North Korean suspect charged over Sony and Wannacry cyber attacks
The programmer has been identified as Park Jin Hyok.
The US justice department has charged a computer programmer working on behalf of the North Korean government with the hacking of Sony Pictures Entertainment in 2014.
The programmer, identified as Park Jin Hyok, was also charged over the massive Wannacry ransomware attack last year and an 81 million dollar (£62 million) theft from a bank in Bangladesh.
Assistant US attorney general John Demers said it was one of the most complex cyber criminal investigations ever conducted by the department.
The US government, having previously said North Korea was responsible for the 2014 Sony Hack, believes he was working for a hacking organisation sponsored by the country.
The 2014 attack led to the release of a trove of sensitive personal information about Sony employees including Social Security numbers, financial records, salary information, as well as embarrassing emails among top executives.
It included four yet-to-be released Sony films, among them Annie and one that was in theatres, the Brad Pitt film Fury, and cost the company tens of millions of dollars.
The FBI had long suspected North Korea was also behind the last year’s WannaCry cyberattack, which used malware to scramble data at hospitals, factories, government agencies, banks and other businesses across the globe.
“This was one of the most complex and longest cyberinvestigations the department has taken,” said John Demers, assistant attorney general for national security.
US officials believe the Sony hack was retribution for “The Interview” a comedy film that starred Seth Rogen and James Franco and centred on a plot to assassinate North Korea’s leader, Kim Jong Un.
Sony cancelled the theatrical release of the film amid threats to moviegoers but released it online through YouTube and other sites.
A Sony spokeswoman declined to comment and attempts to reach the alleged hacker were unsuccessful.
Among the emails released in the hack was an exchange between Amy Pascal, then co-chairman of the studio, and “The Social Network” producer Scott Rudin where they joked about what might be then-President Barack Obama’s favourite movies, listing “12 Years a Slave” and films by black comedian Kevin Hart.
The pair apologised with Ms Pascal leaving her job months later.
In addition to targeting Sony, hackers sent spear-phishing emails to employees at AMC Theaters, which had planned to screen the movie, and to a British company producing a fictional television series about a scientist taken prisoner in North Korea, authorities said.
The hackers used the same aliases and accounts from the Sony attack when they sent spear-phishing emails to several US defence contractors, including Lockheed Martin, and others in South Korea, officials said.
The criminal complaint alleges the hackers committed several attacks from 2014 until 2018. The investigation is continuing.
Cybersecurity experts have said portions of the WannaCry programme used the same code as malware previously distributed by the hacker collective known as the Lazarus Group, which is believed to be responsible for the Sony hack.
The indictment said Park was on a team of programmers employed an organisation called Chosun Expo that operated out of Dalian, China, and the FBI described as “a government front company”.
A North Korea-registered website bearing that company’s name described Chosun Expo as the country’s “first internet company”, saying it was established in 2002 and employed 20 young graduates from institutions including Kim Il Sung University, Kimcheon Industrial University and Pyongyang Art University.
A 2015 version of the company’s website said it focused on gaming, gambling, e-payments and image recognition software.
It looked in many ways like a typical tech company, boasting of its “pioneering” IT talent and customer satisfaction.
By July 2016 internet archival records show the company dropped the reference to North Korea from its home page.
Some time later, the site vanished from the web.
Emails sent to Chosun Expo’s generic email address and to the website’s original registrant, whose name was given as Won Sun Chol, went unreturned.
It is the first time the Justice Department has brought criminal charges against a hacker said to be from North Korea.
In recent years the department has charged hackers from China, Iran and Russia in hopes of publicly shaming other countries for sponsoring cyber attacks on US corporations.
In 2014 the Obama administration charged five Chinese military hackers with a series of digital break-ins at American companies and last year the Justice Department charged Russian hackers with an intrusion at Yahoo Inc.
The Treasury Department also added Park Jin Hyok’s name to their sanction list, which prohibits banks that do business in the US from providing accounts to him or Chosun Expo.
It is unlikely he will be extradited because the US has no formal relations with North Korea and the North Korean government was not notified about the charges.