Justice Department charges 3 North Korean hackers in $1.3 billion theft scheme
Washington — The U.S. charged three North Korean hackers for their alleged roles in a broad scheme that included attempts to steal more than $1.3 billion from banks around the world and conduct cyberattacks targeting the entertainment industry, including Sony Pictures, the Justice Department announced Wednesday.
"North Korea's operatives, using keyboards rather than guns, stealing digital wallets of cryptocurrency instead of sacks of cash, are the world's leading 21st century nation-state bank robbers," Assistant Attorney General John Demers told reporters in a call detailing the indictment, which was filed in December and unsealed Wednesday in federal district court in Los Angeles.
Federal prosecutors believe the cyber campaign began as early as September 2009 and continued through at least December. During that time, the three alleged conspirators — Jon Chang Hyok, Kim Il and Park Jin Hyok, members of North Korea's military intelligence agency — "hacked into the computers of victims to cause damage, steal data and money, and otherwise further the strategic and financial interests of the DPRK government and its leader, Kim Jong Un," according to the indictment.
Park, 36, had previously been charged in 2018 for his role in the cyberattack targeting Sony four years earlier.
The latest indictment expands on the earlier case related to the Sony hack, which the Justice Department said was launched in retaliation for a movie called "The Interview," in which actors James Franco and Seth Rogan travel to North Korea and assassinate Kim Jong Un.
In addition to Sony, victims of the North Korean cyber campaign include AMC Theatres, financial institutions, cryptocurrency companies, online casinos, cleared defense contractors, energy utilities and individuals from around the world, the Justice Department said.
The hackers attempted to steal more than $1.2 billion from banks in Vietnam, Bangladesh, Taiwan, Mexico, Malta and Africa by hacking their computer networks and sending fraudulent messages through a communication system, created ransomware known as WannaCry 2.0 and extorted victims after stealing confidential information, prosecutors allege. The North Korean programmers are also believed to have engaged in thefts through ATM "cash-out" schemes, including an October 2018 theft of $6.1 million from the BankIslami Pakistan Limited.
The indictment details a series of spear-phishing campaigns from March 20126 to February 2020, in which the hackers allegedly targeted employees at the State Department, Defense Department, tech companies, energy and aerospace companies and defense contractors.
"If the choice here is between remaining silent while we at the department watch nations engage in malicious, norms-violating cyber activity, or charges these cases, the choice is obvious — we will charge them," Demers said.
According to the indictment, the breaches often began with fraudulent spear-phishing messages designed to make the victims download and open malware the hackers developed. In other instances, the fraudulent messages encouraged victims to download or invest in a cryptocurrency-related software program the hackers created.
Then, once they gained access to the computer, the perpetrators of the cyber intrusion would "conduct research within the system, attempt to move laterally within a computer network, and attempt to locate and exfiltrate sensitive and confidential information," federal prosecutors allege.
"In both revenge and financially-motivated computer attacks, the hackers would, at times, execute commands to destroy computer systems, deploy ransomware, or otherwise render the computers of their victims inoperable," according to the indictment.
Jon, Kim and Park were charged with one count of conspiracy to commit computer fraud and abuse, for which they face up to five years in prison. The three were also charged with one count of conspiracy to commit wire fraud and bank fraud, which carries a maximum sentence of 30 years in prison.
The Justice Department also charged Ghaleb Alaumary of Ontario, Canada, for his role as a money launderer for the hackers. He agreed to plead guilty to one count of conspiracy to commit money laundering.
Clare Hymes contributed reporting.
