The Lazarus heist: How North Korea almost pulled off a billion-dollar hack
In 2016 North Korean hackers planned a $1bn raid on Bangladesh’s national bank and came within an inch of success – it was only by a fluke that all but $81m of the transfers were halted, report Geoff White and Jean H Lee. But how did one of the world’s poorest and most isolated countries train a team of elite cyber-criminals?
It all started with a malfunctioning printer. It’s just part of modern life, and so when it happened to staff at Bangladesh Bank they thought the same thing most of us do: another day, another tech headache. It didn’t seem like a big deal.
But this wasn’t just any printer, and it wasn’t just any bank.
Bangladesh Bank is the country’s central bank, responsible for overseeing the precious currency reserves of a country where millions live in poverty.
And the printer played a pivotal role. It was located inside a highly secure room on the 10th floor of the bank’s main office in Dhaka, the capital. Its job was to print out records of the multi-million-dollar transfers flowing in and out of the bank.
When staff found it wasn’t working, at 08:45 on Friday 5 February 2016, “we assumed it was a common problem just like any other day,” duty manager Zubair Bin Huda later told police. “Such glitches had happened before.”
In fact, this was the first indication that Bangladesh Bank was in a lot of trouble. Hackers had broken into its computer networks, and at that very moment were carrying out the most audacious cyber-attack ever attempted. Their goal: to steal a billion dollars.
To spirit the money away, the gang behind the heist would use fake bank accounts, charities, casinos and a wide network of accomplices.
But who were these hackers and where were they from?
According to investigators the digital fingerprints point in just one direction: to the government of North Korea.
SPOILER ALERT: This is the story told in the 10-episode BBC World Service podcast, The Lazarus Heist.
That North Korea would be the prime suspect in a case of cyber-crime might to some be a surprise. It’s one of the world’s poorest countries, and largely disconnected from the global community – technologically, economically, and in almost every other way.
And yet, according to the FBI, the audacious Bangladesh Bank hack was the culmination of years of methodical preparation by a shadowy team of hackers and middlemen across Asia, operating with the support of the North Korean regime.
In the cyber-security industry the North Korean hackers are known as the Lazarus Group, a reference to a biblical figure who came back from the dead; experts who tackled the group’s computer viruses found they were equally resilient.
Little is known about the group, though the FBI has painted a detailed portrait of one suspect: Park Jin-hyok, who also has gone by the names Pak Jin-hek and Park Kwang-jin.
It describes him as a computer programmer who graduated from one of the country’s top universities and went to work for a North Korean company, Chosun Expo, in the Chinese port city of Dalian, creating online gaming and gambling programs for clients around the world.
While in Dalian, he set up an email address, created a CV, and used social media to build a network of contacts. Cyber-footprints put him in Dalian as early as 2002 and off and on until 2
013 or 2014, when his internet activity appears to come from the North Korean capital, Pyongyang, according to an FBI investigator’s affidavit.
The agency has released a photo plucked from a 2011 email sent by a Chosun Expo manager introducing Park to an outside client. It shows a clean-cut Korean man in his late 20s or early 30s, dressed in a pin-striped black shirt and chocolate-brown suit. Nothing out of the ordinary, at first glance, apart from a drained look on his face.
But the FBI says that while he worked as a programmer by day, he was a hacker by night.
In June 2018, US authorities charged Park with one count of conspiracy to commit computer fraud and abuse, and one count of conspiracy to commit wire fraud (fraud involving mail, or electronic communication) between September 2014 and August 2017. He faces up to 20 years in prison if he is ever tracked down. (He returned from China to North Korea four years before the charges were filed.)
But Park, if that is his real name, didn’t become a hacker for the state overnight. He is one of thousands of young North Koreans who have been cultivated from childhood to become cyber-warriors – talented mathematicians as young as 12 taken from their schools and sent to the capital, where they are given intensive tuition from morning till night.
When the bank’s staff rebooted the printer, they got some very worrying news. Spilling out of it were urgent messages from the Federal Reserve Bank in New York – the “Fed” – where Bangladesh keeps a US-dollar account. The Fed had received instructions, apparently from Bangladesh Bank, to drain the entire account – close to a billion dollars.
The Bangladeshis tried to contact the Fed for clarification, but thanks to the hackers’ very careful timing, they couldn’t get through.
The hack started at around 20:00 Bangladesh time on Thursday 4 February. But in New York it was Thursday morning, giving the Fed plenty of time to (unwittingly) carry out the hackers’ wishes while Bangladesh was asleep.
The next day, Friday, was the start of the Bangladeshi weekend, which runs from Friday to Saturday. So the bank’s HQ in Dhaka was beginning two days off. And when the Bangladeshis began to uncover the theft on Saturday, it was already the weekend in New York.
“So you see the elegance of the attack,” says US-based cyber-security expert Rakesh Asthana. “The date of Thursday night has a very defined purpose. On Friday New York is working, and Bangladesh Bank is off. By the time Bangladesh Bank comes back on line, the Federal Reserve Bank is off. So it delayed the whole discovery by almost three days.”
