The U.S. Department of Justice unsealed an indictment on Wednesday against three North Korean citizens on charges of attempting to steal over a billion dollars through cybercrime, as well as one Canadian-American citizen accused of helping them launder the money.
North Korea’s global commerce is severely limited by global sanctions imposed by the United Nations in 2017 in response to its latest illegal nuclear weapons test. In 2020, the communist regime’s ability to fund itself faced even bigger challenges in the face of lockdowns intended to limit the spread of the Chinese coronavirus. While dictator Kim Jong-un has repeatedly claimed North Korea has not documented a single case of Chinese coronavirus within its borders, he tightly sealed the country off from the world, cutting off pivotal trade with China along the Yalu River northern border.
The three North Korean citizens charged with a long list of cybercrimes are facing legal processing in the U.S. District Court in Los Angeles. Prosecutors allege that they were working directly under the auspices of the government of North Korea for its Reconnaissance General Bureau (RGB), a military entity.
U.S. law enforcement officials described the schemes in which the individuals indicted this week were allegedly involved as “a truly unprecedented range of financial and cyber-crimes” that featured both conventional cyber-theft from banking institutions to malicious hacking attacks against American entertainment companies. The individuals named in the indictment — Jon Chang Hyok, Kim Il, and Park Jin Hyok — also reportedly played a role in the 2014 hacking of Sony Pictures Entertainment in response to the release of The Interview, a Seth Rogen comedy that extensively mocked Kim Jong-un. That crime is the earliest listed in several years of attempts to steal billions of dollars through cybercrime.
In the United States, the Department of Justice alleged that the accused had organized multiple online attacks for about four years “that targeted employees of United States cleared defense contractors, energy companies, aerospace companies, technology companies, the U.S.Department of State, and the U.S. Department of Defense.”
The three men also stand accused of attempting to steal over $1.2 billion “from banks in Vietnam, Bangladesh, Taiwan, Mexico, Malta, and Africa by hacking the banks’ computer networks and sending fraudulent Society for Worldwide Interbank Financial Telecommunication (SWIFT) messages,” the Department of Justice noted. The hackers also attempted to steal money by hacking ATMs and allegedly succeeded in at least one scheme targeting Pakistan. That total does not include another about $100 million the accused allegedly stole in cryptocurrency.
The men were also alleged to have ties to some of the largest hacking attacks in history, including the 2017 “WannaCry” ransomware attack that affected about 200,000 computers globally. Ransomware prevents a computer from working until the owner of the computer pays a “ransom” to the hackers, potentially yielding extreme profits when used successfully against large institutions that require the computers to function. In this case, the hackers only managed to net about $50,000 as the ransomware did not demand large amounts of money from each computer.
“As laid out in today’s indictment, North Korea’s operatives, using keyboards rather than guns, stealing digital wallets of cryptocurrency instead of sacks of cash, are the world’s leading bank robbers,” Assistant Attorney General John C. Demers of the Justice Department’s National Security Division said in a statement. “The Department will continue to confront malicious nation state cyber activity with our unique tools and work with our fellow agencies and the family of norms abiding nations to do the same.”
Acting U.S. Attorney Tracy L. Wilkison for the Central District of California described the list of crimes attributed to the suspects as “staggering.”
“The individuals indicted today committed a truly unprecedented range of financial and cyber-crimes,” U.S. Secret Service Assistant Director Michael R. D’Ambrosio added, “from ransomware attacks and phishing campaigns, to digital bank heists and sophisticated money laundering operations.”
The three men face a maximum of 35 years in prison.
The U.S. State Department, responding in part to interest in the news of the latest indictment, indicated that its cybercriminals activity will form part of the assessment in how to move forward with bilateral ties under the Biden administration. North Korea and the United States are technically at war with each other — neither side in the Korean War ever signed a peace treaty so the war, which began in 1950, is still ongoing — and North Korea continues to consider America its greatest enemy. Under the administration of President Donald Trump, Kim met with an American head of state twice, the first time a North Korean leader had ever done so. The high-level talks, coupled with the strongest sanctions ever placed on Pyongyang, appear to have limited the country’s nuclear weapons testing activity.
“Of course, most frequently we speak of North Korea’s nuclear and ballistic missile program, but, of course, its malicious cyber activity is something we are carefully evaluating and looking at as well,” State Department spokesperson Ned Price said on Wednesday. “I would say that in general North Korea’s malicious cyber activities threaten the United States. They threaten our allies and partners and other countries around the world.”
Price also expressed concern not just for cyberthefts, but for the potential of cyber espionage, which could yield intelligence that North Korea could sell for a profit to rogue states like China and Iran.
A United Nations report revealed by Reuters in early February estimated that North Korea made $300 million through cybercrime in 2020, much of it was used to fund its illegal nuclear weapons program.