11/27/2020 The Billion-Dollar Bank Job - The New York Times

The Money Issue

BY JOSHUA HAMMER
ILLUSTRATIONS BY FRANCESCO FRANCAVILLA
MAY 3, 2018

IN 2016, A MYSTERIOUS SYNDICATE TRIED TO STEAL $951 MILLION

FROM BANGLADESH’S CENTRAL BANK - AND LAID BARE A PROFOUND
WEAKNESS IN THE SYSTEM BY WHICH MONEY MOVES AROUND THE
WORLD.

At 8:45 in the morning on Friday, Feb. 5, 2016, Zubair Bin Huda, a director
at Bangladesh’s central bank, entered the 30-story, concrete-and-glass
headquarters in Dhaka. Bin Huda, slim and soft-spoken, with a thin black
mustache and beard, rode an elevator to the ninth floor and eventually
walked into the back office of the Accounts and Budgeting Department’s
“dealing room,” the most restricted area of the building, accessible to only a
handful of employees.

Until about a decade ago, Bangladesh’s central bank was stuck in the
analog age: Staff members sent international payment instructions via a
teleprinter, an electromechanical typewriter that sent and received
messages over standard phone lines and other channels. But since a new
bank governor took over in 2009, the institution had gone digital. Its
international transfer orders are now dispatched via Swift, the Brussels-
based electronic network used by 11,000 financial institutions in more than
200 countries and territories. Inside a 12-foot-by-8-foot glass-walled
chamber, under the scrutiny of closed-circuit security cameras, staff
members log into Swift and dispatch the payment orders with encrypted
communications. With a few keystrokes, a complex process is set in motion
that sends millions of dollars zipping across continents.

Bin Huda was the duty manager that morning, which meant he was tasked
with scrutinizing printouts of transfer confirmations, routine queries and
other Swift messages that had come in overnight. Friday is a bank holiday

https://www.nytimes.com/interactive/2018/05/03/magazine/money-issue-bangladesh-billion-dollar-bank-heist.html 1/14
11/27/2020 The Billion-Dollar Bank Job - The New York Times

Tin
h eBangladesh,
M o n e y I s s ubut
e a dedicated printer still generated hard copies of digital
transfer messages. A few dozen would usually come in over the course of a
day, but that morning Bin Huda didn’t see any on the printer. He assumed
it was a technical glitch and decided to deal with it on Saturday.

At 9 o’clock the next morning, he returned to the office. This time, he found
that the Swift software — the program that launches the messaging service
— wasn’t functioning, either. Each time he tried to open it, a disconcerting
error message appeared: A file is missing or changed. He and his
colleagues huddled over the dedicated Swift computer, following directions
on the monitor on how to get the software running again. Shortly after
noon, he was able to retrieve three messages from the Federal Reserve
Bank of New York and to print them out one by one. The New York Fed is,
in effect, the gatekeeper of much of world banking, and hosts accounts for
250 central banks and governments with deposits of about $3 trillion. A
Fed employee had written to Bangladesh, asking for clarification about 46
payment instructions received over the past 24 hours. The Fed had never
seen orders like that or a total so large from the bank — nearly $1 billion.

It had to be a mistake, Bin Huda thought. Bangladesh Bank, as the central

bank is known, never sent payment instructions on weekends, and even
during business hours, it rarely sent more than two or three to the Fed in a
day. He scrolled through the message file in search of more information.
Where was the money headed? The one debit statement he could find was
corrupted and unreadable. Desperate to stop the transactions from moving
forward, but unsure where to turn, Bin Huda emailed a Swift case manager
at the organization’s Brussels headquarters. He told bank officials that he
had reported a “big accident” in the Swift system. He tried to reach the Fed
in New York by telephone, but the bank was shut down for the weekend.
Bin Huda emailed and faxed a demand to the Fed to stop processing all
payments, including all those mentioned in the queries. Hoping that
someone would get the message, Bin Huda then shut down his computer
and went home to enjoy his weekend with his family.

