- Hello everybody, welcome back to the Social Pants Experiment. Today, I want to talk about my run-in with casino security in Singapore. (upbeat rock music) (upbeat rock music continues) So our story begins on the evening myself and friends went to the Marina Bay Sands. You may remember the vlog where we went to the top and had drinks at the bar. Afterwards, we headed to the casino. Now, to set this up properly, you need to understand that Singapore is a city-state known for it's strict rules.
Anthony Bourdain referred to it as Disney Land with a death penalty, and this was referenced to a city-state where prostitution and gambling is legal, but there is zero tolerance for guns or drugs. So a little history. In 2010, Singapore lifted a decades-old ban on gambling and opened two amazing casinos: the Malaysian-own, Resorts World Sentosa, and the iconic Marina Bay Sands Hotel https://oncasinogames.com/canada/roulette/.
Singapore is still a city of rules, however. Their are rules that apply that are designed to reduce addiction and crime thought to surround gambling. For instance, permanent residents of Singapore must pay 100 dollars for a 24 hour pass, just to enter the casino.
Foreigners, like me, must have a passport and go through, what feels like, tighter security than entering the country. Family members can have you black-listed at the casino if they feel like you're spending too much time there. Casino operators cannot advertise anywhere locally in Singapore. So, back to our story.
We enter the casino through security, cash in hand, ready to have a little bit of fun. Before we got started I thought I would take the opportunity to stroll around this amazing place and get a little B-roll with my GoPro. After all, like so many things in Singapore, the architecture and design of this casino is absolutely breathtakingly beautiful. Things were going pretty well, I thought, and then I was approached by casino security. You can imagine how nervous I suddenly became.
(guitar riff) Well I ain't superstitious, But a black cat crossed my trail - Apparently, they don't like you filming in the casino. So the way it was explained to me is, this is mainly because they don't want people to be identified on camera, on video, on social media who are at the casino gambling. This could be for various reasons, whether they're local Singaporians, or specifically VIP's, who are in town gambling and don't necessarily want their whereabouts known. Apparently, I slipped up when I was trying to film my friends playing and did not realize, a lot of people were in the frame and really concerned about my camera. Now again, like everything else in Singapore, security was extremely nice, overly friendly, and very accommodating.
But, they did go through my camera and have me delete all the footage from the casino. Which I was more than happy to do by the way, and not just because I feared a caning, but it was the right thing to do. All things considered, I felt great about the transaction. I honestly don't recall if there were any signs anywhere that said filming is prohibited. There probably was I just didn't see them. In Vegas for instance, nobody really cares.
But make no mistake about it, this is not Las Vegas. So after that I proceeded to spend a couple hours at the blackjack table and ended up walking away with an extra 200 dollars Singapore in my pocket. So in the end, another successful trip to the casino in Singapore.
I hope you enjoyed this story, Ill see you tomorrow. (blues-rock music)
Now, it is important to note, that it is possible that North Korea was framed, with the attackers leaving behind purportedly solid evidence in order to mislead investigators. But, according to the majority of cybersecurity experts, it is almost certain that North Korea was behind the attacks. And, it wasn't just attacks on financial institutions, they were also revealed to be responsible for many cyber terrorism and cyber espionage campaigns against the South Korean government and various South Korean infrastructures. Then there's the Sony Pictures hack of 2014.
One of the biggest corporate breaches in history. Lazarus had taken great exception to the plot of the film 'The Interview', where the North Korean leader, Kim Jong Un, was targeted for assassination by the CIA. Cinemas across the US were threatened with terrorist attacks if the film wasn't pulled. North Korea, of course, denied any responsibility. But, it seemed fairly obvious that this group was actively targeting known enemies of the State.
Now, as for Lazarus' banking exploits, like the Bangladesh incident, the attacks were just the start. They had to ensure the money would then get to the intended location. And, the way they did that was to have the stolen funds moved through places like Macau, which in particular, is known to be North Korea's financial point of contact with the outside world. We know, thanks to the two Chinese middlemen, that that's exactly where the Bangladesh funds ended up. And, from there, it wouldn't have been hard for the money to be wired directly to Pyongyang.
