Baccarat binge helped launder millions in stolen funds

PARIS: For someone supposed to be laundering millions of dollars in stolen funds, with investigators from three countries scrambling to track the money, Ding Zhize was a surprisingly unhurried man. He’d brought a dozen or so high rollers from China to play in the glitzy VIP room in MetroManila’s Solaire casino.

The game was baccarat. It was late February 2016 – still high season for Asian casinos, thanks to the Lunar New Year holiday and Ding had been here for days. As red-shirted dealers laid down hand after hand, gamblers smoked Double Happiness cigarettes and helped themselves to an endless supply of mineral water, lemon tea, and Hennessy XO cognac.

The chips they played in a steady stream were valid only in that room. The most valuable ones were rectangular plaques worth US$20,000.

Ding, his partner, Gao Shuhua, and the gamblers in tow were probably betting on both the house’s hand and the players’ hands, trying to strike a balance between gains and losses.

After all, the important thing for anyone looking to launder money through a casino isn’t to win.

It’s to exchange millions of dollars for chips you can swap for cool, untraceable cash at the end of the night.

It wasn’t the first time the Chinese duo of Ding and Gao had managed a transaction like this. Running illegal gambling operations, including recruiting people for foreign gaming junkets, was their main business, according to previously unreported court documents in China obtained by Bloomberg Markets as well as interviews with family members and former business partners. By the time Ding, Gao, and their players had their casino accounts frozen in March 2016, they’d managed to make tens of millions of dollars disappear, according to a Philippine Senate committee that investigated the theft.

The money was part of the largest cyberheist in history. In early February, US$81 million had been stolen from Bangladesh’s central bank by hackers who issued bogus instructions via Swift, the global interbank payment system, according to reports by the Philippine Senate committee, the Federal Reserve Bank of New York, and the Bangladesh Ministry of Finance.

The cyber thieves messaged the New York Fed, where Bangladesh Bank had funds on deposit, directing it to send funds to a handful of bank accounts mostly in the Philippines set up using fake names.

Just a few days after the theft, Bangladesh Bank officials asked their Philippine counterparts for help. Yet the gamblers were allowed to play on for weeks, according to reports by the casino’s parent company, Bloomberry Resorts Corp, and the Philippine Senate Committee on Accountability of Public Officers and Investigations. Even after the remaining funds were frozen, no charges were filed against Ding, Gao, or the players with them, so Philippine police didn’t make any arrests, says Sergio Osmena III, a former senator who last year was a member of the inquiry panel. “They waited until it was too late,” he says.

What Ding and Gao did with the loot remains unknown. That’s the point, of course: You want to conceal the money’s criminal origins and then stir it into the rivers of legitimate cash that course around the world every day: US$60-odd million here, a few million there. It adds up. PricewaterhouseCoopers LLP says money laundering may total US$2 trillion a year worldwide, an amount roughly equivalent to the market for online shopping.

Like the money, Ding and Gao left the Philippines without a trace. (Osmena says customs authorities have no record of the duo’s departure.) Gone too, it seemed, was any chance that Bangladesh, the Philippines, or the United States would find the funds.

But if Ding and Gao thought they’d gotten away scot-free, they were mistaken. The story didn’t end in the floral-scented VIP room of the Solaire. It just moved on to China and then maybe even North Korea, home to Lazarus, one of the world’s most active state-sponsored hacking collectives.

As big as it was, the heist could have been a lot bigger. The hackers originally intended to funnel US$951mil of Bangladesh Bank’s money into phony accounts, according to various investigations. Via Swift, they fired off a series of messages to the New York Fed to do just that.

The theft of the full amount was only averted because, after the initial payments had been made, several transactions were flagged “for sanction compliance review,” according to an April 14, 2016, letter from the Fed to US Representative Carolyn Maloney, a New York Democrat. (In the wake of the Bangladesh theft, Swift took measures to prevent such intrusions.

“We are fully committed to helping customers in the fight against cyber-attacks,” Patrick Kerkels, the Swift general counsel, said in an emailed response to questions. Swift’s security programme, he said, “has demonstrably helped to detect and even prevent successful frauds.”)

Since then, Philippine authorities have recovered almost a fifth of the stolen money and returned it to Bangladesh, but most of the rest, after flowing through a series of accounts, a money-transfer company, and into local casinos, disappeared into the muggy Manila air.

Some or all of it may have found its way to North Korea. The FBI is examining the totalitarian state’s link to the hack, according to two officials with direct knowledge of the investigation.

What’s required in the case of a theft like the one from Bangladesh Bank is a mix of hacking wizardry to divert the money and some old-school laundering to clean it and cover the trail

In addition, security companies, including Symantec Corp and BAE Systems Plc, say Lazarus hackers working for the rogue state were probably behind the attack. They cite similarities between the methods used in the Bangladesh attack and those in other cases, such as the hack of Sony Pictures Entertainment Inc in 2014, which US officials attributed to North Korea.

Cyber-security experts say Lazarus was also behind the WannaCry ransom-ware attack in May that infected hundreds of thousands of computers around the world.

All but cut off from the world and hamstrung by sanctions imposed by the United Nations, the United States, South Korea, and Japan, North Korea needs convertible currencies to finance imports, among other things. It uses a shifting array of agents, shipping companies, and brokers to bring in illicit cash, says Juan Zarate, a former deputy US national security adviser and author of Treasury’s War: The Unleashing of a New Era of Financial Warfare. — Bloomberg