ALTHOUGH NO ONE KNEW THIS YET, Bin Huda was in the middle of the most
daring bank robbery ever attempted using Swift. And it would prove to be
the most severe breach yet of a system designed to be unbreachable. Swift’s
https://www.nytimes.com/interactive/2018/05/03/magazine/money-issue-bangladesh-billion-dollar-bank-heist.html 2/14
11/27/2020 The Billion-Dollar Bank Job - The New York Times

Ttransmission
h e M o n e y I sprocess
sue — by which money moves through the dispatching of
encrypted messages to multiple operating centers and then on to the
receivers — has become the standard in the banking world, flawlessly
processing more than three billion payment orders a year. It uses “military
grade” security systems, says Adrian Nish, the head of Threat Intelligence
for BAE Systems, a cybersecurity firm in Britain that investigated the attack
on Bangladesh Bank. Swift (the acronym stands for the Society for
Worldwide Interbank Financial Telecommunication, a cooperative founded
in 1973 and owned by its member banks) recommends that its institutions
use multifactor authentication to log on and that they segregate the Swift
server from the rest of their internal network.

Even for skilled and dedicated hackers, the most viable path to penetrating
Swift runs through the member banks, which operate the software that lets
them log into the Swift system — providing “the technical handshake that
opens the secure pipe,” as one cybersecurity expert put it to me. During the
past three years, a rash of smaller incidents have shown the vulnerabilities
in the system, as cyberthieves broke into the computer networks of banks
in Ecuador, Taiwan, Vietnam, Poland, India and Russia to send out phony
payment instructions via the Swift network. Alert bank officials were able
to call back some fake payments, but millions of dollars were lost. “A lot of
institutions in emerging markets don’t have the same security controls that
more mature banks have,” says Patrick Neighorn of FireEye, a U.S.
cybersecurity firm. “In some the passwords aren’t centrally managed, or
they didn’t know what all the devices connecting their network are.”

The Bangladesh job, though, was an order of magnitude more

sophisticated. The hackers’ approach was masterly in its foresight and
complexity, and the malware they used, or variations of it, later turned up
in several of the other bank breaches. The intruders most likely entered the
bank’s computer network through a single vulnerable terminal, using a
contaminated website or email attachment, and planted malware that gave
them total control, even a view of the screens they were manipulating.
There, hiding in plain sight, they waited for months to gain an
understanding of the bank’s business operations. They harvested employee
passwords and worked their way to the most tightly guarded corner of the

https://www.nytimes.com/interactive/2018/05/03/magazine/money-issue-bangladesh-billion-dollar-bank-heist.html 3/14
11/27/2020 The Billion-Dollar Bank Job - The New York Times

Tnetwork:
h e M o n ethe
y I sSwift
s u e server. Despite Swift’s warnings, the bank had not
segregated its Swift server from the rest of the computer network. “It takes
a huge amount of skill to understand the target systems and to be able to
subvert them the way they did,” says Nish of BAE Systems.

In contrast to off-the-shelf tools that have been used in many recent attacks
— such as the “SQL injection code” deployed in 2015 to break into the
database of TalkTalk, a British telecommunications firm, and access the
bank information and personal details of more than 20,000 subscribers —
the malware that the thieves devised was “a custom code, built for attacks
on banks and configured for a specific bank,” Nish says. And because it was
written from scratch, it was unfamiliar to existing virus-protection
programs. After the hackers sent their counterfeit payment orders via the
secure Swift messaging network, they completely erased their footprints by
deleting those orders from the bank’s Swift database, wiping out the
evidence from the printer statements and updating the balances in the
bank’s New York Fed account to make it appear that no money had been
debited. In effect, Nish says, “the thieves figured out how to make
themselves disappear.”

The hackers also succeeded in turning one of Swift’s defining features — its
global reach — into a vulnerability. After months of lurking in the system,
they planned their attack for a moment when the banks were unable to
communicate effectively. Beginning on Thursday afternoon, New York
time, when the Fed had received a total of 70 fraudulent payment orders to
four bank accounts in the Philippines and one in Sri Lanka, totaling $1
billion, Bangladesh Bank was closed for the weekend. On Sunday, when the
bank reopened and discovered the error, it was unable to reach the Fed. Bin
Huda sent a stop-payment order to the Philippines central bank, which was
closed for the Chinese New Year. “There was no hotline between the
Bangladesh Bank and the Fed in New York,” says Atiur Rahman, the
governor of Bangladesh Bank at the time of the heist. “Essentially, I think
this was a flaw of the global payment system.”

