The U.S. Justice Department on Thursday unveiled charges against a North Korean spy for the hacking of Sony Pictures Entertainment in 2014, as well as the global Wannacry ransomware attack that crippled the U.K. National Health Service last year and the theft of $81 million from Bangladesh’s central bank in 2016.
The department identified the spy as Park Jin Hyok, a computer programmer working for North Korea’s military intelligence service. Park is charged with one count of conspiracy to commit computer fraud and abuse and one count of conspiracy to commit wire fraud. The first charge carries a maximum sentence of five years in prison, and the second a maximum of 20 years in prison.
Striking hundreds of thousands of computers around the world and causing serious damage at entertainment companies, hospitals and defense contractors over several years, the scope of the cyberassaults carried out by Park and his fellow North Korean hackers “is virtually unparalleled,” federal investigators said in a criminal complaint filed in Los Angeles.
Park operated out of a front company, Chosun Expo Joint Venture, also known as K.E.J.V., that generated income for a North Korean hacking unit, authorities said. He was sent to Dalian in China, near the North Korean border, before returning to the North shortly before the Sony attack in 2014.
The Treasury Department on Thursday also sanctioned Park as well as the alleged front company.
The U.S. government had previously blamed North Korea for the cyberattack on Sony, which erased a vast amount of data, divulged confidential emails and forced the company offline until it could rebuild its computer network.
The elaborate attack was seen as retaliation for Sony’s production of the 2014 film “The Interview,” a comedy starring Seth Rogen and James Franco that ridiculed the North Korean dictator Kim Jong Un and portrayed an assassination plot.
Sony canceled the release of the film amid threats to moviegoers.
Park is also accused of targeting the movie chain AMC, which was scheduled to release and show “The Interview” at its theaters.
Although the attacks at Sony and elsewhere occurred months or years apart and struck a range of targets, authorities found a trail of connections and similar signatures linking back to Park and the North Korean regime. The hackers often used the same computers, digital devices, overlapping email or social media accounts, the same aliases, malware and the same IP addresses and proxy services, the FBI said.
Apart from the Sony attack, authorities charged Park with helping orchestrate an unprecedented cyberheist, which attempted to steal up to one billion dollars. In the end, the hackers succeeded in penetrating the computer network of Bangladesh’s central bank, seizing $81 million dollars.
The criminal complaint also outlined Park’s role in the WannaCry 2.0 ransomware attack in 2017 that struck computers in more than 150 countries, temporarily crippling the computer system of Britain’s public health care service. At the time, National Health Service staff had to delay operations and appointments while doctors used pen and paper until the computer network was restored. The malicious software also hit Germany’s railways and Russia’s interior ministry.
The Justice Department in recent years has charged hackers from China, Iran and Russia in hopes of publicly shaming other countries for sponsoring cyberattacks on U.S. corporations.
In 2014, for instance, the Obama administration charged five Chinese military hackers with a series of digital break-ins at American companies. Last year, the Justice Department charged Russian hackers with an intrusion at Yahoo.
Assistant Attorney General John Demers said Thursday that the Park case was one of the most complex cybercriminal investigations ever conducted by the department and shows that the United States will not shy away from charging state-sponsored hackers.
He called North Korea one of America’s four “principal adversaries in cyberspace,” along with Russia, China and Iran.
It’s highly unlikely Park will be tried in a U.S. court. The United States has no formal diplomatic relations with North Korea, and federal authorities have had no communication with the regime about the case.
The charges come at a sensitive time for relations between the U.S. and North Korea. President Donald Trump met with North Korean leader Kim Jong Un in June for a historic summit, after which Trump claimed that there was "no longer a Nuclear Threat." The two countries have since traded tough words over plans to denuclearize, and Pyongyang has yet to take concrete steps to dismantle its nuclear and missile arsenal — or to open its doors to international inspectors.
U.S. officials sidestepped questions as to why they chose to publicly unveil the charges on Thursday and whether the timing had been influenced by the president’s June summit with the North Korean leader. A criminal complaint for Park was filed in secret on June 8, four days before Trump met Kim.
Kim and Trump, however, appear to remain on good terms. Kim on Thursday appeared to praise Trump and said he was still optimistic for negotiations despite diplomatic setbacks.
In response, Trump tweeted his thanks and said the two of them "will get it done together!"