Billion Dollar Heist: The Bangladesh Central Bank Job

This is not just a true crime documentary. It also raises national security issues. The “Lazarus Group,” the hacking operation considered to be responsible for the 2016 hacking of the Central Bank of Bangladesh, has often been linked by cybersecurity experts to North Korea. Weirdly, this film never mentions those ties, but there is no debating the hackers got away with $81 million dollars from the Central Bank and they very nearly stole considerably more—just under a billion. Filmmaker Daniel Gordon and his cast of cybersecurity experts break down the caper and the dumb luck that prevented far worse losses in Billion Dollar Heist, which release this Tuesday on demand.

The planning was deviously shrewd. The hackers hit the Central Bank of Bangladesh on Friday, when most offices in the Muslim nation were already closed. They forged electronic instructions to withdraw Bangladesh’s currency from the Federal Reserve over the weekend, when nobody would be in the office. Then they transferred the loot to a branch bank in the Philippines, which be hard to contact on Monday, due to the Chinese New Year festivities.

The hackers almost got away with nearly one billion dollars, but they were undone by a typo and the coincidence of choosing a bank in Manila located on a street that shared its name with a company on the sanctions watch list. Ironically, they could have stolen quite a bit more, had they just been a little more patient.

Gordon and his on-camera experts never suggest the Lazarus Group was acting in concert with North Korea, but they argue the length of time needed to explore and hack the Bangladesh Central Bank’s system (perhaps even a full year to finally reach the bank’s Federal Reserve-dedicated terminal) would have required state support. They also suggest a large group of gamblers from Macau deliberately supplied a distraction and cover for the Lazarus team laundering the money through a Filipino mega-casino—so there’s that too.

Regardless, it is pretty amazing how Gordon and company manage to break down the hacking caper, step by intricate step. As a result, the doc has a high degree of credibility and authority. The animated recreations add some interesting visuals to the film, beyond the typical talking heads. However, the masked and hooded animated hackers’ resemblance to the Anonymous Group seems a little unfair (Anonymous is not infallible, but their code of ethics would surely exclude targeting the central bank of a desperately poor country like Bangladesh).

In any event, Billion Dollar Heist is dramatic wake-up call regarding the potential reach and cost of state-sponsored hacking. What happened in Bangladesh was not a harmless caper. It ruined the lives of decent people, as Gordon and company clearly document. Highly recommended for its perspective on international cybersecurity, Billion Dollar Heist releases digitally Tuesday (8/15) to rent and own.