US charges North Korean operative in conspiracy to hack Sony Pictures, banks

Posted by On 12:17 PM

US charges North Korean operative in conspiracy to hack Sony Pictures, banks

Sony Pictures canceled release of “The Interview,” a satire depicting the assassination of North Korean leader Kim Jong-Un, in 2014. (Damian Dovarganes/AP) September 6 at 2:36 PM

The Justice Department announced charges Thursday against an alleged hacker for the North Korean government in connection with a series of major cyberattacks including the 2014 assault on Sony Pictures Entertainment, marking the first time the United States has brought such charges against a Pyongyang operative.

Park Jin Hyok, officials said, is accused of being part of a conspiracy to hack on behalf of North Korea’s Reconnaissance General Bureau (RGB), the military intelligence agency that controls most of the country’s cyber capabilities.

[Read the criminal complaint]

He and other unidentified operatives are accused of being members of the Lazarus Group, which also has been implicated in the audacious attempt to steal $1 billion from the Bangladesh Bank in 2016, and to the WannaCry 2.0 virus that affected more than 230,000 computers in 150 countries last year.

The charges against Park, detailed in a 179-page complaint, come as President Trump seeks North Korea’s commitment to fully abandon its nuclear weapons program. They were filed in June, but not unsealed until now.

Pyongyang has denied allegations of hacking.

“The scale and scope of the cyber-crimes alleged by the complaint is staggering and offensive to all who respect the rule of law and the cyber norms accepted by responsible nations,” said Assistant Attorney General John Demers.

The Treasury Department on Thursday also imposed sanctions against Park and the Chosun Expo Joint Venture, a state-owned firm that employed him in Dalian, China. Officials said Park and others operated not only in North Korea but also in China and unnamed other countries. The sanctions allow the United States to seize any of their assets in the United States and prohibit Americans from any taking part in any transactions with them.

“We will not allow North Korea to undermine global cybersecurity to advance its interests and generate illicit revenues in violation of our sanctions,” said Treasury Secretary Steven Mnuchin. “The United States is committed to holding the regime accountable for its cyberattacks and other crimes and destabilizing activities.”

North Korea was the last of the United States’ four major foreign cyber-adversaries to have hacking-related charges brought against government operatives. The charges against Park were filed in June.

Under the Obama administration, indictments were issued in 2014 against five Chinese milit ary officers for alleged cyber-enabled economic espionage, and in 2016 against seven Iranian hackers for allegedly disrupting bank websites and attempting to disrupt a small New York dam. Last year, the Justice Department indicted two Russian spies and two criminal hackers in connection with the theft of 500 million Yahoo user accounts in 2014.

North Korea, though reclusive and impoverished, has been highly aggressive in cyberspace and was among the first to deploy disruptive attacks on a large scale â€" primarily against its arch foe South Korea.

“North Korea’s cyber forces are among the most disruptive in the world today,” said Dmitri Alperovitch, co-founder of CrowdStrike, a cyber threat intelligence firm. “Their tradecraft continues to grow in sophistication, and their crimes have harmed the global financial system and nearly every sector of the world economy.’’

Park, 34, is a computer programmer educated at a North Korean university who since at least 2002 conducted cyber operations through Chosun Expo on behalf of Lab 110, or Bureau 110, one of the government’s hacking organizations, the complaint states. He worked Dalian, near the North Korea border, between 2011 and 2013, returning to North Korea by 2014, before the cyber attack on Sony, officials said.

In the attack on Sony, hackers linked to North Korea wiped data from thousands of computers, stole confidential emails whose contents forced the resignation of a top executive, and most alarming of all, pressured the Hollywood studio to pull a satirical film planned for release depicting the assassination of North Korean leader Kim Jong Un. The campaign, carried out as a “false flag” operation by a group calling itself Guardians of the Peace, was allegedly launched in retaliation for the studio’s production of the film, the Interview.

President Barack Obama, angered by what he saw as an assault on freedom of expression, directed that sanctions be im posed on Pyongyang, including on the RGB.

North Korea targeted the studio that made the movie, AMC theaters for planning to show the movie, and a British production company that was planning to produce another feature about North Korea, according to the complaint.

“These were not just attacks against computers,” said Tracy Wilkison, a senior federal prosecutor in Los Angeles where the charges were filed. “These were attacks against freedom of speech.”

In 2016, world banking officials were shocked to discover hackers had siphoned $81 million from accounts at Bangladesh Bank. FBI officials say the hack was the largest cyber heist in history, and investigators have said that attack was particularly egregious in that one government attempted to steal $1 billion from another government â€" and nearly succeeded.

Lazarus Group hackers, officials say, broke into the bank’s computers and manipulated its access to a global electronic messaging system know n as SWIFT, which banks use to send and receive money transfers.

Using the SWIFT network, hackers tricked the Federal Reserve Bank of New York into sending about $81 million to bank accounts in the Philippines and Sri Lanka. Most of that money was sent to casinos in Manila and never recovered.

Last year, officials say, RGB-sponsored hackers deployed WannaCry 2.0, a computer virus paired with ransomware that encrypted data on victims’ computers and demanded money to restore access. It significantly affected service at Britain’s National Health Service. U.S. and British intelligence agencies linked North Korea to the worm. Researchers say that the virus was accidentally let loose before it was ready, as an operational error made the ransom payments easy to track â€" including by law enforcement.

Carol Morello contributed to this report.

Source: Google News North Korea | Netizen 24 North Korea

« Prev Post
Next Post »