The Ministry of Justice charges North Korea's WannaCry, Sony's hacking

The Ministry of Justice has accused a North Korean computer programmer of major cybercrimes over the last four years, including the WannaCry ransomware attack and the piracy of Sony Pictures.

The DOJ said on Thursday that it blamed Jin Hyok Park, a North Korean computer programmer, for plotting to commit fraud and computer abuse and a conspiracy charge to commit computer fraud. The charges are related to a massive attack against Sony in 2014, the theft of $ 81 million from Bangladesh Bank in 2016 and the attack of WannaCry ransomware in 2017 that drew thousands of computers to hospitals, universities and banks around the world.

Sony's attack was linked to the film The Interview, with Seth Rogen and James Franco, a comedy that depicts an assassination attempt against North Korean leader Kim Jong-Un.

In retaliation, the North Koreans fired one of the most damaging blows on an American company, disclosing thousands of emails between Sony executives, including personal information about employees and celebrities. The attack also paralyzed the company's IT infrastructure.

The WannaCry attack has blocked more than 300,000 computers in 150 countries, demanding that victims pay ransom or risk losing access to their devices forever.

Park is not the only person accused in these attacks, but he is the only person named in the criminal complaint. Department of Justice officials said Park did not act alone and the investigation was still ongoing.

Park was working for the North Korean government, the investigators said.

"This is one of the longest and most complex computer investigations the department has ever conducted," said John Demers, Deputy Attorney General for National Security, on Thursday.

The charges are the first US case against a North Korean, as the country continues to reinforce its cyber-attack capabilities. Over the years, North Korea has created a powerful hacker army called Lazarus Group.

Dmitry Alperovich, co-founder of the cybersecurity firm Crowdstrike, has described North Korea as "one of the most aggressive players in the nation-state."

The United States is often a major target of nation-state hackers, and the Justice Department has also investigated and accused suspected pirates of Russia, China and Iran.

According to the criminal complaint filed against Park, he was working in Dalian, China, for a screen company called Korea Expo Joint Ventures, controlled by North Korea and intended to generate revenue for the country's hacking organization.

Shortly before hacking against Sony, Park returned to North Korea and began launching attacks against the company, according to the complaint. Using a network of aliases and e-mail addresses, Park flooded the inboxes of Sony Pictures, AMC Theaters and Mammoth Screen to try to interfere in their networks.

According to the Ministry of Justice, he used these same e-mail addresses to recover the $ 81 million from the Bangladesh bank. He also used these pseudonyms to attack Lockheed Martin, a military contractor who works with the US and South Korean governments.

Justice officials also found that Park would have used the same malware for attacks against both the Bangladesh bank and Sony.

"The actions of this group are particularly blatant as they have targeted public and private industries around the world – stealing millions of dollars, threatening to suppress freedom of expression and crippling hospital systems," said the FBI director, Christopher Wray.

According to other documents, Park has helped, along with other North Korean hackers, to create WannaCry ransomware, as well as two other versions of this software, which have continued to spread. Investigators found evidence in e-mail exchanges linking the ransomware to Park and other North Korean hackers.

The three versions of WannaCry have a similar coding, indicating that they had the same creator, according to the criminal complaint.

Although it is extremely unlikely that a North Korean is extradited to the United States, the Department of Justice has used its "name and shame" strategy for hackers from several nation-states .

"Their attacks have cost tens of millions of dollars to organizations around the world," Alperovitch said. "One of the most important steps to achieve effective cyber deterrence is the attribution of these attacks and the accountability of the perpetrators, as we witnessed today during the year. announcement from the US Department of Justice. "

If he is found guilty, Park will be punishable by 25 years in prison. For MP Adam Schiff, a California Democrat, the important thing is not to sue and condemn Park. By calling North Korea and Park with the indictment, US officials hold hackers from nation-states responsible for its attacks, Schiff said in an interview.

"There is less to say that we are really going to get them to court and face the music, rather it is to let these countries know that we have very good abilities to find out who is doing it. what against us ". .

The Treasury Department has launched a series of sanctions against Park and the Korea Expo Joint Expo, the company he claims to be working for.

"We will not allow North Korea to undermine global cybersecurity to advance its interests and generate illicit revenues in violation of our sanctions," said Treasury Secretary Steven Mnuchin.

Senator Mark Warner, a Democrat from Virginia, said Thursday's indictment is "an important step to make our opponents understand that this type of criminal activity is unacceptable."

Steve Rodhouse, chief executive of the UK's National Crime Agency, said the WannaCry attack "has highlighted that cybercrime not only affects the prosperity and security of the country, but also affects our mode of daily life ".

Ian Sherr from CNET contributed to this story.

First published on September 6th at 8:14 am
Updated at 10 AM PT: Include details of the indictment of the Ministry of Justice, at 10:11 am PT: with details from the Treasury Department, to 10:20 PT: with FBI remarks, at 13:08 PT: with comments from Rep. Schiff.

I got you: How Microsoft spotted another Russian hacking attempt

You too: US Targets 10 Iranians on University Cyber ​​Attacks, HBO hack