Late on Monday afternoon, Dhaka time, as the Fed was opening for
business, Bangladesh Bank asked officials in New York to block the money
https://www.nytimes.com/interactive/2018/05/03/magazine/money-issue-bangladesh-billion-dollar-bank-heist.html 4/14
11/27/2020 The Billion-Dollar Bank Job - The New York Times

Ttransfer
h e M o n to
e y the
I s sPhilippines
ue but were told it was too late and that the money
was with recipient banks. On Tuesday morning, more than four days after
the theft, Rahman finally reached his Philippine counterpart via a landline
from his office and begged him to intervene. The Philippine bank governor
asked him to file a written complaint, a Bangladesh Bank official says, and
to send it through the diplomatic pouch. Rahman says he was told to keep
the matter quiet until it was fully clear what happened.

In early March, according to a bank official, an elite police unit was given
permission to inspect the back office. Investigators seized passports to see
if anyone had traveled to the Philippines, slapped one employee with a
travel ban and questioned the others for hours. Rahman resigned a few
days later.

ULTIMATELY, IT WAS only a few strokes of good luck that kept the heist
from being far worse. On Thursday, Feb. 4 — the day before Bin Huda
noticed that the Swift software had crashed — five payment orders went
through without triggering an alarm: a $20 million deposit for the Shalika
Foundation, an agricultural NGO in Sri Lanka that had an account at Pan
Asia Bank, and four for individual accounts at the Jupiter branch of Rizal
Commercial Banking Corporation near Manila. They didn’t clear
instantaneously: Fedwire, a Fed-run service for 5,300 clients, enables
participants to transfer cash to one another in seconds, but neither of those
banks was a member of Fedwire. So the Fed instead began steering the
payments to several “correspondent banks” — typically, large commercial
institutions that serve as intermediaries between the Fed and smaller banks
that aren’t part of its network. In this case, Deutsche Bank had a financial
relationship with the bank in Sri Lanka; and the Bank of New York Mellon,
Citibank and Wells Fargo dealt regularly with R.C.B.C. When these banks’
automated systems also failed to pick up anything suspicious, the orders
were processed.

But the next 30 payment orders, totaling $850 million, were held up by a
fortunate coincidence. Representative Carolyn B. Maloney, a senior
member of the House Financial Services Committee, says that the
automated system flagged the word “Jupiter,” the name of the R.C.B.C.
bank branch to which the Swift order was addressed, because it happened
https://www.nytimes.com/interactive/2018/05/03/magazine/money-issue-bangladesh-billion-dollar-bank-heist.html 5/14
11/27/2020 The Billion-Dollar Bank Job - The New York Times

Tto
h ematch
M o n ethe
y I sname
s u e of a totally different business on a sanctions list: Jupiter
Seaways Shipping, an Athens-based firm that was blackballed for evading
sanctions against Iran. When Fed compliance officers took a close look at
the orders, other irregularities became apparent. According to the former
Philippine senator Sergio Osmeña III, who later examined the transactions
as part of his nation’s investigation into the heist, the payments bore the
addresses of the same four account holders in the R.C.B.C. Jupiter branch.
“If it hadn’t been for the quick action of someone at the central bank in
New York, an additional $900 million would have been lost,” Maloney says.

Then one of the first five transactions — those that had initially cleared —
ran aground, too. An alert clerk at the small bank in Sri Lanka noticed
something that the global players had not: The payment was unusually
large for such a small NGO. The clerk held the $20 million order and went
to Deutsche Bank for clarification. Deutsche Bank took a closer look and
discovered that the word “Foundation” had been misspelled. Suspicious,
Deutsche Bank contacted Bangladesh Bank, which sent a stop-payment
order.

