WASHINGTON (AP) The Justice Department has indicted three North Korean computer programmers in a wide range of global hacks, including a destructive attack on a US film studio and an extortion scheme to attempt to steal more than 1 $ 3 billion to banks and other financial institutions, federal prosecutors said Wednesday.
The newly unsealed indictment builds on an earlier criminal case initiated in 2018 and adds two more North Korean defendants. Prosecutors identified all three as members of a North Korean military intelligence agency and said they carried out hacks at the behest of the government with the aim of using stolen funds to benefit the regime. Alarmingly for US officials, the defendants sometimes worked out of sites in Russia and China.
Law enforcement officials say the lawsuits highlight the profit motive behind North Korea’s criminal hacking model, in contrast to other adversarial countries like Russia, China and Iran which are generally more interested. by espionage, the theft of intellectual property or even the disruption of democracy. As the United States announced its case against the North Koreans, the government was still grappling with an intrusion by Russia of federal agencies and private companies that officials said were aimed at gathering information.
What we are only seeing emerging from North Korea is trying to raise funds through illegal cyber activities, including the theft of traditional currency and cryptocurrency, as well as cyber extortion schemes, said Deputy Attorney General John Demers, the Justice Department’s top national security official.
Due to their economic system and the sanctions imposed on the country, he added, they are using their cyber capabilities to try to get change wherever they can, and that’s not something we see. really players in China, Russia or Iran.
None of the three defendants are being held in the United States, and while officials don’t expect them to travel to the United States anytime soon to be prosecuted there, Justice Department officials have said years have found it helpful to charge foreign government hackers, even in absentia, with a message that they are not anonymous and can be identified and involved in crimes.
At the same time, prosecutors announced a plea deal with a dual US-Canadian citizen who investigators say organized the laundering of millions of dollars in stolen funds. Ghaleb Alaumary, 37, from Ontario, Canada, agreed to plead guilty in Los Angeles to organizing co-conspiratorial teams in the United States and Canada to launder funds obtained through various schemes.
In addition to naming two additional defendants beyond the original 2018 case, the new case also adds to the list of victims around the world of hacks carried out by the General Reconnaissance Bureau.
The hackers, according to the indictment, were part of a conspiracy to steal more than $ 1.3 billion in cash and cryptocurrency from banks and businesses; launched a massive global ransomware campaign; and pirate that Sony Pictures Entertainment targeted in 2014 in retaliation for a Hollywood film, The Interview, which the North Korean government did not like.
The indictment states that the hackers engaged not only in cyber-theft, but also in revenge-motivated computer attacks, sometimes executing commands to destroy computer systems, deploy ransomware, or turn off computers. unusable victims.
The scope of these crimes committed by North Korean hackers is staggering, ”said Tracy Wilkison, acting U.S. prosecutor in the Central District of California, where Sony Pictures is located and where the indictment was filed. These are the crimes of a nation state, which has stopped at nothing to seek revenge and obtain money to support a machine.
Officials would not say how much money the hackers actually got, although the indictment charges them in connection with a theft of $ 81 million from the Bangladesh central bank in 2016 and several other withdrawals. multi-million dollar ATMs and cyber extortion schemes. In total, the conspiratorial conspirators attempted to steal or extort more than $ 1.3 billion, ”according to the indictment.
To empty victims’ cryptocurrency accounts, cybercriminals planted malware masquerading as cryptocurrency trading software on seemingly legitimate websites to deceive victims, according to alert released by FBI and other American agencies. Once infected, a victim computer could be seized and controlled by remote access. Later, hackers used other techniques, including phishing and social engineering, to infect victims’ computers.
Associated Press writer Frank Bajak in Boston contributed to this report.