On Thursday, the Department of Justice took the unprecedented step of charging a hacker allegedly working for the North Korean state. This programmer, called Park Jin Hyok, worked on the powerful WannaCry ransomware, was involved in the digital heist of tens of millions of dollars from a Bangladeshi bank in 2016, and the hack of Sony Pictures in 2014, according to the DOJ.
The move is the latest charge from the United States against a hacker working for a nation state, but the first time it has charged someone hacking for North Korea specifically. The charges come just after North Korean leader Kim Jong Un said he has “unwavering trust” in reigniting denuclearization talks with President Trump.
A senior DOJ official said on a conference call with reporters that Hyok worked in China for a front company called Korean Expo Joint Venture. This company is tasked with generating revenue for North Korean military intelligence, the official said.
Hyok is charged with extortion, wire fraud, and various hacking crimes, the official said. The hacker also allegedly targeted Lockheed Martin. As well as those historical crimes, the complaint alleges hacking throughout 2018, the official said. Sanctions will be announced against the programmer and the front company they worked for, the DOJ said.
In 2014, hackers calling themselves ‘The Guardians of Peace’ targeted entertainment giant Sony, stole a wealth of internal documents and emails, and dumped them publicly online for anyone to download. Industry and law enforcement investigators confidently linked the hack to North Korea shortly after, and the attack was ostensibly in response to Sony’s film The Interview, which mocked North Korea’s ruler. A DOJ official said North Korea also sent phishing emails to AMC Theatres and UK production company Mammoth Screen around this time. Hyok travelled from China to North Korea shortly before the Sony hack, the official added.
Then in 2016, North Korean hackers allegedly breached a Bangladeshi bank and stole over $80 million. Last year, a huge ransomware attack spread across the world locking computers, and especially impacted the UK’s National Health Service.
The charges act as a stark reminder of the wide collection of different types of hacking activity North Korea conducts internationally.
“I would classify them as a full spectrum actor,” John Hultquist, director of intelligence analysis at cybersecurity firm FireEye, told Motherboard in a phone call. “Possibly more than any other state, they are probably making the greatest use of this capability.” North Korean hackers are involved in reconnaissance against US critical infrastructure, cyber espionage, and destructive attacks too.
But what really separates North Korea’s hacking operations from other nation states is how the country uses this capability to fund itself, Hultquist said. North Korean hackers have targeted banks and cryptocurrency exchanges around the world stealing massive fortunes, some of which may go right into furthering the country’s nuclear program.
“They’re really the only ones doing that,” Hultquist said.
It can be hard to gauge the impact of indictments against state-backed hackers. But these charges will certainly make it hard for these hackers to ever leave the country they’re operating out of, Hultquist said. (Intrusion Truth, a group that has taken to naming-and-shaming Chinese state-linked hackers, previously told Motherboard making travel harder was one of their goals).
“It is establishing some consequence, and that’s a first step,” he added. A lack of charges may teach other nations they can get away with this sort of hacking activity; on the flip side, an indictment shows, to some degree, that the US will not ignore nation state hacking campaigns.
The investigation remains ongoing, the DOJ official said.