This left four payments, totaling $81 million, that went through — an
enormous bank job by any metric (by contrast, the most recent large-scale
cyberheist, when hackers hit India’s City Union Bank in February 2018,
reaped about $1.5 million) and an enormous blow to the global financial
system. “What struck me the most was that this action struck at trust in the
international banking system,” Representative Maloney says. “And if you
can’t trust international banking, then international commerce could grind
to a halt.”

Yet when it came to the Bangladesh heist, transferring the cash was only
the first part of the scheme. It was one thing to use malicious software to
tunnel into the bank’s Swift network and send out dozens of phony transfer
orders to banks around the world. It was quite another to turn that digital
cash into real money and then make it disappear.

PHILIPPINE AUTHORITIES HAVE focused on Maia Santos-Deguito, a career

banker in her early 40s, as the linchpin of the heist’s second phase. At the
time of the transfers, she was working as the manager of the Rizal

https://www.nytimes.com/interactive/2018/05/03/magazine/money-issue-bangladesh-billion-dollar-bank-heist.html 6/14
11/27/2020 The Billion-Dollar Bank Job - The New York Times

TCommercial
h e M o n e y I Banking
ssue Corporation’s Jupiter branch. Santos-Deguito worked
at several smaller banks before earning her prized position at R.C.B.C., a
branch that primarily serves the residents of Bel-Air Village, an affluent
neighborhood of tree-shaded residential streets and busy commercial
boulevards lined with yoga salons, boutiques and expensive cafes.

In May 2015, nine months before Bin Huda of Bangladesh Bank was baffled
by the Swift breakdown, Santos-Deguito met with a longtime client, Kam
Sin (Kim) Wong, according to her lawyer. A Hong Kong-born restaurateur
and president of Eastern Hawaii Leisure Company, Wong ran “casino
junkets” in Manila and northern Luzon, bringing in Chinese high rollers on
charter flights, operating V.I.P. rooms in casinos, providing them chips on
credit and then taking a cut of the house profit. Wong had experience
moving money in and out of an industry where it was nearly impossible to
keep track of it. The U.S. State Department’s 2017 International Narcotics
Control Strategy Report described the Philippines as a “major” money-
laundering site, noting that “criminal groups use the Philippine banking
system, commercial enterprises and particularly casinos to transfer drug
and other illicit proceeds from the Philippines to offshore accounts.”

In 2001, the Philippines passed an Anti-Money Laundering Act, and by

2016 the Legislature had amended it three times to evade a blacklist
designation by the Financial Action Task Force, an international watchdog.
But Juan Ponce Enrile, a powerful ex-secretary of national defense, used
his position as Senate president to persuade his colleagues to shield casinos
from the law — keeping their operations secret and their customers
anonymous. In the mid-1990s, Enrile started the Cagayan Economic Zone,
a free port near northern Luzon that has attracted casinos and reportedly
become a money-laundering hub. The secrecy seems to have been very
good for business. In 2016 Bloomberry Resorts, one of the region’s biggest
casino operators, posted a net income of $46 million. Melco Crown
Philippines Resorts, the operator of City of Dreams Manila, another major
gambling resort, had the best-performing casino stock in the world in 2017.
“There are no controls, none whatsoever,” Osmeña told me.

https://www.nytimes.com/interactive/2018/05/03/magazine/money-issue-bangladesh-billion-dollar-bank-heist.html 7/14
11/27/2020 The Billion-Dollar Bank Job - The New York Times

TAccording
h e M o n e ytoI sSantos-Deguito’s
sue attorney, Wong introduced her to a few
Filipino associates and asked her to open accounts for them at the Jupiter
branch. R.C.B.C. colleagues claimed at a Senate hearing that these “clients”
never existed, and they accused Santos-Deguito of using forged signatures
and a driver’s-license photo from a former colleague to manufacture their
identities. Santos-Deguito’s attorney maintains that his client is innocent
and says that she trusted Wong. The prospect of lining up wealthy new
clients was enticing for her. It was a potential win for her employer,
R.C.B.C., as well. Santos-Deguito kept the accounts open — and nearly
empty — for eight months. Then on Friday morning, Feb. 5, 2016, they
suddenly became active.