And the hackers had another trick up their sleeve to buy even more time. Once they had transferred the money out of the Fed, they needed to send it somewhere. So they wired it to accounts they’d set up in Manila, the capital of the Philippines. And in 2016, Monday 8 February was the first day of the Lunar New Year, a national holiday across Asia.
By exploiting time differences between Bangladesh, New York and the Philippines, the hackers had engineered a clear five-day run to get the money away.
They had had plenty of time to plan all of this, because it turns out the Lazarus Group had been lurking inside Bangladesh Bank’s computer systems for a year.
In January 2015, an innocuous-looking email had been sent to several Bangladesh Bank employees. It came from a job seeker calling himself Rasel Ahlam. His polite enquiry included an invitation to download his CV and cover letter from a website. In reality, Rasel did not exist – he was simply a cover name being used by the Lazarus Group, according to FBI investigators. At least one person inside the bank fell for the trick, downloaded the documents, and got infected with the viruses hidden inside.
Once inside the bank’s systems, Lazarus Group began stealthily hopping from computer to computer, working their way towards the digital vaults and the billions of dollars they contained.
And then they stopped.
Why did the hackers only steal the money a whole year after the initial phishing email arrived at the bank? Why risk being discovered while hiding inside the bank’s systems all that time? Because, it seems, they needed the time to line up their escape routes for the money.
Jupiter Street is a busy thoroughfare in Manila. Next to an eco-hotel and a dental surgery is a branch of RCBC, one of the country’s largest banks. In May 2015, a few months after the hackers accessed Bangladesh Bank’s systems, four accounts were set up here by the hackers’ accomplices. In hindsight, there were some suspicious signs: the driver’s licences used to set up the accounts were fakes, and the applicants all claimed to have exactly the same job title and salary, despite working at different companies. But no-one seemed to notice. For months the accounts sat dormant with their initial $500 deposit untouched while the hackers worked on other aspects of the plan.
By February 2016, having successfully hacked into Bangladesh Bank and created conduits for the money, the Lazarus Group was ready.
But they still had one final hurdle to clear – the printer on the 10th floor. Bangladesh Bank had created a paper back-up system to record all transfers made from its accounts. This record of transactions risked exposing the hackers’ work instantly. And so they hacked into the software controlling it and took it out of action.
With their tracks covered, at 20:36 on Thursday 4 February 2016, the hackers began making their transfers – 35 in all, totalling $951m, almost the entire contents of Bangladesh Bank’s New York Fed account. The thieves were on their way to a massive payday – but just as in a Hollywood heist movie, a single, tiny detail would catch them out.
As Bangladesh Bank discovered the missing money over the course of that weekend, they struggled to work out what had happened. The bank’s governor knew Rakesh Asthana and his company, World Informatix, and called him in for help. At this point, Asthana says, the governor still thought he could claw back the stolen money. As a result, he kept the hack secret – not just from the public, but even from his own government.
Meanwhile, Asthana was discovering just how deep the hack went. He found out the thieves had gained access to a key part of Bangladesh Bank’s systems, called Swift. It’s the system used by thousands of banks around the world to co-ordinate transfers of large sums between themselves. The hackers didn’t exploit a vulnerability in Swift – they didn’t need to – so as far as Swift’s software was concerned the hackers looked like genuine bank employees.
It soon became clear to Bangladesh Bank’s officials that the transactions couldn’t just be reversed. Some money had already arrived in the Philippines, where the authorities told them they would need a court order to start the process to reclaim it. Court orders are public documents, and so when Bangladesh Bank finally filed its case in late February, the story went public and exploded worldwide.
The consequences for the bank’s governor were almost instant. “He was asked to resign,” says Asthana. “I never saw him again.”
US Congresswoman Carolyn Maloney remembers clearly where she was when she first heard about the raid on Bangladesh Bank. “I was leaving Congress and going to the airport and reading about the heist, and it was fascinating, shocking – a terrifying incident, probably one of the most terrifying that I’ve ever seen for financial markets.”
As a member of the congressional Committee on Financial Services, Maloney saw the bigger picture: with Swift underpinning so many billions of dollars of global trade, a hack like this could fatally undermine confidence in the system.
She was particularly concerned by the involvement of the Federal Reserve Bank. “They were the New York Fed, which usually is so careful. How in the world did these transfers happen?”
Maloney contacted the Fed, and staff explained to her that most of the transfers had in fact been prevented – thanks to a tiny, coincidental detail.
The RCBC bank branch in Manila to which the hackers tried to transfer $951m was in Jupiter Street. There are hundreds of banks in Manila that the hackers could have used, but they chose this one – and the decision cost them hundreds of millions of dollars.
“The transactions… were held up at the Fed because the address used in one of the orders included the word ‘Jupiter’, which is also the name of a sanctioned Iranian shipping vessel,” says Carolyn Maloney.
Just the mention of the word “Jupiter” was enough to set alarm bells ringing in the Fed’s automated computer systems. The payments were reviewed, and most were stopped. But not all. Five transactions, worth $101m, crossed this hurdle.
Of that, $20m was transferred to a Sri Lankan charity called the Shalika Foundation, which had been lined up by the hackers’ accomplices as one conduit for the stolen money. (Its founder, Shalika Perera, says she believed the money was a legitimate donation.) But here again, a tiny detail derailed the hackers’ plans. The transfer was made to the “Shalika Fundation”. An eagle-eyed bank employee spotted the spelling mistake and the transaction was reversed.