Proceeds would then have likely gone towards advancing their nuclear program, funding the lifestyles of the elite, and propping up their economy. All this, quite possibly representing, a significant percentage of the country's current GDP. If this is all accurate, and North Korea is indeed behind these attacks, the international implications would be profound.
Especially with the recent developments. As this would be the first known case of a nation state robbing banks. From there, perhaps, anything is possible.
They could hack political campaigns, weapons systems, civilian bank accounts, or even YouTube accounts who have made content they may find unfavorable. Oh crap. Actually, that's okay because I have Dashlane.
Dashlane makes keeping track of all your passwords ridiculously easy. Not only is it gonna prevent North Korea from spying on you, yeah you, because that's likely to happen. But it'll store all your passwords in one super-secure place, and auto fill them on websites you go to. If you have the same password everywhere, but are too lazy to go to each individual website to change your passwords, well, not a problem. Because you can just click one button on the Dashlane app, and it does it for you.
Dashlane also has a password generator, so you don't have to spend time thinking up super strong passwords like this one. By going to dashlane.com/kentobento, you can get started for free. And, if you want some extra special features like syncing your passwords and login details between all your devices like IOS, Android, Mac, and Windows, you can upgrade for 10% off by using the promo code KENTOBENTO at checkout.
These suspicions were soon reaffirmed, and ultimately it turned out, no surprise, that this Shalika Fandation was indeed a fake company. The money was then rerouted back to the Bangladesh Bank's New York account. Then there were four, $81 million dollars. But, we won't drag this out because these four were all sent not just to the same country, not just to the same bank, but to the same branch. The Jupiter Street branch of the RCBC Bank, just outside Manila, in the Philippines. Four accounts had laid dormant for nine months with just $500 inside, untouched.
Until a sudden cash infusion of $81 million. These sudden bursts should've triggered an alert from RCBC but for whatever reason, it slid under the radar. And, indeed, the accounts were later found to be under fictitious identities. From there, the money was quickly withdrawn and laundered through casinos. Where the electronic money transfers were converted to hard untraceable cash. The Bangladesh Bank did try to stop the transfers, but timing was just not on their side.
The stop order was not received by RCBC Bank on the expected Monday, because Monday was Chinese New Year. A non-working holiday in the Philippines. By now you're probably noticing a trend here. Every step of the way there were delays that benefited the hackers. And, this was by design. A remarkably well timed attack.
On Thursday evening they entered the system at the start of the Bangladesh weekend when the bank is closing. On Friday, the New York Fed tries to clarify the requests with Bangladesh, but no one's there. On Sunday, Bangladesh staff return from the weekend but can't get through to New York as it's now the weekend in the US.
On Monday, the Fed finally gets the orders to stop the transfers, but not the Philippines because it just so happened to be Chinese New Year there. And, only on Tuesday, five days after the heist, that RCBC staff find out about the fraudulent transfers. But, by then it was too late. Now, two Chinese men, Ding and Gao, were eventually found to be responsible for setting up the fake RCBC accounts in the Philippines. They turned out to be just middlemen.
But, they were still a crucial part of the operation. And, investigators hoped questioning them would lead to the true culprits. Unfortunately, before the Bangladesh authorities were able to apprehend them, they left the country, Boarding flights to Macau, a special administrative region of China where it was then impossible to track them. And so, with the remaining four transfers, the hackers were able to net $81 million.
Not quite the original sum, but still enough, by some metrics, to be considered the single biggest bank heist in history. Now, despite the attackers best efforts at removing evidence from the bank's systems, cybersecurity experts were still able to analyze the malware. What they found were similarities in the techniques and tools used between the Bangladesh Bank heist and many other cyber attacks on financial institutions around the world. Which means that, this one particular group had very likely been responsible for a series of global attacks. This group was dubbed Lazarus. But, there was more.
As experts dug deeper, combing through the server logs of recent attacks, they found something even more unexpected. An IP address connecting Lazarus to a particular nation state. For a brief moment they had failed to cover their tracks. And the logs had indicated that the attack servers they used had been accessed at least once from a North Korean IP address. There was also Korean language found embedded in the computer code.