X

Justice Department charges North Korean over WannaCry, Sony hack

The man has allegedly been behind massive cyberattacks for the last four years.

Alfred Ng Senior Reporter / CNET News
Alfred Ng was a senior reporter for CNET News. He was raised in Brooklyn and previously worked on the New York Daily News's social media and breaking news teams.
Alfred Ng
4 min read
BIllboard showing an ad for The Interview, starring Seth Rogen and James Franco.

Justice Department officials said Jin Hyok Park is behind WannaCry and the 2014 Sony hack.

Christopher Polk / Getty Images

The Justice Department has charged a North Korean computer programmer in major cybercrimes over the last four years, including the WannaCry ransomware attack and the Sony Pictures hack.

The DOJ said Thursday that it's charged Jin Hyok Park, a North Korean computer programmer, with one count of conspiracy to commit computer fraud and abuse and one count of conspiracy to commit wire fraud. The charges are related to a massive attack against Sony in 2014, the $81 million Bangladesh Bank heist in 2016 and the WannaCry ransomware attack in 2017 that ensnared thousands of computers in hospitals, universities and banks worldwide.

The Sony attack was tied to the film The Interview, starring Seth Rogen and James Franco, a comedy that depicted an assassination attempt against North Korean leader Kim Jong-Un.

In retaliation, North Koreans pulled off one of the most damaging hacks on a US company, leaking thousands of emails between Sony executives, including personal information about employees and celebrities. The attack also crippled the company's computer infrastructure.

The WannaCry attack locked up more than 300,000 computers in 150 countries, demanding that victims pay the ransom or risk losing access to their devices forever.

Park is not the only person accused in these attacks, but he is the only person named in the criminal complaint. DOJ officials said that Park didn't act alone and that the investigation is still ongoing. 

Park was working on behalf of the North Korean government, the investigators said.

"This is one of the most complex and longest cyber investigations that the department has conducted," John Demers, assistant attorney general for national security, said Thursday.

Watch this: US officials charge North Korean over major hacks like WannaCry and Sony

The charges are the first US case against a North Korean, as the nation continues to build up its cyberattack capabilities. Over the years, North Korea has created a powerful hacker army called the Lazarus Group

Dmitri Alperovitch, co-founder of cybersecurity company Crowdstrike, called North Korea one of the "most aggressive nation-state actors in cyberspace."

park-north-korea-chart

The criminal complaint includes charts of Park's alleged web of email addresses used in cyberattacks.

Department of Justice

The US is often a major target of nation-state hackers, and the Justice Department has also investigated and charged alleged hackers from Russia, China and Iran.

According to the criminal complaint against Park, he was working in Dalian, China, for a front company called Korea Expo Joint Ventures, which was controlled by North Korea and designed to make money for the nation's hacking organization.

Shortly before the hack against Sony, Park returned to North Korea and began launching attacks against the company, according to the complaint. Using a network of alias and email addresses, Park flooded inboxes at Sony Pictures, AMC Theaters and Mammoth Screen in an attempt to intrude on their networks.

According to the Justice Department, he used those same email addresses to pull off the $81 million heist from Bangladesh Bank. He also used those aliases to attack Lockheed Martin, a military contractor that works with both the US and South Korean governments.

Watch this: DHS secretary says US must fight back on hacking attacks

Justice officials also found that Park allegedly used the same malware for attacks on both the Bangladesh Bank and Sony.

"This group's actions are particularly egregious as they targeted public and private industries worldwide – stealing millions of dollars, threatening to suppress free speech, and crippling hospital systems," FBI director Christopher Wray said in a statement.

Along with other North Korean hackers, Park allegedly helped create the WannaCry ransomware, as well as two more versions of it that continued to spread, according to documents. Investigators found evidence in email exchanges linking the ransomware to Park and other North Korean hackers.

All three versions of WannaCry have similar coding, indicating that they had the same creator, according to the criminal complaint.

While it's highly unlikely that a North Korean would be extradited to the US, the Justice Department has used its "Name and Shame" strategy for multiple nation-state hackers. 

"Their attacks have costed organizations all over the world tens of millions of dollars in damage," Alperovitch said. "One of the most important steps taken towards achieving effective cyber deterrence is the attribution of these attacks and holding the perpetrators accountable, as we witnessed today by the announcement of the US Department of Justice."

If found guilty, Park would face up to 25 years in prison. For Rep. Adam Schiff, a Democrat from California, the significance isn't about prosecuting and convicting Park. By calling out North Korea and Park with the indictment, US officials are holding nation-state hackers accountable for its attacks, Schiff said in an interview. 

"It's less about the prospect that we're really going to get them to show up in court and face the music. It's more about letting these countries know that we have very good capabilities to ferret out who's doing what against us," he said.

The Treasury Department has launched a series of sanctions against Park and against the Korea Expo Joint Venture, the company he claimed to work for.

"We will not allow North Korea to undermine global cybersecurity to advance its interests and generate illicit revenues in violation of our sanctions," Treasury Secretary Steven Mnuchin said.

Sen. Mark Warner, a Democrat from Virginia, said that Thursday's indictment is an "important step in making clear to our adversaries that these kinds of criminal activities are unacceptable."

Steve Rodhouse, director general of the UK's National Crime Agency, said the WannaCry attack "highlighted that cybercrime affects not just the country's prosperity and security, but also affects our everyday way of life."
CNET's Ian Sherr contributed reporting to this story.

First published Sept. 6, 8:14 a.m. PT.
Updated at 10 a.m. PT: To include details from the Justice Department's indictment, at 10:11 a.m. PT: with details from the Treasury Department, at 10:20 a.m. PT: with remarks from the FBI, at 1:08 p.m. PT: with comments from Rep. Schiff.

Gotcha: How Microsoft spotted another Russian hacking attempt

You, too: US targets 10 Iranians over university cyberattacks, HBO hack