And so $81m got through. Not what the hackers were aiming for, but the lost money was still a huge blow for Bangladesh, a country where one in five people lives below the poverty line.
By the time Bangladesh Bank began its efforts to claw the money back, the hackers had already taken steps to make sure it stayed beyond reach.
On Friday 5 February, the four accounts set up the previous year at the RCBC branch in Jupiter Street suddenly sprang to life.
The money was transferred between accounts, sent to a currency exchange firm, swapped into local currency and re-deposited at the bank. Some of it was withdrawn in cash. For experts in money laundering, this behaviour makes perfect sense.
“You have to make all of that criminally derived money look clean and look like it has been derived from legitimate sources in order to protect whatever you do with the money afterwards,” says Moyara Ruehsen, director of the Financial Crime Management Programme at the Middlebury Institute of International Studies in Monterey, California. “You want to make the money trail as muddy and obscure as possible.”
Even so, it was still possible for investigators to trace the path of the money. To make it completely untrackable it had to leave the banking system.
The Solaire sits on the waterfront in Manila, a gleaming white palace of hedonism, home to a hotel, a huge theatre, high-end shops and – its most famous attraction – a sprawling casino floor. Manila has become a big draw for gamblers from mainland China, where the pastime is illegal, and the Solaire is “one of the most elegant casino floors in Asia”, according to Mohammed Cohen, editor-at-large of Inside Asian Gaming Magazine. “It’s really beautifully designed, comparable to anything in south-east Asia. It has roughly 400 gaming tables and about 2,000 slot machines.”
It was here in Manila’s glitzy casino scene that the Bangladesh Bank thieves mounted the next stage of their money laundering operation. Of the $81m that washed through the RCBC bank, $50m was deposited in accounts at the Solaire and another casino, the Midas. (What happened to the other $31m? According to a Philippines Senate Committee set up to investigate, it was paid to a Chinese man called Xu Weikang, who’s believed to have left town on a private jet and never been heard of since.)
The idea of using casinos was to break the chain of traceability. Once the stolen money had been converted into casino chips, gambled over the tables, and changed back into cash, it would be almost impossible for investigators to trace it.
But what about the risks? Aren’t the thieves in danger of losing the loot across the casino tables? Not at all.
Firstly, instead of playing in the public parts of the casino, the thieves booked private rooms and filled them with accomplices who would play at the tables; this gave them control over how the money was gambled. Secondly, they used the stolen money to play Baccarat – a wildly popular game in Asia, but also a very simple one. There are only three outcomes on which to bet, and a relatively experienced player can recoup 90% or more of their stake (an excellent outcome for money launderers, who often get a far smaller return). The criminals could now launder the stolen funds and look forward to a healthy return – but to do so would take careful management of the players and their bets, and that took time. For weeks, the gamblers sat inside Manila’s casinos, washing the money.
Bangladesh Bank, meanwhile, was catching up. Its officials had visited Manila and identified the money trail. But when it came to the casinos, they hit a brick wall. At that time, the Philippines gambling houses were not covered by money laundering regulations. So far as the casinos were concerned, the cash had been deposited by legitimate gamblers, who had every right to fritter it away over the tables. (The Solaire casino says it had no idea it was dealing with stolen funds, and is co-operating with the authorities. The Midas did not respond to requests for comment.)
The bank’s officials managed to recover $16m of the stolen money from one of the men who organised the gambling jaunts at the Midas casino, called Kim Wong. He was charged, but the charges were later dropped. The rest of the money, however – $34m – was leaching away. Its next stop, according to investigators, would take it one step closer to North Korea.
Macau is an enclave of China, similar in constitution to Hong Kong. Like the Philippines, it’s a hotspot for gambling and home to some of the world’s most prestigious casinos. The country also has long-established links to North Korea. It was here that North Korean officials were in the early 2000s caught laundering counterfeit $100 notes of extremely high quality – so-called “Superdollars” – which US authorities claim were printed in North Korea. The local bank they laundered them through was eventually placed on a US sanctions list thanks to its connections with the Pyongyang regime.
It was also in Macau that a North Korean spy was trained before she bombed a Korean Air flight in 1987, killing 115 people. And it was in Macau that Kim Jong-un’s half brother, Kim Jong-nam, lived in exile before being fatally poisoned in Malaysia in an assassination many believe was authorised personally by the North Korean leader.
As the money stolen from Bangladesh Bank was laundered through the Philippines, numerous links to Macau started to emerge. Several of the men who organised the gambling jaunts in the Solaire were traced back to Macau. Two of the companies that had booked the private gambling rooms were also based in Macau. Investigators believe most of the stolen money ended up in this tiny Chinese territory, before being sent back to North Korea.
At night, North Korea famously appears to be a black hole in photos taken from outer space by Nasa, due to the lack of electricity in most parts of the country – in stark contrast to South Korea, which explodes with light at all hours of the day and night. North Korea ranks among the 12 poorest nations in the world, with an estimated GDP of just $1,700 per person – less than Sierra Leone and Afghanistan, according to the CIA.
And yet North Korea has produced some of the world’s most brazen and sophisticated hackers, it appears.