That morning, R.C.B.C. headquarters received Swift instructions from its

correspondent banks in the United States to transfer the $81 million into
the accounts. Santos-Deguito had already vouched for the integrity of her
clients, and she again confirmed that they were legitimate. A colleague at
the Jupiter branch testified at the Senate hearings that, on the same day the
cash arrived, he watched Santos-Deguito stuff $400,000 into a paper bag
and carry it to her car. A three-day weekend, including the Chinese New
Year, followed. Then on the morning of Tuesday, Feb. 9, Santos-Deguito
arrived at her storefront branch office in Bel-Air Village and began moving
the $81 million out of the accounts.

By that point, at the R.C.B.C. headquarters in downtown Manila,

employees in the payments department were working through a backlog of
nearly 800 Swift messages that had accumulated during the holiday
weekend. Among them was a stop-payment order marked “urgent” from
Bangladesh Bank. The message went unread until 11 a.m. — by which time
Santos-Deguito was in the midst of transferring the $81 million into a fifth
account, and from there to a remittance firm called PhilRem, owned by a
married couple, Michael and Salud Bautista. Santos-Deguito, who claims
she was just following her clients’ orders, finished transferring the funds by
11:30 a.m. The Bautistas converted at least $61 million into Philippine
pesos — more than three billion of them.

Around 7:30 that evening, a courier from PhilRem testified, he picked up a

suitcase, a traveling bag and a shoulder bag at the company’s office. The
https://www.nytimes.com/interactive/2018/05/03/magazine/money-issue-bangladesh-billion-dollar-bank-heist.html 8/14
11/27/2020 The Billion-Dollar Bank Job - The New York Times

Tluggage
h e M o nwas
e y Istuffed
s s u e with 90 million pesos, worth $1.8 million, and
$500,000 in U.S. cash. The courier placed the cash into the back of a van,
and with a company driver, his uncle, at the wheel, set out for the
Bloomberry-owned Solaire Resort and Casino. There, at the lobby entrance,
the pair dragged out the luggage and placed it onto a casino trolley. The
courier wheeled the money across the lobby, past rows of digital slot
machines and a section of tables for Sabong, a card game based on
Philippine-style cock fighting. He took an elevator at the far end of the
lobby to the second floor V.I.P. room, where, he testified, Kim Wong, Salud
Bautista and one of Wong’s associates were waiting.

The Bautistas claimed in Senate testimony that this delivery was the first of
many that his firm would make: It delivered $30 million in cash to Wong’s
associate and wired $29 million to the Solaire Casino and another $21
million to Wong’s company, Eastern Hawaii. (Through their lawyers, Wong
and the Bautistas declined to comment; they have maintained their
innocence.) In his Senate testimony, Wong claimed that he received only
$13.5 million and that the Bautistas pocketed the rest. Two of Wong’s
fellow gambling promoters, Gao Shuhua and Ding Zhize, also received
large amounts of cash.

In the V.I.P. room at Solaire, a plush lounge with butterscotch carpets,

brass chandeliers and about a dozen round baccarat tables, junket players
crowded around in a haze of cigarette smoke, drinking Chinese tea and
fruit juice while placing their bets. The minimum bet at the table was
10,000 Philippine pesos, or roughly $200 in U.S. cash, and millions of
pesos could move into the house or into the player’s pockets in a single
evening. At the end of each night, during a spree that seems to have lasted a
week or more, the gamblers turned their chips back into untraceable cash.
Their names remained unregistered, their winnings unreported: It was,
Philippine officials say, the ultimate money-laundering operation. “All we
know is that the cash was delivered to certain gamblers at the casinos,”
Osmeña says, “and then, after that, the gamblers weren’t here anymore,
and the money was gone.”

WHO HAD THE expertise and the audacity to carry out such a heist? Weeks
after the crime, Bangladesh Bank hired FireEye, the U.S. cybersecurity
https://www.nytimes.com/interactive/2018/05/03/magazine/money-issue-bangladesh-billion-dollar-bank-heist.html 9/14
11/27/2020 The Billion-Dollar Bank Job - The New York Times

Tfirm,
h e Mto
o ninvestigate.
e y I s s u e FireEye signed a nondisclosure agreement with the
bank and has declined to discuss specifics, but some of the bank’s findings
have leaked out, and other cybersecurity firms have drawn their own
conclusions from publicly available evidence.

