DOJ charges North Korean programmers over hacking scheme to steal $1.3B

Yolanda Curtis
February 18, 2021

John Demers, the assistant attorney general at the Department of Justice's National Security Division, described the North Korean operatives as "the world's leading bank robbers": North Korea's operatives, using keyboards rather than guns, stealing digital wallets of cryptocurrency instead of sacks of cash, are the world's leading bank robbers.

According to the indictment filed in December, the defendants work for the Reconnaissance General Bureau, North Korea's military intelligence agency. The agency houses hacking units known by various names, including Lazarus Group and Advanced Persistent Threat 38 (APT38). North Korea has previously denied being involved in hacking operations.

The 33-page indictment unsealed Wednesday charges Park, Jon Chang Hyok and Kim Il with criminal conspiracy, conspiracy to commit wire fraud and bank fraud.

They allegedly stole money while working for North Korea's military intelligence service.

In one 2016 heist alone - at the Bangladesh Bank - the hackers are alleged to have made off with $81 million. The money will be returned to the bank, officials said.

A Mississauga man is set to plead guilty to a federal charge which USA investigators say is tied to a major global effort by three North Korean cyber spies to steal from major banks retaliate against foreign media companies who ridicule the regime and help Kim Jong-Un evade sanctions.

The indictment describes a broad array of criminal cyber activities undertaken by the conspiracy, in the United States and overseas, conducted for revenge or financial gain.

But today's indictments expanded the range of crimes attributed to Park and his alleged co-conspirators, including cryptocurrency thefts, phony cryptocurrency investment schemes and apps, and efforts to launder the proceeds of their crimes.

The Bangladesh Bank attack, which saw hackers use the Swift messaging system to convince the Federal Reserve Bank of NY to transfer $81 million from the victim's account to accounts they controlled in the Philippines.

Overall, North Korea has generated an estimated $2 billion using "widespread and increasingly sophisticated" digital intrusions at banks and cryptocurrency exchanges, according to a United Nations report in 2019 by independent experts monitoring worldwide sanctions on Pyongyang.

The three, who are not in custody, are also accused of deploying malicious cryptocurrency programs. Demers said the Justice Department seized and plans to return $2 million of that back to an unnamed New York-based financial services company.

The indictment says the computer breaches often began with spear-phishing emails that contained malware that allowed them to access their victims' computer systems.

In the course of the trio's alleged thefts from major global banks, US authorities say a man they identified as Ghaleb Alaumary of Mississauga helped the North Koreans launder their proceeds.

The $1.3 billion allegedly targeted would represent nearly half the total amount of North Korea's civilian merchandise imports - mainly from China - in 2019, the most recent year for which estimates are available, said Nicholas Eberstadt, an economist at the American Enterprise Institute. "These indictments indicate the scale of the fraud Pyongyang engages in to support its other activities, including nuclear weapons and ballistic missile development", he said.

Officials said on Wednesday that Ghaleb Alaumary, a Canadian-American citizen, has separately pleaded guilty to laundering some of the alleged hackers' money.

Other reports by iNewsToday