DOJ Charges North Korean Programmer in Sony Pictures Hack

United States Attorney Tracy Wilkison announces a criminal complaint being filed against a North Korean national accused in a series of destructive cyberattacks around the world, at a news conference in Los Angeles Thursday, Sept. 6, 2018. The complaint alleges Park Jin Hyok, computer programmer accused of working at the …
AP Photo/Reed Saxon

The Department of Justice charged a computer programmer accused of working for the North Korean government Thursday with a role in several high-profile cyber attacks, including the 2014 Sony Pictures Entertainment hack and the WannaCry ransomware virus that affected hundreds of thousands of computers worldwide.

Park Jin Hyok, believed to reside in North Korea, conspired with others to conduct a series of attacks that also stole $81 million from the Bangladesh Central Bank, according to the Justice Department’s criminal complaint. The U.S. government believes he was working at the behest of a North Korean-sponsored hacking organization.

The Sony Pictures Entertainment attack led to the release of a trove of sensitive personal information about company employees, including Social Security numbers, financial records, salary information, as well as embarrassing emails among top executives. In addition, the hack included four yet-to-be-released Sony films, among them Annie, and one that was in theaters, the Brad Pitt-led film Fury. The hack is said to have cost the company tens of millions of dollars.

The Federal Bureau of Investigation (FBI) had long suspected North Korea was also behind the last year’s WannaCry cyberattack, which used malware to scramble data at hospitals, factories, government agencies, banks, and other businesses across the globe. “This was one of the most complex and longest cyber investigations the department has taken,” Assistant Attorney General for National Security John Demers said in a statement.

U.S. officials believe the Sony hack was retribution for The Interview, a comedy that starred Seth Rogen and James Franco, centered on a plot to assassinate North Korean dictator Kim Jong-un. Following the hack, Sony canceled the theatrical release of the film and released it online through YouTube.

A Sony spokeswoman declined to comment on the Justice Department filing charges against Park Jin Hyok.

Filed in Los Angeles, the criminal complaint alleges that the hackers committed several attacks from 2014 until 2018. “The criminal conduct outlined in this case is intolerable,” said Tracy Wilkison, the first assistant U.S. attorney in Los Angeles. “The North Korean-backed conspiracy attempted to crush freedom of speech in the U.S. and the U.K. It robbed banks around the world. And it created indiscriminate malware that paralyzed computers and disrupted the delivery of medical care.”

“Cybersecurity experts have said portions of the WannaCry program used the same code as malware previously distributed by the hacker collective known as the Lazarus Group, which is believed to be responsible for the Sony hack.,” reports AP.

The indictment said that Park was on a team of programmers employed by an organization called Chosun Expo that operated out of Dalian, China, and that the FBI described as “a government front company.”

A North Korea-registered website bearing that company’s name described Chosun Expo as the country’s “first internet company,” saying it was established in 2002 and employed 20 young graduates from institutions including Kim Il Sung University, Kimcheon Industrial University, and Pyongyang Art University.

A 2015 version of the company’s website said it focused on gaming, gambling, e-payments, and image recognition software. It looked in many ways like a typical tech company, boasting of its “pioneering” IT talent and customer satisfaction. By July 2016, internet archival records show, the company dropped the reference to North Korea from its homepage.

It is the first time the Justice Department has brought criminal charges against a hacker said to be from North Korea. In recent years, the department has charged hackers from China, Iran, and Russia in hopes of publicly shaming other countries for sponsoring cyber attacks on U.S. corporations.

The Treasury Department also added Park Jin Hyok’s name to their sanction list, which prohibits banks that do business in the U.S. from providing accounts to him or Chosun Expo.

It is unlikely that he will face extradition because the U.S. has no formal relations with North Korea.

The charges come after Kim Jong-un told South Korean National Security Director Chung Eui-yong that he wishes for North Korea and the U.S. to put an end to their seven decades of hostile relations before the end of President Trump’s first term.

President Trump responded Thursday by tweeting, “Kim Jong Un of North Korea proclaims ‘unwavering faith in President Trump.’ Thank you to Chairman Kim. We will get it done together!”

Further, Kim told Chung that work to dismantle North Korea’s missile engine test site “means a complete suspension of future long-range ballistic missile tests” and vowed Kim to take “more active” measures toward denuclearization if his moves are met with corresponding goodwill measures.

The Associated Press contributed to this report. 

.