Understanding how, and why, North Korea has managed to cultivate elite cyber-warfare units requires looking at the family that has ruled North Korea since its inception as a modern nation in 1948: the Kims.
Founder Kim Il-sung built the nation officially known as the Democratic People’s Republic of Korea on a political system that is socialist but operates more like a monarchy.
His son, Kim Jong-il, relied on the military as his power base, provoking the US with tests of ballistic missile and nuclear devices. In order to fund the programme, the regime turned to illicit methods, according to US authorities – including the highly sophisticated counterfeit Superdollars.
Kim Jong-il also decided early on to incorporate cyber into the country’s strategy, establishing the Korea Computer Centre in 1990. It remains the heart of the country’s IT operations.
When, in 2010, Kim Jong-un – Kim Jong-il’s third son – was revealed as his heir apparent, the regime unfurled a campaign to portray the future leader, only in his mid-20s and unknown to his people, as a champion of science and technology. It was a campaign designed to secure his generation’s loyalty and to inspire them to become his warriors, using these new tools.
The young Kim, who took power in late 2011 upon his father’s death, called nuclear weapons a “treasured sword”, but he too needed a way to fund them – a task complicated by the ever tighter sanctions imposed by the UN Security Council after the country’s first tests of a nuclear device and a long-range ballistic missile in 2006. Hacking was one solution, US authorities say.
The embrace of science and technology did not extend to allowing North Koreans to freely connect to the global internet, though – that would enable too many to see what the world looks like outside their borders, and to read accounts that contradict the official mythology.
So in order to train its cyber-warriors, the regime sends the most talented computer programmers abroad, mostly to China.
There they learn how the rest of the world uses computers and the internet: to shop, to gamble, to network and to be entertained. It’s there, experts say, that they are transformed from mathematical geniuses into hackers.
Scores of these young men are believed to live and work in North Korean-run outposts in China.
“They are very good at masking their tracks but sometimes, just like any other criminal, they leave crumbs, evidence behind,” says Kyung-jin Kim, a former FBI Korea chief who now works as a private sector investigator in Seoul. “And we’re able to identify their IP addresses back to their location.”
Those crumbs led investigators to an unassuming hotel in Shenyang, in China’s north-east, guarded by a pair of stone tigers, a traditional Korean motif. The hotel was called the Chilbosan, after a famous mountain range in North Korea.
Photos posted to hotel review sites such as Agoda reveal charming Korean touches: colourful bedspreads, North Korean cuisine and waitresses who sing and dance for their customers.
It was “well-known in the intel community”, says Kyung-jin Kim, that suspected North Korean hackers were operating from the Chilbosan when they first broke on to the world stage in 2014.
Meanwhile, in the Chinese city of Dalian, where Park Jin-hyok is believed to have lived for a decade, a community of computer programmers was living and working in a similar North-Korea-run operation, says defector Hyun-seung Lee.
Lee was born and raised in Pyongyang but lived for years in Dalian, where his father was a well-connected businessman working for the North Korean government – until the family defected in 2014. The bustling port city across the Yellow Sea from North Korea was home to about 500 North Koreans when he was living there, Lee says.
Among them, more than 60 were programmers – young men he got to know, he says, when North Koreans gathered for national holidays, such as Kim Il-sung’s birthday.
One of them invited him over to their living quarters. There, Lee saw “about 20 people living together and in one space. So, four-to-six people living in one room, and then the living room they made it like an office – all the computers, all in the living room.”
They showed him what they were producing: mobile phone games that they were selling to South Korea and Japan through brokers, making $1m per year.
Although North Korean security officials kept a close eye on them, life for these young men was still relatively free.
“It’s still restricted, but compared to North Korea, they have much freedom so that they can access the internet and then they can watch some movies,” Lee says.
After about eight years in Dalian, Park Jin-hyok appears to have been anxious to return to Pyongyang. In a 2011 email intercepted by the FBI, he mentions wanting to marry his fiancee. But it would be a few more years before he was allowed to do this.
The FBI says his superiors had another mission for him: a cyber-attack on one of the world’s largest entertainment companies – Sony Pictures Entertainment in Los Angeles, California. Hollywood.
In 2013, Sony Pictures announced the making of a new movie starring Seth Rogen and James Franco that would be set in North Korea.
It’s about a talk show host, played by Franco, and his producer, played by Rogen. They go to North Korea to interview Kim Jong-un, and are persuaded by the CIA to assassinate him.
North Korea threatened retaliatory action against the US if Sony Pictures Entertainment released the film, and in November 2014 an email was sent to company bosses from hackers calling themselves the Guardians of Peace, threatening to do “great damage”.
Three days later a horror-film image of a blood-red skeleton with fangs and glaring eyes appeared on employees’ computer screens. The hackers had made good on their threats. Executives’ salaries, confidential internal emails, and details of as-yet unreleased films were leaked online – and the company’s activities ground to a halt as its computers were disabled by the hackers’ viruses. Staff couldn’t swipe passes to enter their offices or use printers. For a full six weeks a coffee shop on the MGM lot, the HQ of Sony Pictures Entertainment, was unable to take credit cards.
