Thursday, 25 February, 2021

United States charges N.Korean hackers in $1.3bn theft scheme

Park Jin Hyok North Korean Hackers Charged with Stealing Over $1.3 Billion in Cryptocurrencies and Cash
Cecil Davis | 18 February, 2021, 11:28

US Department of Justice charged three computer programmers who apparently belong to the infamous North Korea-affiliated hacker group known as Lazarus for attempting to steal and extort over $1.3 billion in fiat and cryptocurrency from financial institutions. North Korea has previously denied being involved in hacking operations.

Ghaleb Alaumary, 37, of Mississauga, Ont., was charged with conspiring to launder money on behalf of what the U.S. Department of Justice called a "wide-ranging criminal conspiracy" that targeted everything from a Hollywood movie studio to the U.S. State Department.

Last year, the USA government became so concerned about North Korea's wide-ranging activity that it issued a dire advisory to cybersecurity professionals and the public about the hazards posed by the country's hackers.

Although officials briefing reporters on Wednesday said they couldn't pinpoint how successful the hackers were in their attempts to steal almost $1.3 billion, the indictment does allege cryptocurrency thefts of at least $112 million.

The 33-page indictment unsealed Wednesday charges Park, Jon Chang Hyok and Kim Il with criminal conspiracy, conspiracy to commit wire fraud and bank fraud. United States investigators now say they've identified two other North Koreans in the group: 31-year-old Jon Chang Hyok and 27-year-old Kim Il.

Beyond the Sony attack, the indictment announced Wednesday alleges a broader scheme to carry out various cybercrimes, including the attempted theft of $1.2 billion from banks across the globe, wide distribution of malicious cryptocurrency apps and spear-phishing campaigns to penetrate computer systems of U.S. defense contractors, the Pentagon and the U.S. State Department. The money will be returned to the bank, officials said.

None of the three defendants is in custody or likely to be, but the indictments serve as a message to the hackers that they are not anonymous.

Okonjo-Iweala makes history as WTO head
Biden's administration therefore has an incentive to take the dispute off the table before a decision, expected this summer. US President Joe Biden previously endorsed her nomination, pointing to greater cooperation in global policy.

The indictment describes a broad array of criminal cyber activities undertaken by the conspiracy, in the United States and overseas, conducted for revenge or financial gain.

According to the indictment, the defendants are responsible for some of the most damaging cyberattacks ever, including the hack of Sony Pictures Entertainment, the cyber-heist of $81 million from the Bank of Bangladesh, and the Wannacry 2.0 attack.

Also Wednesday, the Department of Homeland Security, FBI and Treasury Department released an analysis of malware that the agencies said the North Korean government uses to steak cryptocurrency, dubbed "AppleJeus".

Meanwhile, hundreds of cryptocurrency companies were targeted by the group, with tens of millions of dollars stolen, including $75 million from a Slovenian cryptocurrency company in December 2017, $24.9 million from an Indonesian firm in September 2018; and $11.8 million from a NY outfit in 2020.

Once they gained access to the exchange's computers, the hackers found the "wallets" where the crypto money was stored and the private keys to those wallets that allowed them to make fraudulent transfers, the indictment alleged.

The $1.3 billion allegedly targeted would represent nearly half the total amount of North Korea's civilian merchandise imports - mainly from China - in 2019, the most recent year for which estimates are available, said Nicholas Eberstadt, an economist at the American Enterprise Institute. He also laundered money from a North Korean cyber heist of a Maltese bank in 2019, prosecutors said.

Officials acknowledged that the defendants, who are at large, are unlikely to stand trial in the United States, but said the indictment serves to educate the public and to help other agencies and allies that may want to bring sanctions.