Categories: Security

Infosec 2016: Mikko Hyppönen Blames North Korea For SWIFT Attacks

Security expert Mikko Hyppönen has said that North Korea was without a doubt behind the SWIFT bank heists that have so far funnelled almost one billion dollars out of banks around the world.

“There are different theories on who is behind this. One theory looks at the technical evidence,” he told a keynote audience at Infosec 2016 in London.

“I’m not saying North Korea did the SWIFT attack, but North Korea did the SWIFT attack.”


It was May when security firm Symantec announced it had traced the worldwide bout of bank cyber heists to North Korea, following a piece of code that had also been found in the December 2014 Sony Pictures hack.

That hack was originally pinned on North Korea after the NSA had admitted the organisation had infiltrated North Korean networks and had been watching the attack unfold the whole time.

The clue in question is an encryption key that serves the purpose of allowing the attackers to be notified of their attacks progress.

“We’ve seen this before once, back in December 2014, in a completely unrelated attack, in a completely unrelated piece of malware that used the same key,” said Hyppönen.

“There’s a criminal link between these two attacks. Sony Pictures was a target of a major hack after they announced a movie making fun of the dictator of North Korea.

“The attacker was unusually aggressive. They leaked whole email histories of every single employee. As soon as this started happening, the US government announced it was North Korea. How could they possibly know?” he said.

It was the New York Times that broke the story of the NSA already having infiltrated North Korea networks prior to the Sony Pictures hack.

“What I am saying is that this [Sony] attack shared the same, secret key with the attack link to SWIFT.

“The attackers actually tried wiring over $900 million, by any measure that’s a lot of money. It’s getting close to a billion. That’s big money for governments in trouble, especially a government in trouble like North Korea’s,” Hyppönen said.

The security expert, who has worked at security firm F-Secure for 25 years, said that North Korea may be trying to make up for its economic deficits.

“Do you know what the annual budget is of the whole country of North Korea? It’s a little less than $4 billion. So is this North Korea trying to fix its budget deficit by stealing from the rest of the world? Well maybe it is,” he said.

“What we know for certain is that this is the first time in history that we have seen a nation state attack which is not done for espionage, spying or sabotage, but which is actually done for stealing money. And for that, it’s completely unique. We’ve never seen this before.”

Hyppönen likened the current state of cyberwar to the nuclear arms race, but with one major difference, no one knows who is doing the cyberwarfare.

“So the world around us is changing. I use the term ‘fog of cyberwar’. Now of course, attacks like the SWIFT attacks aren’t war. But we have recent examples of attacks that are much closer to real cyberwar,” Hyppönen said, illustrating the Ukraine power plant attacks by Russia last year.

“The fog of cyberwar comes from us not knowing the capabilities of other countries. We just got out of the previous arms race. We just got out of the cold war, just out of the nuclear arms race. We’re not really worried daily about the risk of nuclear war anymore. But we’ve gone headlong into the next arms race, the cyber arms race. The nuclear arms race was all about deterrence. It was about knowing who has nuclear weapons. We don’t have that information for cyberarms. Cyberarms are invisible.

“We don’t know who has what. This the fog of the cyberwar. What is the offensive cyber capability of Brazil? What about Vietnam or Australia? That’s the fog of the cyberwar. Cyberarms are the perfect weapons. They are cheap, effective, and they are deniable. That’s a great combination,” said Hyppönen.

Take our data breach quiz here!

Ben Sullivan

Ben covers web and technology giants such as Google, Amazon, and Microsoft and their impact on the cloud computing industry, whilst also writing about data centre players and their increasing importance in Europe. He also covers future technologies such as drones, aerospace, science, and the effect of technology on the environment.

Recent Posts

Tesla Reaches $1 Trillion Valuation

Car maker Tesla now worth at least double that of Toyota, Volkswagen and Ford combined,…

19 hours ago

Australia Funds Telstra Buy Of Digicel Pacific To Thwart China

Strategic blocking? Australian government joins forces with Telstra to acquire Digicel Pacific, after interest from…

20 hours ago

Apple ‘Very Likely’ To Face DoJ Antitrust Lawsuit – Report

Two year investigation by Department of Justice of tech giants has seen acceleration of Apple…

21 hours ago

France Holds Secret Talks With Israel Over NSO Spyware

Top adviser to French President holds talks with Israeli counterpart to discuss NSO spyware allegedly…

22 hours ago

Facebook Making Online Hate Worse, Whistleblower Tells MPs

Frances Haugen answered questions from the UK parliament's Joint Committee on Monday, after cache of…

24 hours ago