Sony had initially pressed ahead with plans to release The Interview in the usual way, but these were hastily cancelled when the hackers threatened physical violence. Mainstream cinema chains said they wouldn’t show the film, so it was released only digitally and in some independent cinemas.
But the Sony attack, it turns out, may have been a dry run for an even more ambitious hack – the 2016 bank heist in Bangladesh.
Bangladesh is still trying to recover the rest of its stolen money – around $65m. Its national bank is taking legal action against dozens of people and institutions, including RCBC bank, which denies breaching any rules.
As skilful as the hacking of Bangladesh Bank was, just how pleased would the Pyongyang regime have been with the end result? After all, the plot started out as a billion-dollar heist, and the eventual haul would have been only in the tens of millions. Hundreds of millions of dollars had been lost as the thieves had navigated the global banking system, and tens of millions more as they paid off middlemen. In future, according to US authorities, North Korea would find a way to avoid this attrition.
In May 2017, the WannaCry ransomware outbreak spread like wildfire, scrambling victims’ files and charging them a ransom of several hundred dollars to retrieve their data, paid using the virtual currency Bitcoin. In the UK, the National Health Service was particularly badly hit; accident and emergency departments were affected, and urgent cancer appointments had to be rescheduled.
As investigators from the UK’s National Crime Agency delved into the code, working with the FBI, they found striking similarities with the viruses used to hack into Bangladesh Bank and Sony Pictures Entertainment, and the FBI eventually added this attack to the charges against Park Jin-hyok. If the FBI’s allegations are correct, it shows North Korea’s cyber army had now embraced cryptocurrency – a vital leap forward because this high-tech new form of money largely bypasses the traditional banking system – and could therefore avoid costly overheads, such as pay-offs to middlemen.
WannaCry was just the start. In the ensuing years, tech security firms have attributed many more cryptocurrency attacks to North Korea. They claim the country’s hackers have targeted exchanges where cryptocurrencies like Bitcoin are swapped for traditional currencies. Added together, some estimates put the thefts from these exchanges at more than $2bn.
And the allegations keep coming. In February the US Department of Justice charged two other North Koreans, whom they claim are also members of the Lazarus Group and are linked to a money-laundering network stretching from Canada to Nigeria.
Computer hacking, global money laundering, cutting edge cryptocurrency thefts… If the allegations against North Korea are true, then it appears many people have underestimated the country’s technical skill and the danger it presents.
But this also paints a disturbing picture of the dynamics of power in our increasingly connected world, and our vulnerability to what security experts call “asymmetric threat” – the ability of a smaller adversary to exercise power in novel ways that make it a far bigger threat than its size would indicate.
Investigators have uncovered how a tiny, desperately poor nation can silently reach into the email inboxes and bank accounts of the rich and powerful thousands of miles away. They can exploit that access to wreak havoc on their victims’ economic and professional lives, and drag their reputations through the mud. This is the new front line in a global battleground: a murky nexus of crime, espionage and nation-state power-mongering. And it’s growing fast.
Geoff White is the author of Crime Dot Com: From Viruses to Vote Rigging, How Hacking Went Global. Jean H Lee opened Associated Press’s Pyongyang bureau in 2012; she is now a senior fellow at the Wilson Center in Washington DC.
– BBC News
President’s efforts require parliamentary support
By Jehan Perera
With less than a year and half to the presidential elections, President Ranil Wickremesinghe has a tight deadline to meet if he is to attain his aspirations for the country. His visit last week to Japan where he sought to renew ties which had made it Sri Lanka’s largest aid donor for decades, was reported to be highly successful. During his visit, the President had apologized to the Japanese government leaders regarding the cancellation of the Light Rail Transit project which was subsequently delivered by Japan to Bangladesh. The completion of the elevated railroad would have significantly reduced Colombo’s traffic jams. The disastrous mistake the previous government made in crudely cancelling the project unilaterally and without rational reason lost Sri Lanka the goodwill of Japan which will not be easy to get back. Getting Japan back as a donor partner would be a great boon. Overcoming the serious economic crisis that besets the country and its people would require a massive infusion of foreign assistance if the period of recovery is to be kept short and not prolonged indefinitely.
President Wickremesinghe’s leadership is also being credited with the structural economic reforms that the country is undertaking with regard to revenue generation and cost cutting. Undertaking economic reforms that would streamline the economy has been a long term desire on the part of the President and seen during his past stints as Prime Minister. During the period 2001 to 2004, when he effectively led the government as Prime Minister and entered into the ceasefire agreement with the LTTE, he tried to implement the same set of economic reforms. Both of these radical measures proved to be too much for the population to bear and he suffered defeat at the elections that followed. Typically, the reform measures he presents is based on the “trickle down” theory, which, in highly corrupt polities, like Sri Lanka, means that the poor have to be content with the crumbs falling off the table. Once again, and unfazed, he is taking up the challenge of taking up unpopular economic measures, such as cutting subsidies, increasing taxes and privatizing state owned enterprises.
