The Justice Department has charged a North Korean computer programmer in major cybercrimes over the last four years, including the WannaCry ransomware attack and the Sony Pictures hack.
The DOJ said Thursday that it’s charged Jin Hyok Park, a North Korean computer programmer, with one count of conspiracy to commit computer fraud and abuse and one count of conspiracy to commit wire fraud. The charges are related to a massive attack against Sony in 2014, the $81 million Bangladesh Bank heist in 2016 and the WannaCry ransomware attack in 2017 that ensnared thousands of computers in hospitals, universities and banks worldwide.
The Sony attack was tied to the film The Interview, starring Seth Rogen and James Franco, a comedy that depicted an assassination attempt against North Korean leader Kim Jong-Un.
In retaliation, North Koreans pulled off one of the most damaging hacks on a US company, leaking thousands of emails between Sony executives, including personal information about employees and celebrities. The attack also crippled the company’s computer infrastructure.
The WannaCry attack locked up more than 300,000 computers in 150 countries, demanding that victims pay the ransom or risk losing access to their devices forever.
Park is not the only person accused in these attacks, but he is the only person named in the criminal complaint. DOJ officials said that Park didn’t act alone and that the investigation is still ongoing.
Park was working on behalf of the North Korean government, the investigators said.
‘This is one of the most complex and longest cyber investigations that the department has conducted,’ John Demers, assistant attorney general for national security, said Thursday.
The charges are the first US case against a North Korean, as the nation continues to build up its cyberattack capabilities. Over the years, North Korea has created a powerful hacker army called the Lazarus Group.
Dmitri Alperovitch, co-founder of cybersecurity company Crowdstrike, called North Korea one of the ‘most aggressive nation-state actors in cyberspace.’
According to the criminal complaint against Park, he was working in Dalian, China, for a front company called Korea Expo Joint Ventures, which was controlled by North Korea and designed to make money for the nation’s hacking organization.
Shortly before the hack against Sony, Park returned to North Korea and began launching attacks against the company, according to the complaint. Using a network of alias and email addresses, Park flooded inboxes at Sony Pictures, AMC Theaters and Mammoth Screen in an attempt to intrude on their networks.
According to the Justice Department, he used those same email addresses to pull off the $81 million heist from Bangladesh Bank. He also used those aliases to attack Lockheed Martin, a military contractor that works with both the US and South Korean governments.
Justice officials also found that Park allegedly used the same malware for attacks on both the Bangladesh Bank and Sony.
‘This group’s actions are particularly egregious as they targeted public and private industries worldwide – stealing millions of dollars, threatening to suppress free speech, and crippling hospital systems,’ FBI director Christopher Wray said in a statement.
Along with other North Korean hackers, Park allegedly helped create the WannaCry ransomware, as well as two more versions of it that continued to spread, according to documents. Investigators found evidence in email exchanges linking the ransomware to Park and other North Korean hackers.
All three versions of WannaCry have similar coding, indicating that they had the same creator, according to the criminal complaint.
While it’s highly unlikely that a North Korean would be extradited to the US, the Justice Department has used its ‘Name and Shame’ strategy for multiple nation-state hackers.
‘Their attacks have costed organizations all over the world tens of millions of dollars in damage,’ Alperovitch said. ‘One of the most important steps taken towards achieving effective cyber deterrence is the attribution of these attacks and holding the perpetrators accountable, as we witnessed today by the announcement of the US Department of Justice.’
If found guilty, Park would face up to 25 years in prison. For Rep. Adam Schiff, a Democrat from California, the significance isn’t about prosecuting and convicting Park. By calling out North Korea and Park with the indictment, US officials are holding nation-state hackers accountable for its attacks, Schiff said in an interview.
‘It’s less about the prospect that we’re really going to get them to show up in court and face the music. It’s more about letting these countries know that we have very good capabilities to ferret out who’s doing what against us,’ he said.
The Treasury Department has launched a series of sanctions against Park and against the Korea Expo Joint Venture, the company he claimed to work for.
‘We will not allow North Korea to undermine global cybersecurity to advance its interests and generate illicit revenues in violation of our sanctions,’ Treasury Secretary Steven Mnuchin said.
Sen. Mark Warner, a Democrat from Virginia, said that Thursday’s indictment is an ‘important step in making clear to our adversaries that these kinds of criminal activities are unacceptable.’
Steve Rodhouse, director general of the UK’s National Crime Agency, said the WannaCry attack ‘highlighted that cybercrime affects not just the country’s prosperity and security, but also affects our everyday way of life.’