The Justice Department on Thursday announced charges against the North Korean operative responsible for the breach of Sony Pictures four years ago.
The charged individual has been identified as Park Jin Hyok (also known as Pak Jin-hyok), a computer programmer who works for the North Korean government, the Associated Press reported Thursday afternoon.
Park is the target of the charges for the 2014 Sony Pictures hacking, in addition to the 2016 cyberattack that stole $81 million from Central Bank in Bangladesh, the 2017 WannaCry ransom attack, and numerous other cyber crimes.
North Korean Regime-Backed Programmer Charged With Conspiracy to Conduct Multiple Cyber Attacks and Intrusions https://t.co/qtVEfSloFO
— Justice Department (@TheJusticeDept) September 6, 2018
According to DoJ documents obtained by The New York Times, Park faces charges including one count of computer fraud and one count of wire fraud for activities conducted between 2014 and 2017. The counts carry a maximum prison sentence of five years and 20 years, respectively.
The DoJ statement released Thursday lists Park’s charges “for his involvement in a conspiracy to conduct multiple destructive cyberattacks around the world resulting in damage to massive amounts of computer hardware, and the extensive loss of data, money and other resources.”
Park was revealed to be a member of the “Lazarus Group,” a government-backed hacking organization, where he carried out “malicious activities includ[ing] the creation of the malware used in the 2017 WannaCry 2.0 global ransomware attack; the 2016 theft of $81 million from Bangladesh Bank; the 2014 attack on Sony Pictures Entertainment (SPE); and numerous other attacks or intrusions on the entertainment, financial services, defense, technology, and virtual currency industries, academia, and electric utilities.”
U.S. intel officials have linked Pak Jin-hyok, an employee at North Korea’s Reconnaissance General Bureau, to the 2014 cyberattack on Sony Pictures. The same agency is believed to be behind the 2017 WannaCry ransomware attack in Britain.https://t.co/RWJwMlj3QI
— Emily Weinstein 爱弥 (@emily_sw1) September 6, 2018
Assistant Attorney General John Demers said the DoJ’s investigation has been “one of the most complex cybercriminal investigations” carried out by the department.
Park was suspected of being one of the North Korean cyber army’s 7,000 members, which has launched into “one of the world’s most sophisticated hacking operations,” according to a Wall Street Journal report on Thursday.
“The charges were announced by Attorney General Jeff Sessions, FBI Director Christopher A. Wray, Assistant Attorney General for National Security John C. Demers, First Assistant United States Attorney for the Central District of California Tracy Wilkison and Assistant Director in Charge Paul D. Delacourt of the FBI’s Los Angeles Field Office,” the statement added.
U.S. charges North Korea man with series of cyber attacks, including a 2014 attack on Sony. Park Jin Kyok also accused of targetting Bangladesh Central Bank in 2016, launching global ‘Wannacry 2.0’ ransomware attack in 2017. Background: https://t.co/87kOvB6biI
— CBC News Alerts (@CBCAlerts) September 6, 2018
“We will not allow North Korea to undermine global cybersecurity to advance its interests and generate illicit revenues in violation of our sanctions,” said Treasury Secretary Steven Mnuchin. “The United States is committed to holding the regime accountable for its cyber-attacks and other crimes and destabilizing activities.”
This is the first time the Justice Department has filed charges against North Korea. It has previously charged hackers from China, Iran, and Russia, but none of them were extradited for prosecution.
Officials say the goal of announcing charges is to use public exposure as a means of deterring future hacking efforts. They have noted, however, that there is little action that can be taken to deter North Korea’s hacking efforts, given the heavy sanctions already imposed on them by the U.S.
The hacking was said to be North Korea’s response to a Sony Pictures movie, “The Interview,” which depicted a humorous plot to assassinate dictator Kim Jong Un. The movie was pulled from theaters after the hacking revealed studio executives’ embarrassing emails.
North Korea has long been suspected of and blamed for carrying out the Sony cyberattack.
Former President Barack Obama was said to be disturbed by how North Korea influenced free speech in the U.S. and had caused the movie to be pulled from theaters.
“We cannot have a society in which some dictator some place can start imposing censorship here in the United States,” President Obama said at the time.
North Korea was also said to be responsible for the WannaCry cyberattack that hit more than 300,000 computers in at least 150 countries last May. The ransomware locked digital files, and held them until Bitcoin payments were secured for their release. Banks, hospitals and many other companies in key industries were also said to affected by the attack.
North Korea has denied responsibility for both cyberattacks, though cyber researchers say they have found evidence that links them to the attacks. The country’s spy agency, Reconnaissance General Bureau (RGB), maintains a cell called Unit 180 reportedly aimed at hacking for monetary gain, Newsweek reported.
Former North Korean computer science professor Kim Heung-kwang said, “Unit 180 is engaged in hacking financial institutions (by) breaching and withdrawing money out of bank accounts.”
Kim added that his own students have joined North Korea’s cyber army. He noted that North Korean hackers perform their breaches overseas to avoid traces back to North Korea, while using improved internet services.
James Lewis, an expert on North Korea cyber activities and member of the Center of Strategic and International Studies, said North Korea has evolved its hacking practices from espionage to political harassment, and now for financial gain.
“They changed after Sony by using hacking to support criminal activities to generate hard currency for the regime,” he said. “So far, it’s worked as well or better as drugs, counterfeiting, smuggling – all their usual tricks.”
A U.S. Defense Department report last year concluded that North Korea “views cyber as a cost-effective, asymmetric, deniable tool that it can employ with little risk from reprisal attacks, in part because its networks are largely separated from the Internet.”
If sanctions and Justice Department charges aren’t enough to dissuade North Korea from massive cyberattacks, it’s unclear what would be enough to deter them.