WASHINGTON (CN) — The U.S. Department of Justice charged three North Korean hackers on Wednesday with having stolen digital wallets of cryptocurrency from banks and businesses worldwide.
Dated Dec. 8, 2020, but unsealed this morning, the indictment builds off a 2018 case against accused Sony hacker Park Jin Hyok. Prosecutors say Park and the two new defendants, Jon Chang Hyok and Kim Il, are all programmers and members of a Pyongyang-based military intelligence agency of the North Korean government called Reconnaissance General Bureau (RGB).
“North Korea’s operatives, using keyboards rather than guns, stealing digital wallets of cryptocurrency instead of sacks of cash, are the world’s leading 21st century nation-state bank robbers,” Assistant Attorney General John Demers said in a statement.
As laid out in the 33-page filing, however, the trio stole much more than virtual money. Through cyber-heists and ATM cash-outs, Park, Jon and Kim allegedly tried to either steal or extort more than $1.3 billion from entertainment companies, financial institutions, cryptocurrency companies, online casinos, defense contractors, utility companies and individuals.
Back in 2018, the U.S. attorney general worked with the U.S. Attorney’s Office for the Central District of California and the National Security Division to charge Park in connection to a series of past plots including the February 2016 cyber-heist of $81 million from the Bank of Bangladesh and the May 2017 WannaCry ransomware attack, which damaged computer systems in more 150 countries.
Perhaps more memorably for U.S. audiences, the earlier indictment also connected Park to the “hack-and-dump” retaliation plot against Sony Pictures Entertainment as the studio prepared to release the film “The Interview” satirizing Kim Jong-un in 2014.
James Franco and Seth Rogen starred in the film opposite Randall Park who parlayed the breakout role as the North Korean dictator to a historic series run in ABC’s “Fresh Off the Boat.”
“The scope of the criminal conduct by the North Korean hackers was extensive and long-running, and the range of crimes they have committed is staggering,” Acting U.S. Attorney Tracy L. Wilkison said in a statement.
Prosecutors say that the defendants, while based in North Korea, also operated the conspiracy out of several other countries, including China and Russia.
Their objectives, according to the indictment, included retaliation over “perceived reputational harm,” gathering intelligence for the North Korean government, and self-enrichment.
Between 2009 and 2020, the charges explain, Park, Jon and Kim conspired to obtain information from and defraud protected computers without authorization. Prosecutors say the trio also distributed malware and ransomware like the Brambul worm, sometimes through documents or cryptocurrency applications that appeared legitimate.
Between March 2016 and February 2020, federal employees in the State Department and Defense Department were targeted through spear-phishing campaigns, as were private citizens working for various energy, aerospace and tech companies. Using false personas, the hackers would email the employees with a ruse that could get provide access to their computers.
U.S. Secret Service Assistant Director Michael R. D’Ambrosio said the coordinated efforts signal a growing alliance between some government officials and “highly sophisticated cyber-criminals.”
“The individuals indicted today committed a truly unprecedented range of financial and cyber-crimes: from ransomware attacks and phishing campaigns, to digital bank heists and sophisticated money laundering operations.”
This indictment marks the first time the United States has charged an operative of the DPRK.
“We continue to shine a light on the global campaign of criminality being waged by the DPRK,” Demers said. “Nation-state indictments like this are an important step in identifying the problem, calling it out in a legally rigorous format, and building international consensus.”
In addition to indicting the Koreans, however, prosecutors also unsealed a charge against a Canadian-American accused co-conspirator. The Justice Department describes Ghaleb Alaumary, 37 of Mississauga, Ontario, as a “prolific” money launderer for his role in handling millions of dollars through ATM cash-out schemes, cyber-heists, business email compromise (BEC) schemes, and more. Alaumary also faces prosecution for a separate BEC scheme in Georgia.
Victims of the plots resided in multiple countries including Bangladesh, Mexico, the Philippines, Poland and the United Kingdom.
The defendants have been charged with one count of conspiracy to commit computer fraud and abuse, which could lead to a maximum sentence of five years in prison, and one count of conspiracy to commit wire and bank fraud, with a maximum sentence of 30 years.
The Justice Department will only be using unclassified, admissible evidence in this case. “If the choice here is between remaining silent while we at the department watch nations engage in malicious, norms violating cyber activity or charges these cases, the choice is obvious,” Demers said, “we will charge them.”