Story and photo by The Associated Press
Authorities charged a computer programmer working for the North Korean government with devastating cyber attacks that hacked Sony Pictures Entertainment and unleashed the WannaCry ransomware virus that infected computers in 150 countries and crippled parts of the British health care system, federal prosecutors said in September 2018.
Park Jin Hyok, who is believed to be in North Korea, conspired to conduct a series of attacks that also stole U.S. $81 million from a bank in Bangladesh, according to charges unsealed in Los Angeles federal court following years of investigation. The U.S. believes he was working for a North Korean-sponsored hacking organization.
The U.S. government previously said North Korea was responsible for the 2014 Sony hack that led to the release of a trove of sensitive personal information about employees, including Social Security numbers, financial records, salary information, as well as embarrassing emails among top executives. The hack included four yet-to-be released Sony films, among them Annie and one that was in theaters, the Brad Pitt film Fury, and cost the company tens of millions of dollars.
The FBI had long suspected North Korea was also behind last year’s WannaCry cyber attack, which used malware to scramble data on hundreds of thousands of computers at hospitals, factories, government agencies, banks and other businesses across the globe.
“The criminal conduct outlined in this case is intolerable,” said Tracy Wilkison, the first assistant U.S. attorney in Los Angeles. “The North Korean-backed conspiracy attempted to crush freedom of speech in the U.S. and the U.K. It robbed banks around the world, and it created indiscriminate malware that paralyzed computers and disrupted the delivery of medical care.”
Prosecutors filed the charges under seal June 8, 2018, four days before U.S. President Donald Trump’s historic meeting with North Korea’s leader, Kim Jong Un, to discuss ending decades of hostility between the countries. Prosecutors said the complaint was sealed for a variety of reasons and wasn’t done to prevent derailing the Singapore talks.
“This has nothing to do with the summit and nothing to do with denuclearization,” Wilkison said.
U.S. officials believe the Sony hack was retribution for The Interview, a comedy starring Seth Rogen and James Franco in a plot to assassinate Kim. Sony canceled the theatrical release of the film amid threats to moviegoers. The company released it online through YouTube and other sites.
The hackers used the same aliases and accounts from the Sony attack when they sent spear-phishing emails to several U.S. defense contractors, including Lockheed Martin, and others in South Korea, officials said.
The criminal complaint says the hackers committed several attacks from 2014 into 2018, attempting to steal more than U.S. $1 billion from banks around the world. The investigation is continuing.
The hackers also targeted technology and virtual currency industries, as well as academia and electric utilities, authorities said.
“This case warrants attention whether you are an individual, a small business or a major corporation,” FBI Special Agent Jennifer Boone said. “Terms you’ll see in the complaint, such as watering holes and back doors, don’t sound menacing, but in reality, they describe malicious cyber techniques that wreak havoc on our computer systems and our lives.”
Cyber security experts have said portions of the WannaCry program used the same code as malware previously distributed by the hacker collective known as the Lazarus Group, which is believed to be responsible for the Sony hack.
The complaint said Park was on a team of programmers employed by an organization called Chosun Expo that operated out of Dalian, China, and that the FBI described as “a government front company.”
A North Korea-registered website bearing that company’s name described it as the country’s “first internet company,” established in 2002.
A 2015 version of the Chosun Expo website said it focused on gaming, gambling, e-payments and image recognition software. It looked in many ways like a typical tech company, boasting of its pioneering information technology talent and customer satisfaction. By July 2016, internet archival records show, the company dropped the reference to North Korea from its home page. The site later vanished from the web.
It is the first time the U.S. Justice Department has brought criminal charges against a hacker said to be from North Korea. In recent years, the department has charged hackers from China, Iran and Russia in hopes of publicly shaming other countries for sponsoring cyber attacks on U.S. corporations.
In 2014, for instance, the Obama administration charged five Chinese military hackers with a series of digital break-ins at American companies. Similar arrests have continued under President Trump. The U.S. in December 2018 unsealed indictments against accused Chinese hackers Zhu Hua and Shang Shilong, who were charged with conspiracy to commit computer intrusions, conspiracy to commit wire fraud and aggravated identity theft. The men were part of a hacking group known as Advanced Persistent Threat 10.
Just two months earlier, Chinese intelligence officers and hackers working for them were charged with commercial espionage that included trying to steal information on commercial jet engines. The indictments named two officers working for the Nanjing-based foreign intelligence arm of China’s Ministry of State Security and six other defendants who allegedly conspired to steal turbofan engine technology.
Iran also was implicated. In March 2018, the U.S. announced criminal indictments against an Iranian hacker network that targeted the intellectual property of hundreds of U.S. and foreign universities, as well as dozens of U.S. companies and government agencies.
As for the Sony hack, the Treasury Department added Park Jin Hyok’s name to its sanction list, which prohibits banks that do business in the U.S. from providing accounts to him or Chosun Expo. Park, whose age is not known, is charged with two counts alleging conspiracies to commit computer and wire fraud — crimes that could carry a prison term up to 25 years.