The analysts compared some of the tools used with those employed in two
other notorious cyberattacks: the November 2014 hack of Sony Pictures,
when a group calling itself the Guardians of Peace released embarrassing
emails and salaries and wiped out many of Sony’s servers; and “Dark
Seoul,” a March 2013 hack that disabled internet servers at three South
Korean banks and froze computers at two South Korean broadcasters. (The
base code, Nish says, was also the same one used in the WannaCry
ransomware attack in May 2017, in which hackers paralyzed more than
200,000 computers around the world and demanded Bitcoin payments to
unfreeze them.) All these operations, the experts concluded, bore the
markings of what the security firms called the Lazarus Group — a shadowy
organization that U.S. intelligence experts say is most likely affiliated with
North Korea. Harsh economic sanctions have left the dictatorship
struggling with nationwide food shortages and inching ever closer to a
nuclear confrontation. At an Aspen Institute panel last March, the National
Security Agency deputy director Richard Ledgett mentioned the findings of
the cybersecurity firms and said that they could indicate a new level of
North Korean criminality. “If that linkage is true, that means a nation-state
is robbing banks,” he said. “That’s a big deal; it’s different.”

The New York Times has reported that North Korea is believed to maintain
a network of about 1,700 computer hackers around the world, aided by
5,000 trainers, supervisors and other support staff. Many operations are
aimed at harvesting intelligence from South Korea; others, as in the case of
Sony, are intended to avenge slights, or others to reap financial gain. North
Korean hackers have become especially adept at targeting the weak links in
the financial system: banks in developing nations, especially those in
Southeast Asia. “They are easy prey,” says Vitaly Kamluk of Kaspersky Lab,
which found Korean-language coding embedded in some Lazarus Group
malware and claims it definitively linked the Lazarus Group to North
Korea, through an I.P. address that the group briefly used during a wave of

https://www.nytimes.com/interactive/2018/05/03/magazine/money-issue-bangladesh-billion-dollar-bank-heist.html 10/14
11/27/2020 The Billion-Dollar Bank Job - The New York Times

Tattacks
h e M o nine yEurope
I s s u e and Central America in 2017. “These central banks often
cannot afford good security, good software, or hire a proper specialist to
configure their network,” Kamluk says. “They are low-hanging fruit.”

Although gambling is strictly prohibited inside the country, North Korean

leadership has a well-documented interest in the casino industry. The
country has been suspected of running online casinos and, according to
news reports, has been seeking $20 million from foreign investors to
launch a luxury liner and casino that would cruise to Vladivostok and ports
in Southeast Asia.

Since the heist, Philippine authorities have managed to recover about one-
fifth of the missing money for Bangladesh Bank. Wong turned over $15
million, and the Bautistas, suspected by the Senate of walking away with
$17 million but still denying wrongdoing, offered to pay $200,000, but the
Bangladeshis rejected the money. The rest is probably gone for good. Gone,
too, are the shadowy casino-junket operators from mainland China, Ding
and Gao, who in February apparently boarded charter flights from Manila
to Macau. A former Portuguese colony, Macau has long been an important
financial conduit between North Korea and the outside world.

Bangladesh Bank is still trying to recoup as much as it can. In February, its

deputy governor announced that the bank was filing a lawsuit against
R.C.B.C., charging that its employees had doubts about the Swift payment
instructions but executed the orders anyway. R.C.B.C., which has been
fined a record $1 billion pesos by the Philippine central bank over the
incident, threatened a countersuit against Bangladesh Bank for
defamation. One bank that did authorize the payments, Wells Fargo, just
reached an out-of-court settlement with Ecuador’s Banco del Austro, which
had filed a lawsuit seeking to hold the bank responsible for approving the
transfer of $12 million from its account in a 2015 cyberheist. The
undisclosed settlement could give a boost to Bangladesh Bank’s attempts to
recover its losses.

