US charges regime-linked North Korean in WannaCry, Sony hacks
WASHINGTON, USA – The US charged a North Korean programmer Thursday, September 6, US time, with some of the most dramatic global hacking cases of recent years, alleging they were carried out on behalf of the regime in Pyongyang.
The sabotage included the WannaCry 2.0 virus, the 2014 Sony Pictures attack and the 2016 cyber-heist of Bangladesh's central bank.
The US Justice and Treasury Departments said Park Jin Hyok was part of a unit known as the "Lazarus Group" that masterminded the notorious hacks "on behalf of the government of North Korea or the Workers' Party of Korea."
The heavily detailed, 176-page indictment also tied the group to other spear-phishing campaigns, malware attacks, and the attempted theft of documents and money from banks in Southeast Asia and Africa.
The attacks, the indictment said, were conducted from North Korea, China and other countries.
"This complaint exposes a vast and audacious scheme by the North Korean government to utilize computer intrusions as a means to support the varied goals of their regime," said Paul Delacourt, of the Federal Bureau of Investigation's Los Angeles office, which led the probe.
The Justice Department charged Park with one count of conspiracy to commit computer fraud, and another count of conspiracy to commit wire fraud.
The computer fraud charge carries a maximum of five years in prison, while the wire fraud would spell up to 20 years.
Military intelligence link
The Treasury announced financial sanctions on Park and a government-controlled company he worked at for more than a decade, Chosun Expo Joint Venture, also known as Korea Expo Joint Venture.
The company is tied to a North Korean military intelligence unit called Lab 110, the Justice Department said.
"North Korea has demonstrated a pattern of disruptive and harmful cyber activity that is inconsistent with the growing consensus on what constitutes responsible state behavior in cyberspace," the Treasury said in a statement.
"Our policy is to hold North Korea accountable and demonstrate to the regime that there is a cost to its provocative and irresponsible actions."
The move came as Washington seeks to get traction in negotiations with Pyongyang over halting its nuclear weapons program.
After an impasse of several weeks, earlier Thursday President Donald Trump indicated in a tweet that talks were moving forward.
"Kim Jong Un of North Korea proclaims 'unwavering faith in President Trump.' Thank you to Chairman Kim. We will get it done together!" Trump exclaimed.
The charges and sanctions singled out Park in some of the most notorious and damaging hacks in recent years, which had already been unofficially pinned on North Korea.
The cyber-theft of a huge number of files from Sony Pictures Entertainment in 2014 saw the company lose control of private communications between top executives, personal data of thousands of employees and customers, and scripts and information on upcoming films.
Leaked emails from the hack showed company chiefs giving unvarnished opinions on some of Hollywood's top stars and resulted in the departure of at least one official.
The North Koreans undertook the Sony hack, US officials say, in retaliation for the Sony comedy film The Interview, about a scheme to assassinate the North Korean leader. (READ: US calls movie studio hack a national security breach)
The hack of the central bank of Bangladesh in February 2016 saw at least $81 million stolen and transferred between a number of accounts in the Philippines and elsewhere, rendering most of it unrecoverable.
WannaCry 2.0 was "ransomware" – a form of malicious software – which spread virulently around the world in May 2017, infecting some 300,000 computers in 150 countries. (READ: What we've learned from the WannaCry ransomware attacks)
It encrypted user files and offered to free them in exchange for hundreds of dollars each.
The attack most notably locked up the systems of Britain's National Health Service, causing significant damage.
Last December the North Korean government called allegations that it was behind the ransomware "absurd" and a "grave political provocation."
The Justice Department said it had linked Park and others to the schemes by tracing email and social media accounts – Rappler.com