zones.
As usual, no prior computer science education needed.
What happened?
On the morning of February 5th 2016, a printer had stopped working in the central bank of Bangladesh (Bangladesh Bank). But it wasn't just any printer, it was the printer responsible for printing all the records of the multimillion transfers going in and out of the bank. When the poor employees finally won the printer battle and had it resume normal operation, they saw a very concerning account transfer in the records that was coming out. The bank had an USD account in the USA, at Federal Reserve Bank, with approximately 1 billlion Dollars in it, and the Federal Reserve Bank had received instructions to drain almost the entire amount. In the records that came out in the printer, the American bank had attempted to urgently message the Bangladesh bank regarding this transfer, but couldn't get through to them. This was because the hack had actually started the day before, Thursday 4th, at around 20:00 Bangladesh time, when the bank was closed. However, USA had just started their day, giving the American bank plenty of time to follow through with the instructions from the Bangladesh bank to drain their entire account while they were closed. And that wasn't the end of it, as weekends are from Friday to Saturday in Bangladesh, meaning that the Bangladesh bank headquarters in Dhaka wouldn't discover this withdrawal until Sunday morning. That's when they immediately tried to reach the American bank, which of course didn't work as over there it was Saturday evening, and the American weekend is from Saturday to Sunday, meaning that they wouldn't be reachable until Monday.
You see what I mean by the hackers using time zones and weekends, finding the perfect time for the American bank to execute their orders while Bangladesh discovers the withdrawal several days too late, and again several days too late for Americans to be reachable. But it didn't stop there with their timehacking.
The money had to go somewhere from the American bank, and it would be stupid to send it directly to the hackers own account without laundering the money first. So they had set up four different bank accounts in the Philippines, using fake names and credentials. Why the Philippines? Because the Lunar new year was on Monday the 8th, which is a holiday and holiday means no bank activities in either Bangladesh or the Philippines, buying the hackers even more time. As a final act, they messed with the printer responsible for printing transaction records, adding another few hours to their schedule. Moon and stars really aligned perfectly for this plan.
But how did they do it?
It all began one year prior, in January 2015, with an email sent to several employees at the Bangladesh Bank. The email seemingly contained a job application from a person who didn't actually exist, but who was very polite in his request for a position at the bank, with a link to his CV and cover letter. Naturally this link led to a document with a little surprise gift - malware. Since the heist happened, at least one of the recipients must have clicked the link, and successfully deployed a RAT - Remote Access Trojan, malware that lets you control a computer from the comfort of your own home, as well as a toolkit with various malware to move from computer to computer, avoiding discovery, and covering their tracks.
From there, the hackers slowly made their way through the bank offices network, one step at a time to avoid setting off alarms, looking for any computer that had control of the banks SWIFT setup. SWIFT lets banks transfer large amounts of money between themselves and other banks connected to SWIFT. And as soon as they found one of those computers, they stopped. They didn't need to hack SWIFT in the traditional sense of the word - since they operated in a bank computer, the SWIFT-software assumed they naturally had to be bank employees. However, one of the parts of the malware used in the heist was for manipulating the SWIFT system, as the hackers weren't physically there to press anything. Additionally, since they were laying dormant for the time to strike, they needed to keep an eye out for SWIFT updates that could detect any tampering with the system, and adapt accordingly.
Then they waited many months for the stars to align on February 4th, 2016.
There were 35 transfers made by the hackers from the American bank account, totaling almost 1 billion USD, but there were two of these tiny little seemingly insignificant details that prevented this from becoming the worlds largest bank heist in history. The hackers biggest enemy became this concept known as “words”.
The Philippine bank accounts were all located in the same RCBC Bank office on Jupiter Street in Manila. And this would be the hackers downfall, as USA had sanctions put on an Iranian cargo ship called Jupiter. Since the transactions went to a recipient that contained the word “Jupiter”, it created a security alert in the Federal Reserve Bank that the employees needed to investigate. When they saw what was going on, they managed to stop all but five of the initial 35 transactions, thus “only” roughly 100 million USD made it to the Philippines. The Bangladesh bank requested to reverse the transactions, but since the money was in the Philippines, they would need bureaucracy in form of a court order to reclaim the money, and we all know that's not a 5 minute project. It was when Bangladesh filed the court order in late February that the case became public (since court orders are public documents) and the news broke to the country.
Once in the RCBC bank accounts, the money arrived on Friday the 5th and was immediately moved again. First the 100 million was converted to local currency, and some of it was withdrawn in cash, while the rest was sent off to other hacker-controlled locations. And this is where the second tiny little detail cut off even more of the hackers precious payday. 20 million USD had been sent to Shalika Foundation, a charity organisation in Sri Lanka. But, once again the hackers worst enemy - words - decided to strike again. A typo was made in their transaction, sending the money to “Shalika Fundation”, and a bank employee who must have had their morning coffee spotted this typo and rejected the transfer and kept the funds frozen. This left the hackers with 80 million USD.
✨Now comes the money laundering!✨
There was a second reason for choosing the Philippines as deposit zone; gambling is legal and the casinos had no money laundering regulations imposed. The accomplices of the heist booked private rooms in two casinos located in Manila - Solaire and Midas - and proceeded to purchase tokens to gamble for with the stolen money. Since they played with a room consisting of their fellow accomplices, winning was not really much of a challenge. Then the tokens could be exchanged back to money that would now be clean. To avoid suspicion, they didn't gamble all of the money at once, but over the course of several weeks gambled away the dirty money to clean money.
Who was behind it?
