South China Morning Post
Advertisement
Advertisement
North Korea
Get more with myNEWS
A personalised news feed of stories that matter to you
Learn more
An off-duty police officer hired by the cinema stands watch as people arrive to watch the controversial movie The Interview at the Plaza Theatre in Atlanta, Georgia, in December 2014. The Sony Pictures comedy was the subject of threats by North Korea after a hacking attack. Photo: EPA
AsiaEast Asia

US charges North Korean trio in US$1.3 billion hacking spree

  • Jon Chang-hyok, Kim Il and Park Jin-hyok are accused of stealing money and cryptocurrency while working for Pyongyang’s military intelligence services
  • The programmers were allegedly behind the 2014 attack on Sony Pictures over The Interview, a movie depicting the assassination of leader Kim Jong-un
North Korea
Reuters
Reuters
Why you can trust SCMP
The United States has charged three North Korean computer programmers with a massive hacking spree aimed at stealing more than US$1.3 billion in money and cryptocurrency, affecting companies from banks to Hollywood movie studios, the Department of Justice said on Wednesday.

The indictment alleges that Jon Chang-hyok, 31, Kim Il, 27, and Park Jin-hyok, 36, stole money while working for North Korea’s military intelligence services. Park had previously been charged in a complaint unsealed in 2018.

The Justice Department said the hackers were responsible for a wide range of criminal activity and high-profile intrusions, including a retaliatory 2014 attack on Sony Pictures Entertainment for producing The Interview, a movie that depicted the assassination of North Korea’s leader.
The group is alleged to have targeted staff of AMC Theatres and broken into computers belonging to Mammoth Screen, a British film company that was working on a drama series about North Korea.

The Justice Department also alleged that the trio took part in the creation of the destructive WannaCry 2.0 ransomware – which hit Britain’s National Health Service hard when it was set loose in 2017.

The indictment pins the blame on the hackers for breaking into banks across South and Southeast Asia, Mexico, and Africa by penetrating the financial institutions’ networks and abusing the SWIFT protocol to steal money. They are also alleged to have deployed malicious applications from March 2018 through September 2020 to target cryptocurrency users.

The overall amount of money stolen by the hackers is not clear because in some cases the thefts were either halted or reversed. But the figures are significant. In one 2016 heist alone – at the Bangladesh Bank – the hackers are alleged to have made off with US$81 million.

Tens of thousands of Chinese firms affected by WannaCry

“North Korea’s operatives, using keyboards rather than guns, stealing digital wallets of cryptocurrency instead of sacks of cash, are the world’s leading 21st century nation-state bank robbers,” US Assistant Attorney General John Demers told a news briefing.

Kristi Johnson, the FBI assistant director in charge for the Los Angeles Field Office, told reporters that the three alleged hackers were believed to be in North Korea. Officials alleged they had been stationed at times in various other countries, including China and Russia.

The North Korean mission to the United Nations in New York did not immediately respond to requests for comment and contact details for the trio could not immediately be found. The Chinese and Russian embassies in Washington also did not immediately reply to requests for comment.

This wanted poster released by the Department of Justice shows Kim Il, who prosecutors say is a member of a North Korean military intelligence agency and carried out hacks at the behest of the government. Image: US Department of Justice via AP

Overall, North Korea has generated an estimated US$2 billion using “widespread and increasingly sophisticated” digital intrusions at banks and cryptocurrency exchanges, according to a UN report in 2019 by independent experts monitoring international sanctions on Pyongyang.

“According to one member state, the DPRK total theft of virtual assets, from 2019 to November 2020” was approximately US$316.4 million, the report said.

Officials said on Wednesday that Ghaleb Alaumary, a Canadian-American citizen, has separately pleaded guilty to laundering some of the alleged hackers’ money. Requests for comment sent to Alaumary’s lawyers were not immediately returned.

Alaumary is slated to be sentenced in June in a federal court in Georgia.

Post