In the United States, thanks to Representative Maloney’s prodding, the Fed

has instituted a 24/7 hotline to deal with such emergencies. And in the

https://www.nytimes.com/interactive/2018/05/03/magazine/money-issue-bangladesh-billion-dollar-bank-heist.html 11/14
11/27/2020 The Billion-Dollar Bank Job - The New York Times

TPhilippines,
h e M o n e y Ithe
s s uSenate
e hearings about the crime prompted Congress to
impose the first set of transparency rules on the casinos, requiring that
every bet over five million pesos, or $100,000, be reported to the Anti-
Money Laundering Council. But there was no indication, Osmeña told me,
“that anything had changed.” Indeed, Gabriel Lingan, the head of
marketing and business development at the Cagayan Economic Zone
Authority, which oversees the Eastern Hawaii Casino and Resort in Santa
Ana, said that nearly a year after the law was passed, the exact policies
regarding when and how casinos will file reports were still being
negotiated. “We are still working on the details,” he said.

Of the many people believed to be involved in the Bangladesh Bank heist,

only one faces charges: Maia Santos-Deguito, who was indicted on multiple
counts of money laundering and faces a possible 14-year prison term. Kim
Wong, the Bautistas and others suspected of helping Santos-Deguito have
all walked away. “Santos-Deguito was guilty, and PhilRem was guilty, and
to a certain extent Kim Wong was guilty,” Osmeña said one day at his home
as servants prepared lunch in his palm-filled garden. “The Department of
Justice is very crooked, very crooked, and you would do us a favor if you
would point that out,” he went on. “It’s a joke, I’m frustrated by it all, but
what can I do?”

Officials assume that once the junketeers stepped off the plane in Macau, it
would have been easy for them to send the money, via wire or courier, to
Pyongyang. But the junket operators’ precise ties to North Korea — or the
exact route taken by the cash from Macau — remain a mystery. “We never
got to find out who was really behind it,” Osmeña told me, shaking his head
in frustration. “And what the ultimate destination is, we don’t know.”

Correction May 10, 2018

An earlier version of this article misstated an area that was affected by cyberattacks in
2017 that Kaspersky Lab claims were linked to North Korea. In addition to Europe, the
attacks occurred in Central America, not the United States.

Julfikar Ali Manik contributed reporting from Dhaka, Bangladesh.

https://www.nytimes.com/interactive/2018/05/03/magazine/money-issue-bangladesh-billion-dollar-bank-heist.html 12/14
11/27/2020 The Billion-Dollar Bank Job - The New York Times

TSign
he M upofor
n eour
y I snewsletter
sue to get the best of The New York Times Magazine delivered to
your inbox every week.
Joshua Hammer is the author of “The Bad-Ass Librarians of Timbuktu.” He last wrote for
the magazine about Egyptian activists six years after the Arab Spring.

MORE CRIME STORIES

THE BABY-FORMULA CRIME RING

It’s pricey, it’s portable, its users need it constantly, and retailers love to buy it at a discount. All of which
makes it a perfect product to steal.

THE PAIN HUSTLERS

Insys Therapeutics paid millions of dollars to doctors. The company called it a “speaker program,” but
prosecutors now call it something else: a kickback scheme.

THE BILLION-DOLLAR BANK JOB

In 2016, a mysterious syndicate tried to steal $951 million from Bangladesh’s central bank - and laid bare a
profound weakness in the system by which money moves around the world.

THE MAN WHO CRACKED THE LOTTERY

When the Iowa attorney general’s office began investigating an unclaimed lottery ticket worth millions, an
incredible string of unlikely winners came to light - and a trail that pointed to an inside job.

THE WHITE-COLLAR-CRIME CHEAT SHEET

How the biggest scammers get away with it
https://www.nytimes.com/interactive/2018/05/03/magazine/money-issue-bangladesh-billion-dollar-bank-heist.html 13/14
11/27/2020 The Billion-Dollar Bank Job - The New York Times
How the biggest scammers get away with it.
The Money Issue

Correction: May 9, 2018

© 2020 The New York Times Company

https://www.nytimes.com/interactive/2018/05/03/magazine/money-issue-bangladesh-billion-dollar-bank-heist.html 14/14