As part of the IMF recovery plan for the country, the government, under his leadership, is putting in place anti-corruption legislation that is required by the IMF. It appears that this legislation, which is still in its draft form, is being pushed more by the President than by the government. This was evident when a civil society group, led by the anti-corruption watchdog Transparency International, held a meeting for parliamentarians of all parties within the parliamentary complex. The attendance from the government side was limited, though the Opposition participated in strength. The top leadership of most of the Opposition parties, was in attendance, especially the largest Opposition party, the SJB, whose leader Sajith Premadasa also made an appearance. They gave an inkling of the change of faces that needs to accompany any “system change.” The consensus of the discussion was that the draft legislation was a positive addition to the fight against corruption.
The situation on the ground, in terms of implementation of the laws pertaining to good governance and accountability, continue to be highly unsatisfactory. The protest movement that was in evidence a year ago, gave its attention to issues of corruption and economic mismanagement for the reason that it had led to the economic collapse of the country that affected the entirety of its population. Both corruption and economic mismanagement had been facilitated by the concentration of political power in the executive. One of President Wickremesinghe’s first actions was to give astute political leadership to the passage of the 21st Amendment which sought to restore the independence of key state institutions necessary for a check and balance function. The most important aspect of the 21st Amendment is to protect those who are in charge of oversight bodies from interference by the political authority.
A notable feature of the present is that the parliamentary majority has shown itself to be willing to follow President Wickremesinghe’s lead when it comes to putting frameworks of good governance and accountability in place for the future. But when it comes to implementing them in the present, the ruling party, in particular, works in its own self-interest and to protect its own. Unfortunately, there are a growing number of instances in which it can be seen that the parliamentary majority, led by the ruling party, continues to flout the spirit of the law and practices of good governance. This was seen in the manner in which the Chairman of the Public Utilities Commission was forced out of his position through a majority vote in Parliament. Regrettably, the protections afforded by the 21st Amendment could not protect the Chairman of the regulatory authority who opposed the electricity price hikes that led to the price hike to the poorest being up to 500 percent, while to the super rich and companies it was only 50 percent.
The second incident, in the same week, has been the apprehension of a parliamentarian at the airport for gold smuggling who was let off with a fine that was much less than the fine provided for by law for such offenses. The parliamentarian himself has shown no remorse whatsoever and on the contrary has argued with considerable gumption that he is a victim of injustice as he did not pack his own bag and it was done by another. The very same day that he paid his fine and was released by the Customs he went to Parliament, as if he had no problems. Opposition parliamentarians have urged that the parliamentarian, caught gold smuggling, should resign, but so far to no avail. The question is whether he will be held accountable for the discredit he has brought upon himself, his political party, Parliament and the country or whether he will be judged to be no worse than many of his peers and the matter put aside.
The third incident, in the same week, is that of a foreign national who entered the country, on a forged passport, and was apprehended, at the airport, by Immigration officers. They were instructed by a government minister to release the foreign person on the grounds that he was a businessman who had come to invest in the country. However, when the incident was reported in the media, the government decided to deport him and said it will take action against the Immigration officers who had followed illegal orders in releasing him. The media reported that no inquiry will be held against the Minister for influencing the Immigration officials to release the arrested foreign national as anybody could make a request like that but that an inquiry should be held against the Immigration officials for obeying the wrong instructions.
President Wickremesinghe has won many plaudits for his willingness to take up the challenge of rescuing the country from the abyss when he accepted former President Gotabaya Rajapaksa’s offer to become Prime Minister. It has now become clear that the President is determined to set laws and frameworks for the future. Unfortunately, it appears that the implementation of good governance practices and accountability is simply impossible in a context in which the parliamentary majority is not willing to follow them. As a result, the crackdown on corruption and abuse of power that was hoped for when President Wickremesinghe took over has not manifested itself on the ground.
There is still little or no evidence that President Wickremesinghe is able or willing to take action against those within his government who violate the laws and frameworks of good governance that he is setting for the future of the country. Up to now, the President has only been able to use the security forces and the parliamentary majority to crack down on the protest movement which demanded an end to corruption and accountability for abuse of power. If this situation continues, the President will lose both credibility and authority while those who engage in corruption and abuse of power will once again entrench themselves and become impossible to dislodge to the detriment of the national interest. There is a need for all in the polity, both government and opposition, to strengthen the hand of the President to make a break with the past so that the resources of the country will be used for the common good rather than end up in private pockets.
Sri Lanka’s ignorance matches that of US – II
Human Rights and war crimes:
By Daya Gamage
Foreign Service National Political Specialist (ret.)
US Department of State
(Continued from yesterday)
It is essential to note the most fundamental divide in the country is between rural and urban populations. Sri Lanka’s economy has always been essentially agricultural and even today some 77 percent of the population lives in rural districts. The ratio of Sinhalese to Tamils living in rural districts nationally approximates their ratio in the population at large. Rural areas include Tamil-majority parts of Vanni (Mannar, Mullaitivu and Vavuniya Districts) and the Kilinochchi District in the Northern Province. Similarly, such Sinhalese-majority districts as Monaragala and Badulla in the southern province of Uva, and Hambantota in the south are mostly rural. During the colonial period and until the early 1970s the economic and political elites of Sri Lanka were almost exclusively a subset of the approximately 19 percent of the population living in urban areas.
