U.S. charges three North Koreans in $1.3 billion hacking spree

By Sarah N. Lynch, Raphael Satter and Mark Hosenball

WASHINGTON (Reuters) – The United States has charged three North Korean computer programmers with a massive hacking spree aimed at stealing more than $1.3 billion in money and cryptocurrency, affecting companies from banks to Hollywood movie studios, the Department of Justice said on Wednesday.

The indictment alleges that Jon Chang Hyok, 31, Kim Il, 27, and Park Jin Hyok, 36, stole money while working for North Korea’s military intelligence services. Park had previously been charged in a complaint unsealed in 2018.

The Justice Department said the hackers were responsible for a wide range of criminal activity and high-profile intrusions, including a retaliatory 2014 attack on Sony Pictures Entertainment for producing “The Interview” movie, which depicted the assassination of North Korea’s leader.

The group is alleged to have targeted staff of AMC Theaters and broken into computers belonging to Mammoth Screen, a U.K. film company that was working on a drama series about North Korea.

The Justice Department also alleged that the trio participated in the creation of the destructive WannaCry 2.0 ransomware – which hit Britain’s National Health Service hard when it was set loose in 2017.

The indictment pins the blame on the hackers for breaking into banks across South and Southeast Asia, Mexico, and Africa by penetrating the financial institutions’ networks and abusing the SWIFT protocol to steal money. They’re also alleged to have deployed malicious applications from March 2018 through September 2020 to target cryptocurrency users.

The overall amount of money stolen by the hackers is not clear because in some cases the thefts were either halted or reversed. But the figures are significant. In one 2016 heist alone – at the Bangladesh Bank – the hackers are alleged to have made off with $81 million.

“North Korea’s operatives, using keyboards rather than guns, stealing digital wallets of cryptocurrency instead of sacks of cash, are the world’s leading 21st century nation-state bank robbers,” U.S. Assistant Attorney General John Demers told a news briefing.

Kristi Johnson, the FBI assistant director in charge for the Los Angeles Field Office, told reporters that the three alleged hackers were believed to be in North Korea. Officials alleged they had been stationed at times in various other countries, including China and Russia.

The North Korean mission to the United Nations in New York did not immediately respond to requests for comment and contact details for the trio could not immediately be found. The Chinese and Russian embassies in Washington also did not immediately reply to requests for comment.

Overall, North Korea has generated an estimated $2 billion using “widespread and increasingly sophisticated” digital intrusions at banks and cryptocurrency exchanges, according to a U.N. report in 2019 by independent experts monitoring international sanctions on Pyongyang.

“According to one member state, the DPRK total theft of virtual assets, from 2019 to November 2020” was approximately $316.4 million, the report said.

Officials said on Wednesday that Ghaleb Alaumary, a Canadian-American citizen, has separately pleaded guilty to laundering some of the alleged hackers’ money. Requests for comment sent to Alaumary’s lawyers were not immediately returned.

Alaumary is slated to be sentenced in June in a federal court in Georgia.

(Reporting by Sarah N. Lynch, Raphael Satter and Mark Hosenball; Editing by Alistair Bell)

Global Banks fearing North Korea hacking, prepare defenses

Binary code is seen on a screen against a North Korean flag in this illustration photo November 1, 2017.

By Jim Finkle and Alastair Sharp

WASHINGTON/TORONTO (Reuters) – Global banks are preparing to defend themselves against North Korea potentially intensifying a years-long hacking spree by seeking to cripple financial networks as Pyongyang weighs the threat of U.S. military action over its nuclear program, cyber security experts said.

North Korean hackers have stolen hundreds of millions of dollars from banks during the past three years, including a heist in 2016 at Bangladesh Bank that yielded $81 million, according to Dmitri Alperovitch, chief technology officer at cyber security firm CrowdStrike.

Alperovitch told the Reuters Cyber Security Summit on Tuesday that banks were concerned Pyongyang’s hackers may become more destructive by using the same type of “wiper” viruses they deployed across South Korea and at Sony Corp’s <6758.T> Hollywood studio.

The North Korean government has repeatedly denied accusations by security researchers and the U.S. government that it has carried out cyber attacks.

North Korean hackers could leverage knowledge about financial networks gathered during cyber heists to disrupt bank operations, according to Alperovitch, who said his firm has conducted “war game” exercises for several banks.

“The difference between theft and destruction is often a few keystrokes,” Alperovitch said.

Security teams at major U.S. banks have shared information on the North Korean cyber threat in recent months, said a second cyber security expert familiar with those talks.

“We know they attacked South Korean banks,” said the source, who added that fears have grown that banks in the United States will be targeted next.

Tensions between Washington and Pyongyang have been building after a series of nuclear and missile tests by North Korea and bellicose verbal exchanges between U.S. President Donald Trump and North Korean leader Kim Jong Un.

John Carlin, a former U.S. assistant attorney general, told the Reuters summit that other firms, among them defense contractors, retailers and social media companies, were also concerned.

“They are thinking ‘Are we going to see an escalation in attacks from North Korea?'” said Carlin, chair of Morrison & Foerster international law firm’s global risk and crisis management team.

Jim Lewis, a cyber expert with Washington’s Center for Strategic and International Studies, said it is unlikely that North Korea would launch destructive attacks on American banks because of concerns about U.S. retaliation.

Representatives of the U.S. Federal Reserve and the Office of the Comptroller of the Currency, the top U.S. banking regulators, declined to comment. Both have ramped up cyber security oversight in recent years.

 

 

(Reporting by Jim Finkle in Washington and Alastair Sharp in Toronto; additional reporting by Dustin Volz in Washington; editing by Grant McCool)