U.S. charges N. Korean over cyber attacks

September 6, 2018

The United States on Thursday charged a North Korean individual over his alleged cyber attacks on Sony Pictures and other entities since 2014.

The Department of Justice brought criminal charges against computer programmer Park Jin-hyok as the Department of the Treasury announced sanctions on the same individual.

It is the first time the U.S. has charged a North Korean hacker, U.S. media reported.

He is charged with one count of conspiracy to commit computer fraud and abuse and one count of conspiracy to commit wire fraud, the Justice Department said in a statement. The charges carry a maximum sentence of five years in prison, and 20 years in prison, respectively.

Assistant Attorney General for National Security John Demers called the alleged crimes “staggering” and “offensive to all who respect the rule of law and the cyber norms accepted by responsible nations.”

According to the criminal complaint, he said, the North Korean government used a state-sponsored group to rob a central bank and citizens of other nations, retaliated against free speech “in order to chill it half a world away,” and by way of malware caused hundreds of millions, if not billions, of dollars’ worth of damage to victims in more than 150 countries.

The cyber attack on Sony Pictures came after the production of the movie, “The Interview,” which depicted an assassination plot against North Korean leader Kim Jong-un.

The WannaCry incident affected hundreds of thousands of computers around the world, and especially disrupted Britain’s National Health Service.

The complaint also linked Park’s group to malicious emails sent in 2016 and 2017 to U.S. defense contractors, including Lockheed Martin. Some of the messages contained references to the U.S. Terminal High Altitude Area Defense missile defense system, whose deployment to South Korea was a source of major controversy.

The Justice Department said attempts to infiltrate the computer systems of Lockheed Martin, the main contractor for the THAAD system, were not successful.

Park was identified as a member of the hacking team security researchers have labeled “Lazarus Group.”

The Treasury said in a statement that the 34-year-old worked on behalf of the North Korean government or the ruling Workers’ Party of Korea as an employee of the Chosun Expo Joint Venture.

The department sanctioned the agency also, saying all property and interests of both Chosun Expo and Park within the U.S. or in possession of U.S. citizens must be frozen.

Americans are also generally banned from dealing with them.

“We will not allow North Korea to undermine global cybersecurity to advance its interests and generate illicit revenues in violation of our sanctions,” Treasury Secretary Steven Mnuchin said in the statement. “The United States is committed to holding the regime accountable for its cyber-attacks and other crimes and destabilizing activities.”

The Treasury further added that North Korea has “demonstrated a pattern of disruptive and harmful cyber activity that is inconsistent with the growing consensus on what constitutes responsible state behavior in cyberspace.”

“Our policy is to hold North Korea accountable and demonstrate to the regime that there is a cost to its provocative and irresponsible actions,” it said.

The new actions come amid ongoing diplomatic efforts to dismantle North Korea’s nuclear weapons program.

David Maxwell, who specializes in North Korea’s nuclear and cyber threats at the Foundation for Defense of Democracies, said they are “a critically important development.”

“Nuclear weapons are so 20th Century. Cyber is the 21st Century,” he said. “This supports continued maximum pressure on North Korea, as cyber activities help the regime generate revenue through other means that have been stopped because of sanctions.”