The Justice Department has charged three North Korean computer programmers in multiple global cyber attacks, including a destructive attack targeting an American movie studio. They have also been charged in the attempted theft and extortion of more than $1.3 billion from banks and companies, according to federal prosecutors.
The recently unsealed indictment adds two North Korean defendants to an earlier criminal case from 2018. Prosecutors identified all three as members of a North Korean military intelligence agency. They are accused of carrying out hacks with the goal of using stolen funds to benefit the North Korean government. What is more alarming to U.S. officials is that the defendants often times worked from locations in Russia and China.
According to law enforcement officials, the prosecution highlights the profit-driven motive behind North Korea’s criminal hacking. This is a sharp contrast from other nations like Russia, China and Iran, who are generally more interested in espionage, intellectual property theft, or even disrupting democracy.
As the U.S. announced its case against the North Koreans, the government was still handling an intrusion by Russia of federal agencies and private corporations that officials say was aimed at information-gathering.
“What we see emerging uniquely out of North Korea is trying to raise funds through illegal cyber activities,” including the theft of traditional currency and cryptocurrency, as well as cyber extortion schemes, said Assistant Attorney General John Demers, the Justice Department’s top national security official.
He also said that “they use their cyber capabilities to try to get currency wherever they can do that, and that’s not something that we really see from actors in China or Russia or in Iran.”
None of the three defendants is in American custody. And even though officials don’t expect them to travel to the U.S. anytime soon for prosecution, Justice Department officials in recent years have found value in indicting foreign government hackers as a message that they are not anonymous and can be identified and implicated in crimes.
At the same time, prosecutors unsealed a plea deal with a dual U.S.-Canadian citizen who investigators say organized the sophisticated laundering of millions of dollars in stolen funds.
Ghaleb Alaumary, 37, of Ontario, Canada, agreed to plead guilty in Los Angeles to organizing teams of co-conspirators in the U.S. and Canada to launder funds obtained through various schemes.
The indictment unsealed Wednesday charges Jon Chang Hyok, Kim Il and Park Jin Hyok with crimes including conspiracy to commit wire and bank fraud. Park was previously charged in 2018 in a criminal complaint linking him to the hacking team responsible for the hack of Sony Pictures and the WannaCry global ransomware attack, among other acts.
Besides naming two additional defendants beyond the original case, the new case also adds to the list of victims from around the world of hacks carried out by the Reconnaissance General Bureau.
The hackers, according to the indictment, were part of a conspiracy that attempted to steal more than $1.3 billion of money and cryptocurrency from banks and businesses, unleashed a global sweeping campaign that targeted Sony Pictures Entertainment in 2014 in retaliation for a Hollywood movie, “The Interview,” that the North Korean government didn’t like because it depicted a fictionalized assassination of leader Kim Jong Un.
The indictment says the hackers engaged not just in cybertheft but also in “revenge-motivated computer attacks, at times executing commands “to destroy computer systems, deploy ransomware” or otherwise render victims’ computers inoperable.
“The scope of these crimes by the North Korean hackers is staggering,” said Tracy Wilkison, the acting U.S. Attorney in the Central District of California, where Sony Pictures is located and where the indictment was filed. “They are the crimes of a nation-state that has stopped at nothing to exact revenge and to obtain money to prop up its regime.”
Wikilison would not say how much money the hackers actually received, though the indictment does charge them in connection with an $81 million theft from Bangladesh’s central bank in 2016 and with multiple other multi-million-dollar ATM cashouts and cyber-extortion schemes. All told, the conspirators “attempted to steal or extort more than $1.3 billion,” according to the indictment.
To empty the cryptocurrency accounts of victims, the cyber thieves seeded malware posing as cryptocurrency-trading software on legitimate-seeming websites to trick victims, according to an alert published by the FBI and other U.S. agencies. Once infected, a victim’s computer could be entered and controlled by remote access. Later, hackers used other techniques including phishing and social engineering to infect victims’ computers.