These areas were privileged in terms of better economic infrastructure, better health and other government services, and better educational and employment opportunities. These advantages were shared by all communities living in the cities: Sinhalese, Tamils and Muslims, who coexisted and cooperated in general harmony. Again, all three ethnic communities in the rural sector face inadequate educational facilities, less economic infrastructure and employment opportunities.
Post-independence leaders faced a prickly dilemma: the economic development and broadened enfranchisement demanded by democratic politics required that more resources and opportunities be shared with the countryside, which would dilute the power and privileges of the 19 percent. All sections of the educated urban class were threatened by this, and none more than urban Tamils. Not surprisingly, political leaders reacted to this broadening competition for national resources by reaching out to their ethnic constituencies for support in defending their privileges.
Let’s turn to war crimes and human rights violations the 18 May 2023 US House of Representative Resolution and the Canadian prime minister were referring to. The data and facts given below could be new to policymakers and lawmakers in Sri Lanka as well as to their counterparts in Washington. I say this because there was no evidence that Sri Lanka ever presented these factual data to the West. If the policymakers and lawmakers in Washington were aware of the following data the Resolution would have taken a different tone.
The question of war crimes—and related charges of crimes against humanity and even of genocide—are a telling example of the frequent gulf between complex facts and simplistic popular beliefs that has distorted perceptions of the Sri Lankan civil war and, one would argue, US policy towards Sri Lanka. In a broader sense, this writer believes that the persistent fictions that have grown up around the separatist conflict are symptomatic of a larger problem in the crafting of policy toward countries that are insufficiently or incorrectly understood.
In the case of Sri Lanka, the tendency of international observers to rush to judgment— and censure—under worst-case assumptions is evidenced by the civilian fatalities figure cited extensively in print and public discourse. This figure of 40,000 is alleged to be the number of unarmed Tamils who were killed during the final stage of the war (January–May 2009). These deaths are blamed largely on the Sri Lankan military, which is accused of using excessive and indiscriminate force, and thereby of committing war crimes. The 40,000 figure became an item of international orthodoxy after it was mentioned in the report, often referred to as the Darusman Report, by an “unofficial” panel of experts appointed by U.N. Secretary-General Ban Ki-moon. The figure was arrived at by simply subtracting the number of internally displaced civilians who were administratively processed after the hostilities from the UN’s estimate of the number of civilians caught up in the final offensive.
To be precise, the March 2011 Darusman report conceded that “there is still no reliable figure for civilian deaths” but stated that the figure of 40,000 “cannot be ruled out” and needs further investigation. The report did not refer to “credible evidence,” much less adduce any, using instead the vague expression “credible allegations.” This verdict was not voted upon or endorsed by the United Nations as an organisation, and despite its questionable logic and conflicting figures from other sources, the UN Secretary General pronounced the figure of 40,000 to be definitive. In a strange case of groupthink, most western governments and international NGOs have accepted it unquestioningly and wielded it rhetorically.
Disputed death count
The currency and obduracy of the death count, to which the Darusman Report gave birth, is all the more mystifying because it represents a major departure from calculations made not only by other reputable observers but even by UN staff on the ground in Sri Lanka. On March 9 (2009), the country team of the UN mission in Colombo briefed local diplomats for the first and only time on the civilian casualty figures it had collected from its Humanitarian Convoy.
According to this briefing, 2,683 civilians had died between January 20 and March 7, and 7241 had been wounded. The UN country team did not indicate to the diplomats that the majority of these casualties were due to government shelling. According to a cable from the US embassy in April 2009, the UN had estimated that from January 20 to April 6 civilian fatalities numbered 4,164, plus a further 10,002 wounded. The International Crisis Group is quoted as reporting that “U.N. agencies, working closely with officials and aid workers located in the conflict zone, documented nearly 7,000 civilians killed from January to April 2009.
Those who compiled these internal numbers deemed them reliable to the extent they reflected actual conflict deaths but maintain it was a work in progress and incomplete.” Some three weeks before the end of the war, Reuters reported that “A UN working document, a copy of which was obtained by Reuters, says 6,432 civilians have been killed and 13,946 wounded in fighting since the end of January.” An unpublished report by the United Nations country team in Sri Lanka stated that from August 2008 to May 13, 2009 (five days before the war ended), the number of civilians killed was 7,721. Even if the UN Secretary General chose to ignore reporting from his own staff in the field, there were reports from other sources that should have tempered the figures adopted by other international organizations and governments with diplomatic representation in Colombo.
The International Committee of the Red Cross, the only outside agency present in the war zone during the final phase, used various statistical indicators to conclude that the total number of noncombatants killed was around 7,000. Lord Naseby, a British parliamentarian and longtime advocate for Sri Lanka, announced in the House of Lords in November 2017 that he had managed to pry classified documents out of the Foreign Office through a freedom of information inquiry. These documents, which were dispatched from the British Defense Attaché in Colombo during the final days of the war, reported that about 7000 people had been killed. Amnesty International wrote that . . . “derived independently from eyewitness testimony and information from aid workers [we estimate that] at least 10,000 civilians were killed.” This figure is in line with the estimate of an anthropologist working in Australia who questioned LTTE government servants and others who survived the final battles. This academician estimates that total fatalities from January 1 to May 19 ranged from 15,000 to 16,000, including some 5,000 Tiger dead. He cautions that any final figure must take into account the 600-900 deaths due to non-military causes that would be expected at standard death rates for a population of several hundred thousand over a period of five months, especially under very difficult conditions. He emphasizes that it was very difficult to distinguish civilians from combatants because the latter often did not wear uniforms.
