Global Banks fearing North Korea hacking, prepare defenses

Binary code is seen on a screen against a North Korean flag in this illustration photo November 1, 2017.

By Jim Finkle and Alastair Sharp

WASHINGTON/TORONTO (Reuters) – Global banks are preparing to defend themselves against North Korea potentially intensifying a years-long hacking spree by seeking to cripple financial networks as Pyongyang weighs the threat of U.S. military action over its nuclear program, cyber security experts said.

North Korean hackers have stolen hundreds of millions of dollars from banks during the past three years, including a heist in 2016 at Bangladesh Bank that yielded $81 million, according to Dmitri Alperovitch, chief technology officer at cyber security firm CrowdStrike.

Alperovitch told the Reuters Cyber Security Summit on Tuesday that banks were concerned Pyongyang’s hackers may become more destructive by using the same type of “wiper” viruses they deployed across South Korea and at Sony Corp’s <6758.T> Hollywood studio.

The North Korean government has repeatedly denied accusations by security researchers and the U.S. government that it has carried out cyber attacks.

North Korean hackers could leverage knowledge about financial networks gathered during cyber heists to disrupt bank operations, according to Alperovitch, who said his firm has conducted “war game” exercises for several banks.

“The difference between theft and destruction is often a few keystrokes,” Alperovitch said.

Security teams at major U.S. banks have shared information on the North Korean cyber threat in recent months, said a second cyber security expert familiar with those talks.

“We know they attacked South Korean banks,” said the source, who added that fears have grown that banks in the United States will be targeted next.

Tensions between Washington and Pyongyang have been building after a series of nuclear and missile tests by North Korea and bellicose verbal exchanges between U.S. President Donald Trump and North Korean leader Kim Jong Un.

John Carlin, a former U.S. assistant attorney general, told the Reuters summit that other firms, among them defense contractors, retailers and social media companies, were also concerned.

“They are thinking ‘Are we going to see an escalation in attacks from North Korea?'” said Carlin, chair of Morrison & Foerster international law firm’s global risk and crisis management team.

Jim Lewis, a cyber expert with Washington’s Center for Strategic and International Studies, said it is unlikely that North Korea would launch destructive attacks on American banks because of concerns about U.S. retaliation.

Representatives of the U.S. Federal Reserve and the Office of the Comptroller of the Currency, the top U.S. banking regulators, declined to comment. Both have ramped up cyber security oversight in recent years.

 

 

(Reporting by Jim Finkle in Washington and Alastair Sharp in Toronto; additional reporting by Dustin Volz in Washington; editing by Grant McCool)

 

U.S. banks must pay up to $2 billion more per year to shield Wall Street: Fed

A Wall Street sign is pictured outside the New York Stock Exchange in New York,

WASHINGTON (Reuters) – The largest U.S. banks will have to pay as much as $2 billion more a year to insure against a future market collapse, the U.S. Federal Reserve said on Thursday, as it outlined a new rule designed to further protect the financial system.

The rule demands Wall Street holds more debt that could be converted to shareholder equity if a bank is pushed to bankruptcy. Investor-owned stock is the main buffer against a bank failure.

Half of the eight largest U.S. banks would need to issue roughly $50 billion in fresh debt to satisfy the new standard, known as Total Loss Absorbing Capacity (TLAC), according to Fed estimates.

Taken together, the eight banks’ overall annual funding costs are set to increase by between $680 million and $2 billion, the Fed has said.

Fed officials declined to identify the four banks that lack sufficient debt. Wells Fargo Co said in November it envisioned issuing at least an additional $29 billion in debt to satisfy the rule.

Large banks were already making significant strides to satisfy the new rule, Fed officials said.

The final rule issued on Thursday largely upholds a draft issued early this year, but with a few concessions to the industry.

Much existing debt will be counted towards satisfying the new rule, the Fed said, a process known as ‘grandfathering’.

“This grandfathering should significantly reduce the burden of complying with the requirements,” the Fed said in a statement.

Besides Wells Fargo, the banks expected to satisfy the new rule are JPMorgan Chase & Co, Bank of America Corp, Citigroup Inc, State Street Corp, Bank of New York Mellon Corp, Morgan Stanley and Goldman Sachs Group Inc.

Some of the largest subsidiaries of foreign banks must also satisfy TLAC.

(Reporting By Patrick Rucker in Washington; Additional reporting by Dan Freed and David Henry in New York; Editing by Bill Rigby)