Charges announced against North Korean programmer for Sony hack
The Justice Department announced cyber hacking charges against a North Korean national linked to the computer hacking of Sony in 2014, the WannaCry ransomware attack, and other significant cyber intrusions in a criminal complaint unsealed Thursday.
North Korea has been linked to some of the most high-profile cyberattacks in recent years, and its hack on Sony Pictures Entertainment lead the Obama administration to impose economic sanctions against the country’s government agencies and senior officials.
Thursday’s announcement marks the first time US prosecutors have brought criminal charges against an official associated with the Sony breach and other attacks, with the DOJ targeting North Korean computer programmer Park Jin Hyok.
A Justice Department official said there has been no communication with the North Korean government about Park or any efforts to capture him.
The 172-page complaint, which includes one count of conspiracy to commit computer fraud and one count of conspiracy to commit wire fraud, was filed in Los Angeles federal court on June 8, but Justice officials declined to say why it was unsealed Thursday. The officials did say, however, that the investigation is ongoing and while Park is the only individual charged at this time, the complaint makes clear that he worked with others.
“Today’s announcement demonstrates the FBI’s unceasing commitment to unmasking and stopping the malicious actors and countries behind the world’s cyberattacks,” said FBI Director Christopher Wray in a statement. “We stand with our partners to name the North Korean government as the force behind this destructive global cyber campaign.”
The allegations in the complaint describe a “wide-ranging, multi-year conspiracy (that) targeted computers belonging to entertainment companies, financial institutions, defense contractors, and others for the purpose of causing damage, extracting information, and stealing money.”
The Treasury Department also announced Thursday that it is sanctioning Park, “for having engaged in significant activities undermining cybersecurity through the use of computer networks or systems against targets outside of North Korea” on behalf of the government.
“We will not allow North Korea to undermine global cybersecurity to advance its interests and generate illicit revenues in violation of our sanctions,” Treasury Secretary Steven Mnuchin said in a statement. “The United States is committed to holding the regime accountable for its cyber-attacks and other crimes and destabilizing activities.”
Treasury said it was also sanctioning the entity Park worked for, Chosun Expo Joint Venture, also known as Korea Expo Joint Venture or KEJV, and said it was controlled by the government of North Korea.
The Justice and Treasury departments also linked Park to the February 2016 cyber-enabled fraudulent transfer of $81 million from Bangladesh Bank and the ransomware used in the May 2017 “WannaCry 2.0” cyber-attack, which encrypted data on Microsoft computers across the world and demanded ransom payments in Bitcoin cryptocurrency.
The Treasury announcement said that Park and his co-conspirators operated from “North Korea, China, and elsewhere to perpetrate these malicious activities.” Asked if any of Park’s attacks were launched from China by North Korea, a Justice Department official said, “there’s nothing in the complaint alleged on that.”
The November 2014 cyber hack of Sony — an attempt to block the release of the provocative comedy, “The Interview,” which involved an assassination plot of North Korean leader Kim Jung Un — created an international crisis, filled with extortion attempts, threats to moviegoers and embarrassing leaks of executives’ emails that included gossip about the lives of Hollywood celebrities and ultimately, the resignation of Sony Chairwoman Amy Pascal.
“We can’t forget this was the cyber equivalent of a hostile foreign government dropping a bomb on the Sony Pictures lot in the middle of the night,” said Josh Campbell CNN analyst and former FBI Supervisory Special Agent who assisted with the Sony investigation. “Not only did the North Koreans burn down the Sony network, inflicting millions of dollars in damage, the attack was then followed by a campaign to instill fear among the American public.”
Lawmakers applauded the move.
“Good,” said Sen. Ben Sasse, a Nebraska Republican who sits on the Senate Judiciary Committee. “It’s been four years since North Korea’s petty little despot hacked Sony Pictures because he didn’t like a movie that a free and open society produced. It’s been a year and half since he launched a ransomware attack that hit hundreds of thousands of computers across the globe. Kim showed the world both how small he was and how capable his cyber soldiers can be. Cyber war gives outsized opportunities to North Korea and it’s important to push back.”
“This indictment is the result of years of hard work by the FBI and the Department of Justice, and it is an important step in making clear to our adversaries that these kinds of criminal activities are unacceptable. It also points to the need for a clearly thought-out and articulated strategy for deterring and punishing state-sponsored cyberattacks,” said Sen. Mark Warner, the Senate Intelligence Committee’s top Democrat.
The North Korean government has repeatedly denied responsibility for the hack but called it “a righteous deed.”
Thursday’s charges come on the same day that President Donald Trump praised the North Korean leader.
“Kim Jong Un of North Korea proclaims ‘unwavering faith in President Trump.’ Thank you to Chairman Kim. We will get it done together!” Trump tweeted Thursday morning.