According to some commentators, the prevalence and resilience of the 40,000-fatality figure can be attributed in significant measure to the publicity given to it by Gordon Weiss, an Australian journalist, who served as spokesperson for the UN mission in Sri Lanka from 2006 to 2009. In that official capacity Weiss reportedly used the fatality figure of 7,000 for 2009 and noted that, for the Sri Lankan Army, it made no tactical sense to kill civilians. Yet, in interviews to promote his popular book on the final days of the war, he used the unsubstantiated figure of 40,000, presumably for its shock value. When the book was published, the fatality figure had been reduced to 10,000.
On July 9, 2009, the US Ambassador-at-Large for War Crimes Issues, John Clint Williamson, met in Geneva with Jacques de Maio, Head of Operations for South Asia for the International Committee of the Red Cross. Williamson requested the meeting in order to collect information required for reporting to the US Congress. This information was invaluable because the ICRC was the only international organisation allowed by the GSL onto the northeastern battlefield for humanitarian work. In his diplomatic cable to Washington on that meeting, Williamson quoted de Maio as saying that “the Sri Lankan military was somewhat responsive to accusations of violations of international humanitarian law and was open to adapting its actions to reduce casualties.” The ambassador added that de Maio . . . “could cite examples of where the Army had stopped shelling when ICRC informed them it was killing civilians. In fact, the Army actually could have won the military battle faster with higher civilian casualties, yet chose a slower approach which led to a greater number of Sri Lankan military deaths …. On the LTTE, de Maio said that it had tried to keep civilians in the middle of a permanent state of violence. It saw the civilian population as a ‘protective asset’ and kept its fighters embedded amongst them.
De Maio said that the LTTE commanders’ objective had been to keep the distinction between civilian and military assets blurred.” In April, as the fighting was nearing its climax, both the United Nations and the Group of Eight nations strongly condemned the LTTE for using civilians as human shields.
This writer can assure that the manuscript he is preparing with the retired Senior Foreign Service and Intelligence Officer of the Department of State Dr. Robert K. Boggs will disclose startling evidence of Washington’s foreign policy trajectory toward Sri Lanka, and how successive governments in Sri Lanka since 1980 – to date – displayed their utter ignorance that led to the infantile foreign policy approaches.
(The writer, Daya Gamage, is a retired Foreign Service National Political Specialist of the U.S. Department of State accredited to the Political Section of the American Embassy in Colombo, Sri Lanka)
Excitement galore for Janaka
Another artiste who is very much in the limelight, these days, is singer Janaka Palapathwala, who specializes in the golden hits of the past, made popular by Engelbert Humperdinck, Elvis, Tom Jones, Jim Reeves, and the like.
He has been seen crooning away at some of the prestigious events, in Colombo, and is now ready to entertain those who love the golden oldies…in Canada and the States.
Janaka, who plans to reveal a new identity soon, indicated to us that he is eagerly looking forward to this particular overseas tour as he has already been informed that the opener, on 3rd June, in Washington D.C., is a ‘sold out’ event.
“Summer Mega Blast’, on 3rd June, will have in attendance the band Binara & The Clan and DJ Shawn Groove.
On 16th June, he will be in Toronto, Canada, for ‘Starlight Night’, with the band 7th String.
He has two dates in New York, on 24th June and 28th July (‘Welcome To My World’); Nebraska, 4th July (‘An Evening With Janaka’): Los Angeles, 15th July, and San Francisco, 22nd July.
Both the Los Angeles and San Francisco events are titled ‘Memories Are Made Of This’ and Janaka will perform, backed by the group Dynasty (Apple Green).
On his return home, he says he has to do the St. Peter’s College Welfare Society Dinner Dance, “Wild West’, scheduled for 26th July.
There will be plenty of action at this Peterite event, with the bands Misty, and Genesis, Shawn Groove, Frank David, Mazo, Ricardo Deen, Dinesh Subasinghe and Clifford Richards.
Navy divers retrieve 148 from watery graves within a year
Establishment of the Truth and Reconciliation Commission
Draft report on the inquiry into the destruction of North-Eastern archaeological sites and interference with conservation activities handed over to the Prime Minister
‘Dates have the highest sugar content to fight Coronavirus’
Sunday Island 27 December – Headlines
#Sundayisland Sunday Island- 31 January- Headlines
Features7 days ago
Jerome Fernando and his profane gimmicks
Opinion7 days ago
Pastor Jerome Saga: Buddhist perspective
News6 days ago
Gold smuggling govt. MP walks free after paying Rs 7.4 mn fine
Opinion6 days ago
Jerome Fernando and his profane gimmicks – II
Business7 days ago
Elephant House SuperHeroes powered by Dialog returns for a second phase to discover Sri Lanka’s future leaders
Sports6 days ago
When sport clean-bowls politics
Features5 days ago
Murders, exhumations, sacking: hence never a dull day in Paradise
Business7 days ago
Report to be soon out on those who slip through the tax net