It's normally difficult to pinpoint where the more sophisticated hacking groups come from. Oftentimes, they will leave false clues behind that points to another group so they will face more trouble instead of the group that did it. They may even place clues from several different groups, just to mess with the analysts. It's also quite common to simply “steal” a way of working from another group, or use a leaked/stolen tool from another group (criminals aren't safe from other criminals, especially not in this business) - there are new malware coming out all the time with code that is just a slight modification of a well-known malware actor that had their source code leaked or simply had hired the same programmer. Or they may leave no clues as to who was behind it. Attribution to the guilty part is usually the single most difficult mission in IT-security - often it's just pure guesswork with little to no solid evidence to back it up, if you're lucky there's circumstantial evidence.
This case was no different. The first clue came from the IP the bad guys used to connect to the Bangladesh bank from. It was located in Pyongyang, North Korea. But, as I mentioned, this is not a conclusive verdict, as the IP may simply be planted false evidence to throw the analysts off their track. After the heist, the hackers used a data-wiper to scrub as much of their malware off the bank systems, but they didn't succeed in deleting all of it, some of the tools were still present, including the wiper.
Due to the scale of this operation, it caught the attention of every single IT-security person and IT-security company worldwide, who all of course wanted to know who and how they did it. With the remaining malware, a joint effort was made, comparing malware code to other malware code for similarities. Some was found in Poland, after an analyst noted the similarities from another suspected North Korean hack. Some was found in another infamous North Korean hack targeting Sony Pictures. More and more signs pointed towards the same actor. Some were false leads, the hackers seemed to be wanting to implicate the Russians did it, but failed quite miserably at that, just sprinkling random Russian words into the malware and making it way too obvious it was a ruse.
You may not believe this, but the North Korean government has one of the most notorious hacking groups in the world, known as the Lazarus Group. Some of its more well-known adventures include an extremely data-destructive hack of Sony Pictures (as punishment for releasing “The Interview”), creation of the ransomware WannaCry which was used against many targets worldwide (including hospitals), and various attempts at gathering information from governments and government-affiliated corporations all over the world. And, of course, this heist.
Eventually, after months of collaboration all over the world, the final verdict fell on North Korea, and specifically one of their programmers. His name is Park Jin Hyok, and worked for Chosun Expo - a front company for the North Korean government, located in Dalian (China) who used the funds of the fake corporation gained from legitimate programming jobs from customers worldwide to create the malware and plan the heist with all of its expenses. Of course he wasn't the sole person involved in this project, but it's the only person we know was in it.
This particular heist had been meticulously planned for several years, and Park Jin Hyok had moved to Dalian, set up fake IDs and built a network of contacts there to avoid suspicion. However, he didn't manage to delete all of his online footprints, and became the number one suspect when his internet activities suddenly came from Pyongyang, North Korea.
Additionally, several Chinese business men - many associated with the casino industry in China's Macau territory - were also charged and arrested for assisting with setting up the gambling rooms and coordinating the money laundering process. One unknown Chinese business man managed to get away with 31 million USD of the 80 million that remained after the heist, and as you would expect, he was never to be seen again.
With the middlemen from China paid off, not much remained of the original 1 billion to North Korea. But the heist has fascinated the whole IT-security world nonetheless.
I remember when the news of this case dropped to the IT-security world, who all wanted to take part in the hunt. It was a very fun time, we were all sitting at the edge of our seats waiting for the next update. I hope it was at least somewhat exciting for you too to read about, and thank you for reading this long post! If you liked it, please consider reblogging as it motivates me to write more. You may also like malware stuff I've written about before, such as Stuxnet or just plain evil malware that is a threat to our daily lives.
As always my inbox is open if you have any questions.
77 notes
·
View notes
The Korea Singer’s Association is unhappy:
But Lee Jayeon is a bit late. About two years late.
Oh. Well. Sounds like a you problem and not a BTS problem. Not like there was an entire bill sitting in front of the legislative body while “how much is enough for exemption” was debated for well over eighteen months or anything…
OH. OHHH. So now that they’re starting to see the clues stack up, people are getting worried? Really? REALLY?
Korean politicians been out there campaigning on the idea that BTS are just like the rest of us and should get maaaaybe a year to bring twelve months more glory to the People but guess what?
The pandemic ate that time for everyone ELSE. Meanwhile our mens topped 800 physical awards, outsold the Beatles, ran themselves into the ground and now are in dire need of solo projects, relaxation, family time and maybe some goddamned equal rights under the law for LGBTQ++ humans.
BUTNOPE their country doesn’t wanna give them any of that. What are they gonna do, call the Assembly back into session?
If President Moon could have gotten it done it would have been done before May. Yoon, the Korean Trump, ain’t gonna get it done.
Yoon is a lot of things but he’s not stupid. He knows the solo projects are a similar if not greater revenue stream. He’ll consider exempting whoever sells best, turn it into a little manly masculine not gay competition among bros, dangle Grammy sticks in front of them…
And I’m starting to figure out why Jungkook might not be so upset about covering up the patriotic references on his arm.
I know I KNOW that most of the guys are not likely open to emigrating and are probably not doing all that. The Korean backlash would be insane. What I could see happening is, if they stay less active through the summer?
Maybe that exemption gets pushed through early in September or October. Not soon enough to keep Jin out but maybe soon enough for the rest of them - if they amend exemption to get them out entirely instead of putting them through basic and weekend duty and tying them to the government for six years as a group. The way exemption works now is they’ll do basic and then get put into reserve duty for years- which is kind of a lose-lose deal.
We shall see.
95 notes
·
View notes